Lesson 5 (Glassfish Security)

Question 1

What is the default-config in Glassfish? (glassfish admin)

Answer 1

Template config, which you can copy to create server configs.

Question 2

What is a server-config in Glassfish? (glassfish admin)

Answer 2

Server configs are configurations that are used for the server.

Question 3

What are http listeners?

Answer 3

For each server you can define HTTP listeners.

Question 4

What can you do with http listeners?

Answer 4

Define security settings, port numbers etc.

Question 5

What is a glassfish realm? (3)

Answer 5

A security policy domain.

Question 6

What can glassfish realms do with user certificates?

Answer 6

A file with certificates of authenticated users

Question 7

What is a glassfish filerealm?

Answer 7

An encrypted file with usernames and passwords (fileRealm)

Question 8

What is a glassfish jdbc (database) realm?

Answer 8

database with usernames and passwords (jdbcRealm)

Question 9

How can a web app be secured based on groups and roles?

Answer 9

Based on the glassfish groups/roles, mapped in the glassfish-web.xml per application.

Question 10

How can glassfish ssl be enabled?

Answer 10

By enabling SSL in a http listener. Cipher suites can be added. The server certificates are always added in the keystore file (keystore.jks)

Question 11

How can certificates be added to the glassfish keystore?

Answer 11

Through the command line tool (keytool) from jks you can add or change certificates in the keystore.jks file. (bin directory)

Question 12

How does the server validate certificates?

Answer 12

It contains the cacerts file, that holds the CA-certificates.

Question 13

Sample of role mapping in glassfish-web.xml

Answer 13

> security-role-mapping>
>role-name>expert >role-name>
>group-name>group1 >group-name>
security-role-mapping>