Security is about protecting data: how to prevent unauthorized access or damage to it in storage or transit. The Application Server has a dynamic, extensible security architecture based on the J2EE standard. Built in security features include cryptography, authentication and authorization, and public key infrastructure. The Application Server is built on the Java security model, which uses a sandbox where applications can run safely, without potential risk to systems or users. The following topics are discussed:
Broadly, there are two kinds of application security:
deploytool
. Because deployment descriptors can change after an application is developed, declarative security allows for more flexibility.In addition to application security, there is also system security, which affects all the applications on an Application Server system.
Programmatic security is controlled by the application developer, so this document does not discuss it; declarative security is somewhat less so, and this document touches on it occasionally. This document is intended primarily for system administrators, and so focuses on system security.
The Application Server provides the following tools for managing security:
asadmin
, a command-line tool that performs many of the same tasks as the Admin Console. You may be able to do some things with asadmin
that you cannot do with Admin Console. You perform asadmin
commands from either a command prompt or from a script, to automate repetitive tasks. For a general introduction to asadmin
, see "Tools for Administration".deploytool
, a graphical packaging and deployment tool for editing application deployment descriptors to control individual applications’ security. Because deploytool
is intended for application developers, this document does not describe its use in detail. For instructions on using deploytool
, see the tool’s online help and The J2EE 1.4 Tutorial at http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html.The Java 2 Platform, Standard Edition (J2SE) provides two tools for managing security:
keytool
, a command-line utility for managing digital certificates and key pairs. Use keytool
to manage users in the certificate
realm. policytool
, a graphical utility for managing system-wide Java security policies. As an administrator, you will rarely need to use policytool
.
For more information on using keytool
, policytool
, and other Java security tools, see Java 2 SDK Tools and Utilities at http://java.sun.com/j2se/1.4.2/docs/tooldocs/tools.html#security.
In the Enterprise Edition, two other tools that implement Network Security Services (NSS) are available for managing security. For more information on NSS, go to http://www.mozilla.org/projects/security/pki/nss/. The tools for managing security include the following:
certutil
, a command-line utility for managing certificates and key databases.pk12util
, a command-line utility used to import and export keys and certificates between the certificate/key databases and files in PKCS12 format.
For more information on using certutil
, pk12util
, and other NSS security tools, see NSS Security Tools at http://www.mozilla.org/projects/security/pki/nss/tools.
In this release of the Application Server, the file domain.xml
, which contains the specifications for a particular domain, initially contains the password of the IMQ broker in clear text. The element in the domain.xml
file that contains this password is the admin-password
attribute of the jms-host
element. Because this password is not changeable at installation time, it is not a significant security impact.
However, use the Admin Console to add users and resources and assign passwords to these users and resources. Some of these passwords are written to the domain.xml
file in clear text, for example, passwords for accessing a database. Having these passwords in clear text in the domain.xml
file can present a security hazard. You can encrypt any password in domain.xml
, including the admin-password
attribute or a database password by following this procedure:
domain.xml
file resides (which is install_dir/domains/
domain_dir/config
by default), run the following asadmin
command:
asadmin create-password-alias <
alias-name>
For example,
asadmin create-password-alias jms-password
A password prompt appears (admin
in this case). Refer to the manpages for the create-password-alias
, list-password-aliases
, delete-password-alias
commands for more information.
domain.xml
. This is accomplished using the asadmin
set
command. An example of using the set
command for this purpose is as follows:
asadmin set
server.jms-service.jms-host.default_JMS_host.admin-password=${ALIAS=jms
-password}
Some files contain encoded passwords that need protecting using file system permissions. These files include the following:
/domains/
domain_dir/master-password
This file contains the encoded master password and should be protected with file system permissions 600.
--passwordfile
argument to asadmin
should be protected with file system permissions 600. The master password (MP) is an overall shared password. It is never used for authentication and is never transmitted over the network. This password is the choke point for overall security; the user can choose to enter it manually when required, or obscure it in a file. It is the most sensitive piece of data in the system. The user can force prompting for the MP by removing this file. When the master password is changed, it is re-saved in the master-password keystore.
To change the master password, the following procedure must be followed:
asadmin
command change-master-password
that prompts for the old and new passwords, then re-encrypts all dependent items. For example,
asadmin change-master-password>
Please enter the master password>
Please enter the new master password>
Please enter the the new master password again>
WARNING: At this point in time, server instances that are running must not be started and running server instances must not be restarted until the SMP on their corresponding node agent has been changed. If a server instance is restarted before changing its SMP, it will fail to come up.
asadmin
change-master-password
command again, and then restart the node agent and its related servers.
Encrypting the admin password was discussed in "Managing Security of Passwords". Encrypting the admin password is strongly encouraged. If you want to change the admin password before encrypting it, use the asadmin
set
command. An example of using the set
command for this purpose is as follows:
asadmin set
server.jms-service.jms-host.default_JMS_host.admin-password=new_pwd
It is also possible to change the admin password using Admin Console. To change the admin password using the Admin Console, follow these steps.
server
, expand the server-config
node.default-config
node.admin-realm
node. admin
.Security responsibilities are assigned to the following:
The application developer is responsible for the following:
An application developer can use tools such as deploytool
to edit application deployment descriptors. These security tasks are discussed in more detail in the Security chapter of The J2EE 1.4 Tutorial, which can be viewed at the following URL:
The application deployer is responsible for:
An application deployer can use tools such as deploytool
to edit application deployment descriptors. These security tasks are discussed in more detail in the Security chapter of The J2EE 1.4 Tutorial, which can be viewed at the following URL:
The system administrator is responsible for:
A system administrator uses the Admin Console to manage server security settings and certutil
to manage certificates. This document is intended primarily for system administrators.