Wednesday, December 25, 2013

Securing Glassfish 3 admin console

In this post I am going to describe how to secure your Glassfish 3 server admin console. By default Glassfish 3 admin console came with "adminusername and empty password.

When you publish a web service for example you will provide the required link for the wsdl like the following form:

http:// {your-hoost:port-number}/YourExampleService/YourExample?wsdl


To secure your admin console:

1. Open the admin console, no password required till this point.
2. in the life panel, click on Domain, choose Administrator Password tab, and fill in the new password and confirm it.
3. Choose save to save your new password.
4. After this point, you need to provide your credentials to login to the administrator password.


Masking the web server home Page
Now, suppose that the user of your wsdl provide the following address in a browser:

http:// {your-hoost:port-number}


The Glassfish home page will open with the full details of your current hosting server, to prevent this, do the following:

1. navigate to your server domain folder, and choose your working domain
2. inside docroot folder, you will find the home page; index.html.. Modify this page as for your preferences.