■Indeclarative security, the container (the Enterprise Server) handles security through an
application'sdeployment descriptors. You can control declarative security by editing
deploymentdescriptors directly or with a tool such as deploytool. Because deployment
descriptorscan change after an application is developed, declarative security allows for
moreexibility.
Inaddition to application security, there is also system security, which aects all the applications
onan Enterprise Server system.
Programmaticsecurity is controlled by the application developer, so this document does not
discussit; declarative security is somewhat less so, and this document touches on it
occasionally.This document is intended primarily for system administrators, and so focuses on
systemsecurity.
Toolsfor Managing SecurityTheEnterprise Server provides the following tools for managing security:
■AdminConsole, a browser-based tool used to congure security for the entire server, to
manageusers, groups, and realms, and to perform other system-wide security tasks. For a
generalintroduction to the Admin Console, see “Tools for Administration” on page 24.For
anoverview of the security tasks consult the Admin Console online help.
■asadmin,a command-line tool that performs many of the same tasks as the Admin Console.
Youmay be able to do some things with asadmin that you cannot do with Admin Console.
Youperform asadmin commands from either a command prompt or from a script, to
automaterepetitive tasks. For a general introduction to asadmin, see “Tools for
Administration”on page 24.
TheJava Platform, Standard Edition (Java SE) provides two tools for managing security:
■keytool,a command-line utility for managing digital certicates and key pairs. Use
keytoolto manage users in the certificate realm.
■policytool,a graphical utility for managing system-wide Java security policies. As an
administrator,you will rarely need to use policytool.
Formore information on using keytool,policytool, and other Java security tools, see JDK
Toolsand Utilities at http://java.sun.com/j2se/1.5.0/docs/tooldocs/#security.
Inthe Enterprise Prole, two other tools that implement Network Security Services (NSS) are
availablefor managing security. For more information on NSS, go to
http://www.mozilla.org/projects/security/pki/nss/.The tools for managing security
includethe following:
■certutil,a command-line utility for managing certicates and key databases.
■pk12util,a command-line utility used to import and export keys and certicates between
thecerticate/key databases and les in PKCS12 format.
ToolsforManaging Security
SunGlassFishEnterprise Ser ver2.1 Administration Guide • December 200898