X

JavaOne 2012 - What's new in Servlet 3.1: An Overview

Rajiv and I had presented the session CON6793, "What's new in Servlet 3.1: An Overview", on October 2 at JavaOne 2012, San Francisco. It was at 8:30 am. There were a lot of audiences even in the early morning. Most of the audiences know Servlet 3.0. And we have some good discussions after the talk. I have attached the pdf of presentation so that it can be shared with wider audiences.

Thursday, October 18, 2012 | Sun | Read More

Profiling GlassFish 3 with JProfiler

Recently, I investigated performance issues of GlassFish 3. I found thatJProfiler 6 is a very handy tool. In this blog, I would like to share with you what I learnt. I would like to thank Dhiru Pandey and Suveen Nadipalli for their help. In the following, we will assume GlassFish 3 installed in $GLASSFISH_HOME and JProfiler 6 is running on Mac OS 10.5.8. Set up GlassFish 3 Insert com.jprofiler.agent, com.jprofiler.agent.*, immediately after ${eclipselink.bootdelegation}, in or...

Thursday, October 21, 2010 | Sun | Read More

Change Session Id on Authentication in GlassFish

Session fixation attack is a security vulnerabiltiy where the victim is tricked to login using the session given by a hacker, then the hacker can use the session after that. Prior to GlassFish v3, one can mininize the exposure of session id in url encoding by specifying a session-properties in WEB-INF/sun-web.xml: <sun-web-app>   <session-config>     <session-properties>       <property name="enableURLRewriting" value="false" />     </session-properties>   </session-config></s...

Friday, June 11, 2010 | Sun | Read More

Https outbound connection from GlassFish Enterprise Server v2 to Oracle GlassFish Server 3.0

Oracle GlassFish Server 3.0 is a Java EE 6 container. It uses JKS as keystore. In GlassFish Enterprise Server v2, it usesNSS. In this simple blog, we will show how to set up environments for https outbound connection from GlassFish v2 to Oracle GlassFish Server 3.0.Export the certificate from Oracle GlassFish Server 3.0 from JKS. Change to domain config directory where one can find cacerts.jks and run the following command:keytool -export -rfc -alias s1as -file s1asv3.cert...

Wednesday, March 17, 2010 | Sun | Read More

An Example of Porting Grizzly Comet to Servlet 3.0

Grizzly Comet is a very powerful feature in GlassFish v2 and GlassFish v3. It provides a framework for writing many interesting applications. However, the same application will not run in other servlet containers (without Grizzly). One can resolve this by porting the code to use asynchronous API in Servlet 3.0 as in the glassfish sample, asyn-request-war, code AjaxCometServlet.java. In this case, the application would be able to run in all Servlet 3.0 containers. In this...

Friday, December 4, 2009 | Sun | Read More

Follow up on Servlet 3.0 Security Annotations

In May 2009, I discussed the Servlet 3.0 security annotations in one of my blogs, Servlet 3.0 Security Annotations. At that time, the annotations were defined similar to those in EJB. During the discussion in JSR 315 expert group, two issues were identified as follows:In JSR 250, type level annotations only apply to methods declared in that class, not those inherited. This is an issue for servlets as they extend javax.servlet.http.HttpServlet. The doGet method et al may not...

Thursday, October 29, 2009 | Sun | Read More

Servlet 3.0 web-fragment.xml

In JSR 315: Java Servlet 3.0 Specification,web-fragment.xml is introduced for pluggability of library jars which are packaged under WEB-INF/lib. The content of web.xml and web-fragment.xml are almost the same. One can define servlets, filters and listeners there. One can also specifymetadata-complete=true in a given web-fragment.xml. In the latter case, the annotation processing of classes in that jar would be skipped. With web-fragment.xml, library jars can be self-contained...

Thursday, May 7, 2009 | Sun | Read More

Servlet 3.0 Security Annotations

Update: The security annotations have been changed. The updated information can be found in my blog, Follow up on Servlet 3.0 Security Annotations. In Servlet 2.5, only @DeclareRoles and @RunAs are supported in servlets. And @DenyAll, @PermitAll, @RolesAllowed are only supported for EJBs. In JSR 315: Java Servlet 3.0 Specification, @DenyAll, @PermitAll, @RolesAllowed will be supported in servlets. Furthermore, it supportsJSR 250: Common Annotations for the Java Platform MR1: @Tr...

Monday, May 4, 2009 | Sun | Read More

Using Jetty Bayeux Client in GlassFish v3

In Cometd environment, one can access cometd services throughsimple Javascript,Java API for Bayeux Protoc, DOJO, etc. In the Grizzly Issue 174, developer amplus has contributed a first porting of Jetty Bayeux Java Client toGrizzly. A modification of the contribution has been checkin to Grizzly. The above client code is based on Jetty 6.1.11. Subsequently, various cometd bugs has been fixed in Grizzly 1.9.8 or later. In this blog, we will describe how to use the Jetty...

Tuesday, March 10, 2009 | Sun | Read More

Servlet 3.0 Annotations

The JSR 315: Java Servlet 3.0 Specification expert group is in the process of making Public Review available. You can look at Rajiv's blog for more details. The reference implementation is available in GlassFish v3 nightly build. In Servlet 3.0, for ease of development, several new annotations are defined. These annotations are resided in the package javax.servlet.annotation. They are intended to provide meta data only. In other words, one still needto extend the...

Tuesday, December 2, 2008 | Sun | Read More

compression and compressionMinSize in GlassFish v3

In Enabling HTTP Compression in GlassFish, Jean-Francois discussed about compression inGlassFish. There are four properties to configure compression, namely: compression compressionMinSize (in OCTET) compressableMimeType noCompressionUserAgents One can turn compression on and off by setting compression = force andcompression = off respectively. And one can also turn on the compression if the content-length is unknown or known to be greater than a certain size.There are two...

Friday, September 26, 2008 | Sun | Read More

WEBDAV in GlassFish

WEBDAV (RFC 4918) protocol is a predecessor to HTTP/1.1 for management resources, etc. The WEBDAV code in GlassFish workspace is based on Tomcat. Jean-Francois blogged about this in 2006. WEBDAV Level 2 will be a supported feature in GlassFish v3. In this blog, we would provide additonal information about WEBDAV in GlassFish v3. Configuration of WebDAVServlet WEBDAV can be enabled by specifying theorg.apache.catalina.servlets.WebdavServlet in web.xmlfor a given web...

Thursday, August 14, 2008 | Sun | Read More

Common Gateway Interface in GlassFish

Common Gateway Interface (CGI) supports dynamic contents in web environment. CGI programs are executable programs in the server platform with specific output. It can be a Bourne shell script, Perl script or even a C binary executable. It was very popular before the the appearance of Servlet, JSP and PHP. The CGI code in GlassFish workspace is based on Tomcat. In GlassFish v3, CGI will be a supported feature. Let us look at a very simple example. Create a CGI script In our...

Tuesday, July 15, 2008 | Sun | Read More

Server Side Include in GlassFish

Server Side Include (SSI) allows including dynamic contents in html. SSI and CGI were very popular before the the appearance of JSP and PHP. The SSI code in GlassFish workspace is based on Tomcat. In GlassFish v3, SSI will be a supported feature. Let us look at a very simple example. Create a SSI file In our example, we create a index.shtml which includes the content of header.html, prints a Hello message with server side timestamp, and executes a command say, uname (or any...

Friday, July 11, 2008 | Sun | Read More

Java API for Bayeux Protocol

In Cometd environment, one communicates throughBayeux Protocol. The protocol is currently in 1.0 draft 1.GlassFish v3 has incorporated implementation of Bayeux fromGrizzly. Jean Francois already has several good blogs on Cometd on Grizzly. In this blog, we are going to illustrate how to send a Bayeux message to a Cometd client by using Java API without writing any JSON code. Basic set up Download GlassFish v3 from GlassFish website. And add the following property to your http-li...

