Skip to main content

Administration Console not protected

No replies
Anonymous

I am new to glassfish, and I have to maintain the glassfisch application server. The Glassfisch administration console is not protected and can be accessed from any computer.

* How can secure the administration console with a username and password?

* How can I use the admin-relam to enforce login?

* How can the Administration Console be restricted to localhost?

Thanks for you help

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
tjquinn
Offline
Joined: 2005-03-30

On Nov 6, 2012, at 8:57 AM, Halbani, Avi (Avi Chalbani DWH) wrote:

> I am new to glassfish, and I have to maintain the glassfisch application server. The Glassfisch administration console is not protected and can be accessed from any computer.
This should be true only for somewhat older releases of GlassFish.

What release are you using?

Recent releases allow access only from the same system by default.

Anissa's blog here

https://blogs.oracle.com/anilam/entry/glassfish_3_1_2_admin

mentions how to set up secure remote access using the console. From the command line you can accomplish the same thing this way: Run

asadmin change-admin-password

and respond to the command prompts. The documented default admin username is "admin" and the initial password is the empty string. Change the password to some non-empty value.

Then run

asadmin enable-secure-admin

and then restart the server

asadmin restart-domain

Now you can access the console remotely, but only by providing a valid admin user and password.

- Tim

> · How can secure the administration console with a username and password?
> · How can I use the admin-relam to enforce login?
> · How can the Administration Console be restricted to localhost?
>
> Thanks for you help