For various reasons, in GlassFish 3.1 you use
asadmin enable-secure-admin
to turn on SSL security for the admin listener. It is not sufficient
to simply enable SSL on the listener.
Here is the first of a series of short blogs about this:
http://blogs.sun.com/quinn/entry/securing_adminstration_in_glassfish_server
Here is a link to the documentation about this feature:
http://download.oracle.com/docs/cd/E18930_01/html/821-2435/gknqh.html
- Tim
On May 4, 2011, at 1:08 AM, forums_at_java.net wrote:
> Hi there,
>
> we spent meanwhile H O U R S to get the new Oracle GlassFish 3.1 up
> and
> running and it seams, that a lot of bugs have been either continued or
> suprisingly re-introduced.
>
> 1.)
>
> it is not possible to enable SSL encryption for the asadmin listener
> unless
> you set the IP-Address to 0.0.0.0
>
> [#|2011-05-04T07:57:30.029+0200|SEVERE|oracle-glassfish3.1|
> org.apache.catalina.connector.CoyoteAdapter|
> _ThreadID=25;_ThreadName=Thread-1;|PWC3989:
> An exception or error occurred in the container during the request
> processing
> com.sun.jersey.api.client.ClientHandlerException:
> java.net.SocketException:
> Unexpected end of file from server
> at
> com
> .sun
> .jersey
> .client
> .urlconnection
> .URLConnectionClientHandler.handle(URLConnectionClientHandler.java:
> 131)
> at com.sun.jersey.api.client.Client.handle(Client.java:629)
> at
> com
> .sun
> .jersey
> .api
> .client.filter.HTTPBasicAuthFilter.handle(HTTPBasicAuthFilter.java:81)
> at
> com.sun.jersey.api.client.WebResource.handle(WebResource.java:601)
> at
> com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
> at
> com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:
> 499)
> at
> org
> .glassfish
> .admingui
> .common
> .security
> .AdminConsoleAuthModule.validateRequest(AdminConsoleAuthModule.java:
> 225)
> at
> com.sun.enterprise.security.jmac.config.GFServerConfigProvider
> $GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1171)
> at
> com.sun.web.security.RealmAdapter.validate(RealmAdapter.java:1311)
> at
> com
> .sun
> .web
> .security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:
> 1189)
> at
> org
> .apache
> .catalina
> .authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:551)
> at
> org
> .apache
> .catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:623)
> at
> org
> .apache
> .catalina.core.StandardPipeline.doChainInvoke(StandardPipeline.java:
> 600)
> at
> com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:96)
> at
> com
> .sun
> .enterprise
> .web
> .PESessionLockingStandardPipeline
> .invoke(PESessionLockingStandardPipeline.java:91)
> at
> org
> .apache
> .catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
> at
> org
> .apache
> .catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:326)
> at
> org
> .apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
> 227)
> at
> com
> .sun
> .enterprise
> .v3.services.impl.ContainerMapper.service(ContainerMapper.java:228)
> at
> com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:
> 822)
> at
> com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:719)
> at
> com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1013)
> at
> com
> .sun
> .grizzly
> .http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
> at
> com
> .sun
> .grizzly
> .DefaultProtocolChain
> .executeProtocolFilter(DefaultProtocolChain.java:137)
> at
> com
> .sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:
> 104)
> at
> com
> .sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:
> 90)
> at
> com
> .sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
> at
> com
> .sun
> .grizzly
> .ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
> at
> com
> .sun
> .grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
> at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
> at
> com.sun.grizzly.util.AbstractThreadPool
> $Worker.doWork(AbstractThreadPool.java:532)
> at
> com.sun.grizzly.util.AbstractThreadPool
> $Worker.run(AbstractThreadPool.java:513)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: java.net.SocketException: Unexpected end of file from
> server
> at
> sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:769)
> at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:632)
> at
> sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:766)
> at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:632)
> at
> sun
> .net
> .www
> .protocol
> .http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
> at
> java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
> at
> com
> .sun
> .jersey
> .client
> .urlconnection
> .URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:
> 217)
> at
> com
> .sun
> .jersey
> .client
> .urlconnection
> .URLConnectionClientHandler.handle(URLConnectionClientHandler.java:
> 129)
> ... 32 more
>
>
> 2.)
>
> it is not possible to deploy from netbeans 7.0 to V3.1.x as the
> authorization
> fails for some reason:
>
> [#|2011-05-04T07:54:06.512+0200|INFO|oracle-glassfish3.1|
> javax
> .enterprise.system.tools.admin.com.sun.enterprise.container.common|
> _ThreadID=63;_ThreadName=Thread-1;|User
> [] from host xxx.xxx.xxx.xxx does not have administration access|#]
>
>
> 3.)
>
> SSL-Redirection from Port 80 -> 443 does not work
>
> 4.)
>
> external docroots do not work.
>
> 5.)
>
> the entire SSL support is M U C H to complicated, especially importing
> externally created certificates.
>
> 6.)
>
> documentations / manuals provided here on the site are only dealing
> with
> rare special case, not with common task e. g.
>
> -> how to add an external docroot
>
> -> how to setup SSL hosts and enabling auto-port forwarding from 80-
> >443
>
> -> how to create a pkcs12 file and WHAT are the necessary contents.
>
> -> how to import SSL certificates into keystore
>
> especially point 2.) is a known issue for years!!!!
>
> we are much disappointed what became on Glassfish and from this
> instance, it
> became a complete time-consuming solution.
>
> Thanks.
>
>
>
>
> --
>
> [Message sent by forum member 'seagate']
>
> View Post: http://forums.java.net/node/798054
>
>