users@glassfish.java.net

Re: GlassFish domains on same server under own unix user credetials?

From: <glassfish_at_javadesktop.org>
Date: Mon, 11 Aug 2008 22:29:49 PDT

Glassfish doesn't have that concept of a "superadmin". The administration level is at the Domain (and by Domain, I mean Glassfish Domain, not HTTP domain).

The Glassfish Domain is a single entity containing and configuring all of the resources for the Domain. This includes all of the classic JEE resources (connection pools, java mail, etc.). It also includes ALL of the applications that you wish deployed within the Domain.

With a clustered deployment leveraging the Domain Admin Server, you can/will have several different systems equipped with Node Agents. One configured, you will then be able to designate which components of your Domain will run on which instances, including Applications, HTTP listeners, etc. This means you can have a cluster with a DAS system, and System A, and System B. System A can be running application X and have a virtual HTTP server cofigured for "xxx.host.com", while System B will have application Y deployed to it, while its virtual HTTP server is configured to "yyy.host.com".

Even though you have 3 systems (DAS, System A, and System B), 2 applications and 2 virtual hosts, you have a single Domain, and a single Administration contact point -- the DAS. That DAS manages the entire Domain, all the systems, all of the resources, and all of the applications.

What you are suggesting with the "superadmin" and other user specific admins can't be configured with Glassfish today the way you want.

With the scenario you present, you may as well run individual instances in each of your jails. If you require that kind of isolation between users, the DAS gives you nothing here. It actually complicates it.

I would give each user their own instance, give each one their own admin user as well as a common admin user. Then I'd right scripts that send the same asadmin commands to each server for my "superadmin", using the the common admin credentials. I think that's as close as you're going to get out of the box.
[Message sent by forum member 'whartung' (whartung)]

http://forums.java.net/jive/thread.jspa?messageID=292762