GlassFish Security Book Which Covers GlassFish v3 security, Java EE 6 security, and OpenSSO has just been published.

The Book in Details:

Security was, is, and will be one of the most important aspects of Enterprise Applications and one of the most challenging areas for architects, developers, and administrators. It is mandatory for Java EE application developers to secure their enterprise applications using Glassfish security features.

Learn to secure Java EE artifacts (like Servlets and EJB methods), configure and use GlassFish JAAS modules, and establish environment and network security using this practical guide filled with examples. One of the things you will love about this book is that it covers the advantages of protecting application servers and web service providers using OpenSSO.

The book starts by introducing Java EE security in Web, EJB, and Application Client modules. Then it introduces the Security Realms provided in GlassFish, which developers and administrators can use to complete the authentication and authorization setup. In the next step, we develop a completely secure Java EE application with Web, EJB, and Application Client modules.

The next part includes a detailed and practical guide to setting up, configuring, and extending GlassFish security. This part covers everything an administrator needs to know about GlassFish security, starting from installation and operating environment security, listeners and password security, through policy enforcement, to auditing and developing new auditing modules.

Before starting the third major part of the book, we have a chapter on OpenDS discussing how to install, and administrate OpenDS. The chapter covers importing and exporting data, setting up replications, backup and recovery and finally developing LDAP based solutions using OpenDS and Java.

Finally the third part starts by introducing OpenSSO and continues with guiding you through OpenSSO features, installation, configuration and how you can use it to secure Java EE applications in general and web services in particular.

Inspired from real development cases, this practical guide shows you how to secure a GlassFish installation and how to develop applications with secure authentication based on GlassFish, Java EE, and OpenSSO capabilities.

What you will learn from this book :

  • Develop secure Java EE applications including Web, EJB, and Application client modules.
  • Reuse the security assets you have by learning GlassFish security realms in great details along with the sample for each realm.
  • Secure GlassFish installation including operating system security and JVM policy configuration.
  • Secure Java EE applications using OpenSSO and set up Single Sign-On (SSO) between multiple applications.
  • Secure web services using Java EE built-in features, OpenSSO and WS-Security.
  • Secure network listeners and passwords using GlassFish provided facilities.
  • Learn using OpenSSO services, SDKs, and agents to secure Java EE enterprise applications including Web Services.
  • Learn using OpenDS both as administrator and as an LDAP solution developer.
  • All command lines and more than 90% of the book content applies for both GlassFish 3.x and 2.x.

Approach

Security is driven by requirement and design and we implement security on the basis of the requirements provided by analysts. In this book, we take a programmatic approach to understand Java EE and GlassFish security.

You will find plenty of code samples in this book. It is easy to secure your application when you have a demonstration of a complete and working application explained in the book, isn’t it? Each chapter starts with the importance and relevance of the topic by introducing some Java EE applications requirement, which will encourage you to read it further.

Who this book is written for

This book is for application designers, developers and administrators who work with GlassFish and are keen to understand Java EE and GlassFish security.

To take full advantage of this book, you need to be familiar with Java EE and GlassFish application servers. You will love this book if you are looking for a book that covers Java EE security and using GlassFish features to create secure Java EE applications, or to secure the GlassFish installation and operating environment and using OpenSSO.

var gaJsHost

Experimenting replication and failover recovery (High Availability) with OpenDS 1.3 Build 1

If you do not know what OpenDS is, then you can simply learn about it by looking at its website located at http://www.opends.org But a brief description is: OpenDS is a high performance, feature rich and pure Java based, directory server which is under active development by Sun Microsystems.

Today I grabbed OpenDS 1.3 build 1 to see what is new and check its replication and fail-over recovery. You can grab a copy at https://www.opends.org/promoted-builds/latest/. First thing that I noticed is the new control panel which replaces the old likely status panel. You can see an screen-shot of the control panel right here.

