Tools for managing security – Sun Microsystems GLASSFISH ENTERPRISE 820433510 User Manual
Page 98
■
In declarative security, the container (the Enterprise Server) handles security through an
application's deployment descriptors. You can control declarative security by editing
deployment descriptors directly or with a tool such as deploytool. Because deployment
descriptors can change after an application is developed, declarative security allows for
more flexibility.
In addition to application security, there is also system security, which affects all the applications
on an Enterprise Server system.
Programmatic security is controlled by the application developer, so this document does not
discuss it; declarative security is somewhat less so, and this document touches on it
occasionally. This document is intended primarily for system administrators, and so focuses on
system security.
Tools for Managing Security
The Enterprise Server provides the following tools for managing security:
■
Admin Console, a browser-based tool used to configure security for the entire server, to
manage users, groups, and realms, and to perform other system-wide security tasks. For a
general introduction to the Admin Console, see
“Tools for Administration” on page 24
. For
an overview of the security tasks consult the Admin Console online help.
■
asadmin
, a command-line tool that performs many of the same tasks as the Admin Console.
You may be able to do some things with asadmin that you cannot do with Admin Console.
You perform asadmin commands from either a command prompt or from a script, to
automate repetitive tasks. For a general introduction to asadmin, see
The Java Platform, Standard Edition (Java SE) provides two tools for managing security:
■
keytool
, a command-line utility for managing digital certificates and key pairs. Use
keytool
to manage users in the certificate realm.
■
policytool
, a graphical utility for managing system-wide Java security policies. As an
administrator, you will rarely need to use policytool.
For more information on using keytool, policytool, and other Java security tools, see JDK
Tools and Utilities at
In the Enterprise Profile, two other tools that implement Network Security Services (NSS) are
available for managing security. For more information on NSS, go to
The tools for managing security
include the following:
■
certutil
, a command-line utility for managing certificates and key databases.
■
pk12util
, a command-line utility used to import and export keys and certificates between
the certificate/key databases and files in PKCS12 format.
Tools for Managing Security
Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008
98