Skip to content
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
Cannot retrieve contributors at this time

Setup of GlassFish and security measures

last modified: 2023-01-31


  • I use Debian, version 8.7 (why?)

  • Vi is used as a text editor in the following

Installing the JDK 8

Create a new file:

sudo vim /etc/apt/sources.list.d/java-8-debian.list

add these lines:

Close the file.

get the certif key:

sudo apt-key adv --keyserver --recv-keys EEA14886

install the JDK 8:

sudo apt-get update && sudo apt-get install oracle-java8-installer

Set the env variables straight:

sudo apt-get install oracle-java8-set-default

Installing Glassfish 4.1

We will install it in /opt/app-server

create a glassfish user (here the -m option creates its home directory if not already present):


maybe a good idea to choose a user name different from glassfish - default values are always to be avoided.

adduser glassfish -shell /bin/bash passwd glassfish adduser glassfish sudo

//ST: !
change to user glassfish
su - glassfish

mkdir /opt/app-server make the user owner of /opt/app-server:

sudo chown -R glassfish /opt/app-server
sudo chmod -R 700 /opt/app-server

download glassfish from here:

cd /opt/app-server

sudo apt-get install zip unzip unzip

Glassfish is now installed.

Hardening Glassfish 4.1

We can access glassfish commande line by doing:

cd glassfish4/glassfish/bin


Change the masterpassword:

change-master-password --savemasterpassword

(put "changeit" when the default password is asked, then choose your own)

We will now delete the default domain ("domain1") and create a new one. 2 reasons for this:

  • We will create a domain with a custom name, to avoid using the default value.

  • Create a domain from scratch allows to make use of the nice "portbase" option:

→ The "portbase" option allows for creating a set of ports different from the default ones.

delete-domain domain1
create-domain --portbase 17390 yourcustomdomain

just letters and numbers in the domain name.

So, with portbase 17390 (choose your own value instead), the port for the GlassFish GUI console will be 17390+ 48 = 17438

Add a tunnel for port 17438 in your SSH connection. Restart your SSH connection.

Go back to /opt/app-server/glassfish-4/glassfish/bin and ./asadmin


If you tunneled the port 17438 in your SSH, you can now go to http://localhost:17438

In the GUI console,

  • change the admin password

  • change the "Address field" in http-listener-2 sub menu to the IP of the server.

  • change the content of /domains/yourcustomdomain/docroot/index.html → "my server is online"

  • create an "errorpages" subdir in your domain root folder and an error page in /domains/yourcustomdomain/errorpages/404.html

Then, in the GUI console, point to this file via:

Configuration|Virtual Server|server
name: send-error_1
value: code=404 path=/errorpages/404.html reason=Resource_not_found

Hide the identity of the server in the headers:

  • In Network-config → Network-listeners → http-listeners (1 et 2) → HTTP tab: turn off the "XPowered By:" header with your http-listener

  • add a JVM-Option""

the end

Author of this tutorial: Clement Levallois

All resources on linux security: