Wednesday Mar 17, 2010

Https outbound connection from GlassFish Enterprise Server v2 to Oracle GlassFish Server 3.0

Oracle GlassFish Server 3.0 is a Java EE 6 container. It uses JKS as keystore. In GlassFish Enterprise Server v2, it uses NSS. In this simple blog, we will show how to set up environments for https outbound connection from GlassFish v2 to Oracle GlassFish Server 3.0.
  1. Export the certificate from Oracle GlassFish Server 3.0 from JKS.
    Change to domain config directory where one can find cacerts.jks and run the following command:
    keytool -export -rfc -alias s1as -file s1asv3.cert -keystore cacerts.jks -storepass changeit
    Note that one should let keytool prompt for password rather than using -storepass. It is used here for illustration.
  2. Import the certificate to GlassFish Enterprise Server v2.
    Note that one need to use a different alias name "s1asv3" as there is already a certificate of name "s1as" in NSS db. Change to the domain config directory where one can find cert8.db and run the following command:
    certutil -A -n s1asv3 -d . -i s1asv3.cert -t "T,c,c"
    Restart the GlassFish Enterprise Server.
I find that the following jsp testing code is quite handy. It is included here for convenience:

<%@page import="java.io.\*, java.net.\*, javax.net.ssl.\*" %>
<%
    try {
        String host = request.getParameter("host");
        String port = request.getParameter("port");
        String urlStr = "https://" + host + ":" + port;
        out.println("Url = " + urlStr + "<hr>");
        URL url = new URL(urlStr);
        HttpURLConnection connection = (HttpURLConnection)url.openConnection();
        BufferedReader in = null;
        in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
        String line = "";
        while ((line = in.readLine()) != null) {
            out.println(line);
        
    } catch(Throwable ex) {
        out.println("<hr><pre>");
        ex.printStackTrace(new PrintWriter(out));
    }
%>

Note that one can read more about GlassFish Enterprise Server v2 and NSS in "Key Management and PKCS#11 Tokens in Sun Java System Application Server 8.1".

Friday Sep 26, 2008

compression and compressionMinSize in GlassFish v3

In Enabling HTTP Compression in GlassFish, Jean-Francois discussed about compression in GlassFish. There are four properties to configure compression, namely:
  • compression
  • compressionMinSize (in OCTET)
  • compressableMimeType
  • noCompressionUserAgents
One can turn compression on and off by setting compression = force and compression = off respectively. And one can also turn on the compression if the content-length is unknown or known to be greater than a certain size. There are two properties related to this: compression and compressionMinSize. In this blog, we will discuss various ways to accomplish this scenario in GlassFish v3.

compression vs compressionMinSize

propertypossible value if setDefault
compressionon, force, off, integeroff
compressionMinSizeinteger2048

There are several possible combinations. We will summarize the behaviors of GlassFish v3 in the below table. In the following, α and β are integers.

compressioncompressionMinSizeResult
onβcompression with min size β
onnot setcompression with default min size (2048)
forceβ or not setcompression with no size constraint
αβ or not setcompression with min size α
off or not setβ or not setno compression

So, roughly speaking, whenever there is conflicting information between compression and compressionMinSize, the compression property will take precedence.

Since we use strict inequality to check for known content length, the following are equivalent:

  • compression = force
  • compression = on and compressionMinSize = any negative integer

How to test it?

If one has turned on compression in GlassFish, then one will get HTTP compression if the HTTP request is
  • using HTTP 1.1
  • with a HTTP header:
        Accept-Encoding: gzip
  • the content-length is unknown or greater than the compression minimum size
    (or compression = force)
One can confirm that there is a HTTP compression by using Firefox with Firebug. There will be a HTTP response header:
  • Content-Encoding: gzip
Note that one can also notice some changes in HTTP response for HTTP compression by using the http client posted in one of my previous blogs.
About

Shing Wai Chan

Search

Categories
Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today