Asadmin with Remote GlassFish

I’ve faced issue while
working with Amazon EC2, I’m starting to appreciate how useful theGlassFish asadmin tool is with a
remote system. Here are some steps to get GlassFish set up for secure, remote
access.

Step 1: Setup

After starting up a remote machine, copy the GlassFish zip file there and unzip
it. At this point, I only have the standard ssh and http ports open in my firewall
(“security group” on Amazon EC2). If you start with port 4848 open,
then someone could access the server through the admin console in a browser
before you’ve had a chance to change the password or admin username.

Step 2: Secure admin

With GlassFish installed, start the server, then change the admin user’s
password and enable secure administration. Without secure administration on,
remote systems cannot talk to the server at all. Here are the commands to run
locally from your ssh session:

·
asadmin start-domain

·
asadmin
change-admin-password

After changing the
admin password, you may want to run asadmin
login as well to avoid
having to specify the password again and again. This will only affect local
access to the server (e.g. your environment while ssh’ed into the remote
machine). Next:

·
asadmin
enable-secure-admin

·
asadmin restart-domain

For more information
on secure admin, see Tim Quinn’s blog on
the subject.

Step 3: Enable access

You can now open port 4848 in the security group/firewall so that your local
asadmin client can talk to the remote server. If you want to remove the ‘admin’
user and create an administrative user with a different name, you can now reach
the admin console at port 4848 in a browser:

1.
Log in as ‘admin’
user.

2.
In the left-hand
panel, open Configurations, server-config, Security, Realms, admin-realm.

3.
Click Manage
Users on the right and create the new user in the asadmin group.

4.
Log out as ‘admin’
then log in as your new user to delete the ‘admin’ user.

If you change the
admin user, use the new user name in place of ‘admin’ below.

Step 4: Set up local
access

With secure administration turned on, you can now access the remote machine
like this (note that the port argument is only needed if you have changed the
admin port):

ip-sec> asadmin
–host <hostname> –user admin –port 4848 –secure list-applications
Enter admin password for user “admin”>
Nothing to list.
Command list-applications executed successfully.

Of course, you may not
want to specify the command line options over and over and supply the password
manually each time. You can specify these environment variables instead:

·
AS_ADMIN_HOST

·
AS_ADMIN_PORT

·
AS_ADMIN_SECURE (set to “true” without the
quotes)

·
AS_ADMIN_USER

·
AS_ADMIN_PASSWORDFILE

The last one should be
set to the path of a file with these contents:

AS_ADMIN_PASSWORD=<your
password>

Now you can access
your remote server with simple asadmin commands with no other parameters:

ip-sec}> asadmin
list-applications
Nothing to list.
Command list-applications executed successfully.

Note: if you want to
see all the parameters that are being used in the asadmin command, you can use
the –echo option to have them printed:

Doyensys

A technology service company that provides innovative solutions around the oracle platform With Laser focus on customer delight as the primary success parameter.