With understanding of secure Internet connections limited to SSL, I'm doubtful about the security of GlassFish Admin console. Normal secure HTTP connections use https://domain/ URLs but in GlassFish http://domain:4848/ is used to login to Admin console. Is there some kind of encryption going on between the browser and the server when using that administration port, or does all that communication go unsecurely, naked to possible hackers?
了解仅限于SSL的安全Internet连接,我对GlassFish管理控制台的安全性表示怀疑。正常的安全HTTP连接使用https://域/ URL,但在GlassFish http:// domain:4848 /用于登录管理控制台。在使用该管理端口时,浏览器和服务器之间是否存在某种加密,或者所有这些通信都是不安全的,裸体可能是黑客?
GlassFish documentation guide how to use the Admin console but I haven't found any mention about this security concern.
GlassFish文档指南如何使用管理控制台,但我没有发现有关此安全问题的任何提及。
5 个解决方案
#1
SSL can be enabled for Admin console inside Admin console -> Configurations -> HTTP Service -> HTTP Listeners -> admin-listener (responsible for listening for 4848 port)
可以在管理控制台 - >配置 - > HTTP服务 - > HTTP侦听器 - >管理员监听器(负责监听4848端口)内为管理控制台启用SSL
There is a secure checkbox option that is not enabled by default. After enabling it Admin console will force the use of SSL. For example http:/domain:4848/ redirects to https://domain:4848/
有一个安全复选框选项,默认情况下未启用。启用后,管理控制台将强制使用SSL。例如http:/ domain:4848 /重定向到https://域:4848 /
..not entirely sure if just checkin secure option for admin-listener did the trick, as saving the change the console froze. After that I also changed AS_ADMIN_SECURE=true in GlassFish's config/asadminenv.conf.
..不完全确定如果只是checkin安全选项为admin-listener做了伎俩,因为保存控制台冻结的更改。之后我还在GlassFish的config / asadminenv.conf中更改了AS_ADMIN_SECURE = true。
#2
I don't know if this is a Glassfish v3.1 only feature but you can turn on SSL on console admin by running the following command
我不知道这是否只是Glassfish v3.1功能,但您可以通过运行以下命令在控制台管理员上打开SSL
asadmin enable-secure-admin
As it's described here http://blogs.oracle.com/quinn/entry/securing_adminstration_in_glassfish_server1
正如它在这里描述的那样http://blogs.oracle.com/quinn/entry/securing_adminstration_in_glassfish_server1
#3
If you have an install script in order to be able to install your development/production environment reliably again and again, you might want to set the corresponding glassfish property at that script using this line:
如果您有一个安装脚本,以便能够一次又一次可靠地安装您的开发/生产环境,您可能希望使用以下行在该脚本上设置相应的glassfish属性:
asadmin set --port 4848 --user admin --passwordfile password-file.txt server.http-service.http-listener.admin-listener.security-enabled=true
#4
"checkin secure option for admin-listener" is working after I restart the server.
重新启动服务器后,“check-secure选项为admin-listener”正在运行。
#5
If it used SSL, you would access it as https://domain:4848/
如果它使用SSL,您可以将其作为https:// domain:4848 /访问
You can see more information by choosing "Page info" from your browser's menu. If you have accessed the page through an https URL, you should see a small lock icon somewhere on the browser window, and that icon should be clickable.
您可以通过浏览器菜单中的“页面信息”查看更多信息。如果您通过https URL访问了该页面,则应在浏览器窗口的某处看到一个小锁图标,该图标应该是可点击的。
#1
SSL can be enabled for Admin console inside Admin console -> Configurations -> HTTP Service -> HTTP Listeners -> admin-listener (responsible for listening for 4848 port)
可以在管理控制台 - >配置 - > HTTP服务 - > HTTP侦听器 - >管理员监听器(负责监听4848端口)内为管理控制台启用SSL
There is a secure checkbox option that is not enabled by default. After enabling it Admin console will force the use of SSL. For example http:/domain:4848/ redirects to https://domain:4848/
有一个安全复选框选项,默认情况下未启用。启用后,管理控制台将强制使用SSL。例如http:/ domain:4848 /重定向到https://域:4848 /
..not entirely sure if just checkin secure option for admin-listener did the trick, as saving the change the console froze. After that I also changed AS_ADMIN_SECURE=true in GlassFish's config/asadminenv.conf.
..不完全确定如果只是checkin安全选项为admin-listener做了伎俩,因为保存控制台冻结的更改。之后我还在GlassFish的config / asadminenv.conf中更改了AS_ADMIN_SECURE = true。
#2
I don't know if this is a Glassfish v3.1 only feature but you can turn on SSL on console admin by running the following command
我不知道这是否只是Glassfish v3.1功能,但您可以通过运行以下命令在控制台管理员上打开SSL
asadmin enable-secure-admin
As it's described here http://blogs.oracle.com/quinn/entry/securing_adminstration_in_glassfish_server1
正如它在这里描述的那样http://blogs.oracle.com/quinn/entry/securing_adminstration_in_glassfish_server1
#3
If you have an install script in order to be able to install your development/production environment reliably again and again, you might want to set the corresponding glassfish property at that script using this line:
如果您有一个安装脚本,以便能够一次又一次可靠地安装您的开发/生产环境,您可能希望使用以下行在该脚本上设置相应的glassfish属性:
asadmin set --port 4848 --user admin --passwordfile password-file.txt server.http-service.http-listener.admin-listener.security-enabled=true
#4
"checkin secure option for admin-listener" is working after I restart the server.
重新启动服务器后,“check-secure选项为admin-listener”正在运行。
#5
If it used SSL, you would access it as https://domain:4848/
如果它使用SSL,您可以将其作为https:// domain:4848 /访问
You can see more information by choosing "Page info" from your browser's menu. If you have accessed the page through an https URL, you should see a small lock icon somewhere on the browser window, and that icon should be clickable.
您可以通过浏览器菜单中的“页面信息”查看更多信息。如果您通过https URL访问了该页面,则应在浏览器窗口的某处看到一个小锁图标,该图标应该是可点击的。