Friday, May 2, 2008 | Sun | Read More

Follow up on A Simple Comet Example: Long Polling vs Http Streaming

In my previous comet blog, A Simple Comet Example: Hidden Frame and Long Polling", I illustrate comet by using a simple example of two frames. While it is good for illustration, there is a limitation. If you try to use two different browsers to access the counter and click really fast, then you may notice that one of the counter may be updated and then immediately changes to blank. This is because the comet response may come before the response ofthe http post. This is more...

Wednesday, April 23, 2008 | Sun | Read More

A Simple Comet Example: Hidden Frame and Long Polling

Recently, there is a great interest in Comet technology. One can find many interesting articles in Comet Daily. Comet allows server and client to keep a live connection for communication. This provides a mechanism for server to update clients, instead of having classical polling. In this blog, I am going to share my experience about using Comet with hidden frame and long polling inGlassFish v3 Technology Preview 2 builds.I try to make example as simple as possible to...

Thursday, April 3, 2008 | Sun | Read More

Comparison of Security features in GlassFish and SJSAS 8.x EE

Security is very essential, especially in the enterprise environment. In this blog, we will compare security of Profiles in GlassFish (GF) v2 and also note those feature availability in Sun Java System Application Server (SJSAS) 8.x Enterprise Edition. Note that Enterprise Profile is not available in public yet and will be in beta around July 2007. More information on Profiles in GlassFish v2 can be found here. Comparison of Security with GF and SJSAS 8.x EE Feature GlassFish SJSA...

Friday, May 25, 2007 | Sun | Read More

JDBCRealm in GlassFish with MySQL

In these few months, there were several discussions of using GlassFish JDBCRealm with MySQL. In this blog, I will share my experience about using GlassFish JDBCRealm with MySQL. Download the MySQL Community Server. I have downloaded the Solaris 10 (x86, 32 bit TAR package), version 5.0.37, of the "MySQL Community Server". Expand the download file. gunzip mysql-5.0.37-solaris10-i386.tar.gz tar xf mysql-5.0.37-solaris10-i386.tar cd mysql-5.0.37-solaris10-i386 and read...

Monday, April 23, 2007 | Sun | Read More

Multiple Private Keys in a GlassFish domain

GlassFish uses Java JKS for storing keys and certificates. Out of the box, the keyStore (keystore.jks) and the trustStore (cacerts.jks) reside in$GLASSFISH_HOME/domains/domain1. Even though there are several CA root certificates incacerts.jks, there is only one private key inkeystore.jks. GlassFish supports the use of multiple private keys in a given domains. For instance, you may have two https listeners having different server private keys. This is a very useful scenarioespec...

Friday, April 6, 2007 | Sun | Read More

Browsing 196 AuthConfigProviders with AJAX

JSR 196, Java Authentication SPI for Containers, defines SPI for providers plugging into containers for message authentication. It is currently under Proposed Final Draft (PFD) and GlassFish v2 (b40 rc or above) has an implementation of PFD of this JSR. On the other hand, AJAX is another new and exciting technology in the Web 2.0 area. In this blog, I will share my experience with you about constructing a web tool to browse 196 AuthConfigProvidersregistered in GlassFish by...

Friday, March 23, 2007 | Sun | Read More

Troubleshooting JAXWS Message Level Security in GlassFish

In Java EE 5, one can implement JAXWS Web Services through servlets and Ejb endpoints (JSR 109).GlassFish supports message level security for Web Services. You don't need to write special client and server Java code in order to take advantages of the message level security. What you need to do is specific a corresponding message-level-security element in sun-ejb-jar.xml, sun-web.xml, and sun-application.xml. For instance,   <webservice-endpoint>    ...

Friday, March 16, 2007 | Sun | Read More

Password echo of appclient in GlassFish?

