Sun Microsystems 820433510 Server User Manual


 
In declarative security, the container (the Enterprise Server) handles security through an
application's deployment descriptors. You can control declarative security by editing
deployment descriptors directly or with a tool such as deploytool. Because deployment
descriptors can change after an application is developed, declarative security allows for
more exibility.
In addition to application security, there is also system security, which aects all the applications
on an Enterprise Server system.
Programmatic security is controlled by the application developer, so this document does not
discuss it; declarative security is somewhat less so, and this document touches on it
occasionally. This document is intended primarily for system administrators, and so focuses on
system security.
Tools for Managing Security
The Enterprise Server provides the following tools for managing security:
Admin Console, a browser-based tool used to congure security for the entire server, to
manage users, groups, and realms, and to perform other system-wide security tasks. For a
general introduction to the Admin Console, see
“Tools for Administration” on page 24.For
an overview of the security tasks consult the Admin Console online help.
asadmin, a command-line tool that performs many of the same tasks as the Admin Console.
You may be able to do some things with asadmin that you cannot do with Admin Console.
You perform asadmin commands from either a command prompt or from a script, to
automate repetitive tasks. For a general introduction to asadmin, see
“Tools for
Administration” on page 24
.
The Java Platform, Standard Edition (Java SE) provides two tools for managing security:
keytool, a command-line utility for managing digital certicates and key pairs. Use
keytool to manage users in the certificate realm.
policytool, a graphical utility for managing system-wide Java security policies. As an
administrator, you will rarely need to use policytool.
For more information on using keytool , policytool, and other Java security tools, see JDK
Tools and Utilities at
http://java.sun.com/j2se/1.5.0/docs/tooldocs/#security .
In the Enterprise Prole, two other tools that implement Network Security Services (NSS) are
available for managing security. For more information on NSS, go to
http://www.mozilla.org/projects/security/pki/nss/. The tools for managing security
include the following:
certutil, a command-line utility for managing certicates and key databases.
pk12util, a command-line utility used to import and export keys and certicates between
the certicate/key databases and les in PKCS12 format.
ToolsforManagingSecurity
SunGlassFishEnterpriseServer2.1AdministrationGuide • December200898