 

Although the control panel has good set of features and functionalities and it is very good to have a built-in LDAP browser and management utility coming with the OpenDS but this control panel is not user friendly enough. I think we will see some changes for this control panel in new future. for example some better menu design, tab based content pane instead of opening new window,… To run the control-panel application you can run control-panel script either from bat or bin directory

figure01.jpeg

Down to business, I though I can test the replication and fail over recovery of OpenDS replication by some simple Java code and the new control panel application. To install OpenDS in an specific directory, extract the zip file in that directory and run setup script. I installed first instance of OpenDS server in /home/masoud/opends1.3/OpenDS-1.3.0-inst01. The installation process is quite simple, you just need to execute the setup script, it opens a GUI setup application which guide you through the installation. Following screenshots shows the installation process for first instance.

Welcome page:
figure02.jpeg
Server Setting page: I used admin as password
figure03.jpeg
Topology Options
figure04.jpeg
Directory Data
figure05.jpeg
Installation review page
figure06.jpeg
Installation finished
figure07.jpeg

Installation application will open the control-panel application, the control panel needs administration credentials to connect to the directory server. administration credentials are cn=Directory Manager as the bind DN and admin as password. (If you used anything else then you should use your own credentials)

Now we should install the second directory server instance, this instance will form a replication group with instance 02, I extracted the zip file into /home/masoud/opends1.3/OpenDS-1.3.0-inst02 and then execute the setup script to commence with the installation. Following screen shots shows the installation process:

Welcome page:
figure08.jpeg
Server Setting page: I used admin as password, as you can see port numbers are different because default ports are in use and setup application try to use new port numbers instead.
figure09.jpeg

Topology Options: Here we are adding this server instance to a replication topology which already has one member. We connect this instance to another instance in the topology by providing the setup application with host name, administration port and administration credentials of that server. In my case both instances are installed on the same machine.

figure10.jpeg

Global Administration: A administration credentials which can be used to manage the whole replication topology. I used admin/admin for username/password

figure11.jpeg

Data Replication: As we want to have a replica of our remote server we should select "Create local instance of existing base DNs and….", And we should select the Base DNs which we want to replication

figure12.jpeg

 

Review: review the installation and if you found anything wrong you can go back and fix it

figure13.jpeg

As both installation tasks are finished we have our replication topology installed, and configured.

So far, we should have two control-panel open. Each one of them can manage one of our installation and if it comes to data management, if we change data in one control-panel we can see the change in other control panel.

To test the replication configuration, in one of the control-panel applications, under the Directory Data tab, select manage entries and then delete some entries, now go to the other control-panel and you will those entries are gone. To make the test more understandable about fail-over recover, stop one server, delete some entries in other server, start the server which you have stopped and you should see that all deleted record are deleted in the new server as soon as it has been started.

Directory Data tab:
figure14.jpeg
Deleting some entries:
figure15.jpeg

We have a replication topology configured and working, what we can do with this topology from a Java application? The answer is simple: as we can not afford to see our client applications stopped working because a directory server machine is down or a router which route the clients to one of the server is not working and so on… we need to have our Java application uses any available server instead of depending on one server and then stop working when the server is down.

following sample code shows how we can use these two instances to prevent our client application stop working when one instance is down.


import java.util.Date;
import java.util.Hashtable;

import java.util.Timer;
import java.util.TimerTask;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;

public class Main {

    public static void main(String[] args) throws NamingException {

        final Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://192.168.1.100:2389 ldap://192.168.1.100:1389");
        env.put(Context.SECURITY_PRINCIPAL, "cn=Directory Manager");
        env.put(Context.SECURITY_CREDENTIALS, "admin");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        Timer t = new Timer();
        TimerTask ts = new TimerTask() {

            @Override
            public void run() {
                try {
                    InitialDirContext ctx = new InitialDirContext(env);
                    Attributes attrs = ctx.getAttributes("");
                    final NamingEnumeration enm = attrs.getAll();
                    System.out.println(enm.next());
                    ctx.close();
                } catch (NamingException ex) {
                    ex.printStackTrace();
                }
            }
        };