GlassFish Security Book Which Covers GlassFish v3 security, Java EE 6 security, and OpenSSO has just been published.

The Book in Details:

Security was, is, and will be one of the most important aspects of Enterprise Applications and one of the most challenging areas for architects, developers, and administrators. It is mandatory for Java EE application developers to secure their enterprise applications using Glassfish security features.

Learn to secure Java EE artifacts (like Servlets and EJB methods), configure and use GlassFish JAAS modules, and establish environment and network security using this practical guide filled with examples. One of the things you will love about this book is that it covers the advantages of protecting application servers and web service providers using OpenSSO.

The book starts by introducing Java EE security in Web, EJB, and Application Client modules. Then it introduces the Security Realms provided in GlassFish, which developers and administrators can use to complete the authentication and authorization setup. In the next step, we develop a completely secure Java EE application with Web, EJB, and Application Client modules.

The next part includes a detailed and practical guide to setting up, configuring, and extending GlassFish security. This part covers everything an administrator needs to know about GlassFish security, starting from installation and operating environment security, listeners and password security, through policy enforcement, to auditing and developing new auditing modules.

Before starting the third major part of the book, we have a chapter on OpenDS discussing how to install, and administrate OpenDS. The chapter covers importing and exporting data, setting up replications, backup and recovery and finally developing LDAP based solutions using OpenDS and Java.

Finally the third part starts by introducing OpenSSO and continues with guiding you through OpenSSO features, installation, configuration and how you can use it to secure Java EE applications in general and web services in particular.

Inspired from real development cases, this practical guide shows you how to secure a GlassFish installation and how to develop applications with secure authentication based on GlassFish, Java EE, and OpenSSO capabilities.

What you will learn from this book :

  • Develop secure Java EE applications including Web, EJB, and Application client modules.
  • Reuse the security assets you have by learning GlassFish security realms in great details along with the sample for each realm.
  • Secure GlassFish installation including operating system security and JVM policy configuration.
  • Secure Java EE applications using OpenSSO and set up Single Sign-On (SSO) between multiple applications.
  • Secure web services using Java EE built-in features, OpenSSO and WS-Security.
  • Secure network listeners and passwords using GlassFish provided facilities.
  • Learn using OpenSSO services, SDKs, and agents to secure Java EE enterprise applications including Web Services.
  • Learn using OpenDS both as administrator and as an LDAP solution developer.
  • All command lines and more than 90% of the book content applies for both GlassFish 3.x and 2.x.


Security is driven by requirement and design and we implement security on the basis of the requirements provided by analysts. In this book, we take a programmatic approach to understand Java EE and GlassFish security.

You will find plenty of code samples in this book. It is easy to secure your application when you have a demonstration of a complete and working application explained in the book, isn’t it? Each chapter starts with the importance and relevance of the topic by introducing some Java EE applications requirement, which will encourage you to read it further.

Who this book is written for

This book is for application designers, developers and administrators who work with GlassFish and are keen to understand Java EE and GlassFish security.

To take full advantage of this book, you need to be familiar with Java EE and GlassFish application servers. You will love this book if you are looking for a book that covers Java EE security and using GlassFish features to create secure Java EE applications, or to secure the GlassFish installation and operating environment and using OpenSSO.

var gaJsHost

How to install and use OpenSSO CLI (Command Line Administration Interface)

OpenSSO  which is open source branch of Sun Java Access Manager has several module which you should install and configure in case that you want to have similar bundle from its open source branch.

One of main components is OpenSSO itself which you can obtain from  Its nightly builds page; just make sure to select latest link which will take you to the download page with links to OpenSSO modules.
OpenSSO file name should be OpenSSO.war; this file is server side application that handle all authentication and authorization related activities. in the download page you can see several other modules, for this blog entry I will give you some details about installing OpenSSO and Administration Command Line Tools. ((It should be last row link in component download page).

To install OpenSSO, you can follow a detailed installation instruction in OpenSSO easy installation just make sure that you remember value that you determined for  Configuration directory because we will use it to install CLI (Command Line administration Interface).

Now that you have installed OpenSSO you can install its CLI package. Download and extract it somewhere in your hard dist. after you have extracted it follow this sequence to complete its installation open a terminal (cmd)  and navigate to directory that you extract the; execute: setup -p  <OPENSSO_CONFIGURATION_DIRECTORY>

It should echo some text indicating that installation is successful. If you want to know more, Installation is nothing more than creation of batch files that I will talk about one of  them in next step. this batch files use some files that are located in opensso configuration directory to perform their operations.

the file that I will talk about is named amadm.bat or this file let you manage your OpenSSO installation from a command line interface even if opensso server is running. all sub commands of this command has a set of 2 common parameter

  1. -u amAdmin : this is default administration username. you can create more users with administration privileges.
  2. -w <password> it is your password which you determined during opensso installation.

Now lets try some commands

 amadm.bat create-realm -e /realm12 -u amAdmin -w adminadmin 

This command will create a new realm and put its parent is root realm.

 amadm.bat list-realms -e / -u amAdmin -w adminadmin 

This command list all realms that are created under parentship of root realm.

 amadm.bat list-identities -e / -x "*" -t User -u amAdmin -w adminadmin 

This command list all identities of type User which are exists in root realm. you can find a list of all sub commands by calling


By default root realm is named openSSO and your created realm will be a child of that realm, Now you can open openSSO web based administraton console and check the result of CLI with it