In this chapter we covered environment security and security auditing, which are basic parts of application server security. We saw what we need to do at operating system level to ensure that GlassFish installation is isolated from the whole operating system. We later on discussed how we can use the security policy to ensure that GlassFish process and deployed application can only access the resources intended for them. Finally, we learned the importance of auditing and how we can create new auditing modules to customize the security events treatment.
In next chapter we will cover GlassFish administration security tasks like password security and listener security.