Monday May 31, 2010

Client-Auth REQUESTED in GlassFish

Client Authentication is supported in GlassFish. This is one of the most common feature available in any web container.

Client-authentication can be enabled in Glassfish, by enabling the "client-auth-enabled" attribute of the "ssl" element of the http-listener. Currently, the clientauth can either be REQUIRED or NOT-REQUIRED.

But , as per javax.net.ssl.\*,  the client-auth can 3 values

  • need - REQUIRED. The client certificate is MUST to authenticate
  • want - REQUESTED. The client certificate is OPTIONAL to authenticate
  • blank - NOT REQUIRED. Do not need a client certificate to authenticate

With 2.1.1 patch 6, we plan to support the "want". This is enabled in the patch by a system property.

In domain.xml, please add the following property to http-listener element

<property name="com.sun.grizzly.ssl.auth" value="want"/>

When the browser prompts for providing the certificate, it becomes optional for the user to accept or deny passing on the certificate, to access the resource. Also, the apps written on top of Glassfish can decide on how they want to authorize such a behavior.

This feature is also available on glassfish v3


Sunday Jan 17, 2010

SGES v2.1.1 server certificate expired

The CA server certificate bundled with Sun GlassFish Enterprise Server v2.1.1 has expired since Jan 8, 2010.

Hence you would see SEVERE messages when you restart your domains. While this is being fixed in later SGES patches, you have a workaround to avoid these messages.

All you need to do is to remove the expired certificate from the keystore.

To remove from JKS keystore, use the following command
keytool -delete -alias verisignserverca -keystore <DOMAIN_ROOT>/config/cacerts.jks

To remove from NSS keystore, use the following command,
certutil -D -n verisignserverca -d <DOMAIN_ROOT>/config

Thursday Aug 20, 2009

What is the confusion in the Name ??

From the time I joined the GF team, I see a lot of confusion prevailing around the product name Sun Glassfish Enterprise Server v2.1. Now with v2.1.1 release coming up, there may be a lot of additional confusions.

I am trying my hand in clearing some confusion

Let us get one thing straight,

9.1, 9.1 UR1,  9.1UR2, v2.1, v2.1.1 are all essentially the same product and follow the same code line.

Mapping of these versions are :

SGES v2.1 <===> SJSAS 9.1UR2 patch 6

SGES v2.1.1 <===> SGES v2.1 patch 6 <===> SJSAS 9.1 UR2 patch 12

The most easiest way to  find the version you are using is by executing the following command:

<AS_INSTALL>/bin/asadmin version --verbose=true




Thursday Jan 08, 2009

New Bee into Glassfish !!

After 8-9 years of working on various J2EE Applications, content management and identity management , I am moving into another domain of  sustaining application container ...I am entering with lot anxiety and eagerness .

Let me see what future holds for me :)

About

Kalpana Karunamurthi

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today