In SJSAS 8.x, 9.0 and GlassFish v1, when one tries to access a password protected EJB or Web Service through appclient, it will prompt user name and password if this is not specified in command line or programmatically. By default the prompt will be a GUI dialog box. In remote environment, it may be desirable to have the prompt in text mode. One can achieve this through appclient as follows:   appclient -client <location of the client jar> -textauth And username and password...

Wednesday, March 14, 2007 | Sun | Read More

assign-groups in GlassFish Security realm

In the Java EE environment, roles are logical privileges which convey/represent permission to operate on some particular set of resources in an application. The Sun Java System Application Server environment consists of several realms, which each contain a complete database of users and groups that identify valid users of an application. When the roles are mapped to users, the users are effectively granted the permissions conveyed/represented by the privilege. In Sun One...

Friday, August 11, 2006 | Sun | Read More

在 Glassfish 中使用 JDBCRealm

原文: href="http://blogs.oracle.com/roller/page/swchan?entry=jdbcrealm_in_glassfish">JDBCRealm in Glassfish 作者:Shing Wai Chan 译者:Cheng Fang JDBC realm 在近几个月来颇受瞩目。这篇网志总结了 JDBC realm 在GlassFish 实施中的演变,并解释其最新的实施运作。我要感谢 Jean-Baptiste 和 Richter 对此所作的贡献和评论。开源社区成员的参与也很有帮助。我欢迎大家的反馈和参与, 帮助我们更好地实现这一性能。 GlassFish 一直都支持 realm 插件。以下这篇文章描述了如何在 Sun Java System Application Server EE 8.0 中实现 Custom Realm: href="http://developers.sun.com/prodtech/appserver/reference/techart/as8_authentication/inde...

Thursday, June 15, 2006 | Sun | Read More

JDBCRealm in GlassFish

JDBC realm has a lot of attention in recent months. This blog summarizes the evolution of the JDBC realm implementation in GlassFish and explains how the latest implementation works. I would like to thank Jean-Baptiste, and Richter for their contributions and comments. The participation from the open source community definitely helps everyone. I encourage all of you to give feedback, participate, and help evolve this feature further. GlassFish always had the capability for...

Thursday, June 8, 2006 | Sun | Read More

Glassfish with ECC

As computer hardware is getting more and more powerful, there is a corresponding need to increase the encryption strength of the key in cryptographic operations. There are several ways in which this can be accomplished: Increase the length of the encryption key. This may negatively impact performance. Use a different encryption algorithm, for example, Elliptic Curve Cryptography (ECC). In next-generation key technology, RSA will be2048 bits and ECC will be 224 bits. Note that...

Friday, May 12, 2006 | Sun | Read More

Enterprise Java Bean over SSL

Enterprise Java Bean provides a component based architecture for distributed business application. Security is very important in the enterprise environment. SSL/TLS provides security at the transport layer to meet the security requirement in an enterprise environment. In this blog, we discuss how to configure SSL for use with enterprise beans and how to access enterprise bean from a client. Note In the Java EE 5 SDK,Glassfish and theSun Java System Application Server (SJSAS),the...

Saturday, April 8, 2006 | Sun | Read More

Troubleshooting Deployment in Glassfish

In Java EE 5, there are many new and exciting features. For example, developers can specify annotations in Java files instead of putting metadata in deployment descriptors. In some cases, applications can be completely free of deployment descriptors. This simplifies the development of Jave EE applications. This blog describes two common troubleshooting scenarios fordeployment in GlassFish. Runtime error due to annotations not correctly processed (if at all) during deployment.In...

Monday, January 23, 2006 | Sun | Read More

How to use Verisign cert in Glassfish and SJSAS 8.x?

This blog describes the steps needed to use Verisign certificates in GlassFish which can be downloaded from http://glassfish.dev.java.net/public/downloadsindex.html. These steps will also work with the SJSAS 8.x products. You will need to go to the Verisign website to get a certificate if you don't already have one. In the following, we will outline steps on how to use Verisign certificate in Sun Java System Application Server (SJSAS) 8.x PE and Glassfish. Steps On Using...

Friday, December 16, 2005 | Sun | Read More