Monday Jan 18, 2010

Expired Certificate in GlassFish Keystore


One of the authority certificates in the Glassfish truststore expired on Jan 7, 2010. This is generating a (verbose and somewhat scary) error message on startup. You can just ignore the message, wait - the expired root was removed in update 18 of Java SE 6 and will be removed in later patches of GlassFish Server - or... can eliminate the error message now by removing the expired certificate from the keystore. Kalpana has a concise recipe on how to do this while Ron goes into more details. Original thread is here; the bug report is 6852796.

Expanded from @glassfish.

Saturday Dec 12, 2009

GlassFish v3 Resources and Links - Part 1

This is one of a series of resources and links related to the new GlassFish v3 release. Each entry starts with a section with key links; the resources are then grouped into categories.


Key links
  • Sun Press Releases: Java EE 6 and GlassFish v3
  • JavaEE 6 Web Hub, and JavaEE 6 Downloads
  • Sun GlassFish v3 Product Page

  • See you at Virtual Conference on Dec 15th, and in one of our Community Parties.

Real-Time News
  • Follow GlassFish at Twitter via @glassfish and #glassfish.


Overviews, Appreciation, Analysis

Non-English Posts

Technical Posts (Formatting needs some improvements)

JeanFrancois Putting GlassFish v3 in Production: Essential Surviving Guide
Scott First Look at v3 Performance
Judy GlassFish v3 FishCAT Survey Results
Judy Meet the FishCAT Team
Judy FishCAT Testing for v3.
Prashanth Making your Application monitorable in GlassFish V3
Prashanth Adhoc Monitoring with Scripting-Client in GlassFish v3
Prashanth Advanced Monitoring in GlassFish v3
Prashanth Top Ten features of Monitoring
Byron Mort Learns How To Use Monitoring in a WebApp
Sreeni Monitoring in GlassFih v3 - It's Different and Cool!
Sreeni How to use GlassFish v3 DTrace probes on Solaris
Jen Easy 1-2-3 Monitoring in v3
Jen v3 Monitoring with Admin Console
Lloyd 'mx' - JMX command line especially for GlassFish V3
Lloyd Navigating the GlassFish V3 MBean hierarchy using 'mx' command line
Lloyd GlassFish V3 management and monitoring MBeans, 'mx'
John Enterprise Manager DTrace Monitoring 3.0 Beta (tweet, download)
Anissa Ten New Features in Admin Console
Anissa trivia quizz
Anissa Launching Admin Console for GlassFish v3 RI
Anissa Launching Admin Console for GlassFish v3 RI
Ken P The AJAX Experiment(s) with improving the Admin Console.
Rajeshwar GF REST Interface for Management
Ken S Final EJB 3.1 Specification and GlassFish v3 Now Available
Rajiv Servlet 3.0 specification and GlassFish v3 now available
Ron Java EE 6 and Servlet 3.0 Converge on Container Security Functionality
Binod V3, Java EE 6 and SIP Servlets
SOAP and REST Web Services
Paul GlassFish v3 is a Go - includes
Fabian Runtime Configuration Management
Kumar Summary of Proprietary Features in SAAJ RI 1.3.4
Jagadish Java EE Connector Architecture 1.6 Reference Implementation
Sivakumar Java EE Connector Architecture 1.6 Specification approved!
Alexis Interview of Roberto Chinnici (podcast)
Alexis Interview of Ludo Champenois
Alexis JSF 2.0 discussion with Ed Burns and Roger Kitain (podcast)
Dynamic Languages
Vivek New GF Gem Features (tweet, History.txt@RubyForge).
Eileen JRuby Performance on Glassfish V3 -- Part 1
Sreeni Java EE 6 Samples for GlassFish Project
Tim App Client Container features in GlassFish v3
Shalini JDBC in GlassFish v3
Hong Glassfish v3 and deployment

Wednesday Dec 09, 2009

GlassFish v3 is Now Available!

Note I have split the resources and news links off from this GlassFish v3 Announcement into the first of one of a series of resources and links entries. The new arrangement is more manageable and also simplifies the creation of additional entries as more resources and news are posted on the release.

It has been 4 and a half years since we announced GlassFish during JavaOne 2005 (PR) and today we are making available our most important release: GlassFish v3 is now available for download!

Our first release was during JavaOne 2006, we released GlassFish v1, the first Java EE 5 compliant App Server (family overview) and the second generation of GlassFish came out in September 2007 (family overview). While still based on JavaEE 5, GFv2 leveraged on Sun's (too) long history of App Servers to add the benefits of an enterprise product (quality, performance, scalability) to those of an open source community (agility, ease of use, supportive teams, pricing).

While the transition between GlassFish v1 and v2 was evolutionary, the transition from v2 to v3 is a major change that includes a whole new set of JCP specifications, JavaEE 6, and a new modular, OSGi-based, architecture that expands significantly the applicability of GlassFish.


Key links available now:

• GlassFish v3 Main Product Page
JavaEE 6 Hub
• JavaEE 6 Downloads (multiple bundles)
Java EE 6 Feature Article (also see Overview White Paper).

We are hosting several events in the next few days; we hope to see many of you at our Virtual Conference on Dec 15th, and in one of our Community Parties.

Below are lists of posts relevant to the launch and the release; they will be updated through the day to incorporate news as they happen. Updates will also be posted to @glassfish at Twitter. If you use Twitter we recommend you to use #glassfish to facilitate discovery. Some level of geotagging would help visualize the spread of the community.


Monday Aug 17, 2009

Recent user blog entries - security, realm, and encoding

While the GlassFish Forum is a great place to ask all sorts of questions, it's nice to see users taking the time to document their findings on their blogs. Some recent examples include :


"JAVA Security Provider Error" from Marc on getting the proper security provider when porting an application from JBoss to GlassFish.
"JEE Security - How to setup authentication on Glassfish and Netbeans", from Jair about Java EE security applied to GlassFish administration.
"Glassfish uriEncoding UTF-8" from Baiyun on encoding GET and POST parameters in GlassFish (either in domain.xml or in sun-web.xml).

Now I need to make sure this is all integrated into the GlassFish Wiki if not already covered. A centralized place for how-to's in addition to the GlassFish Documentation sounds like a reasonable thing to avoid relying on the accuracy of search engines.

Friday Feb 27, 2009

Towards Metro 2.0 - JAX-WS 2.2 Update

This week Harold gave the Metro Webinar, which is a good oppty to catch up with Metro news. There are two release families: GlassFish v2 and GF v3prelude uses the Metro 1.x releases while GlassFish v3 (post-prelude) will use Metro 2.0.


The latest 1.x release is Metro 1.4, out last Fall (see Jitu's Summary and GFv3 Prelude note). Jiandong recently published several notes explaining how to use it in STS (Security Token Service) scenarios: [1], [2], [3]; note that Jiandong reports a new 1.5 is being tested.

The Metro 2.x family is still evolving; its first delivery will be in GFv3 and will implement JAX-WS 2.2 (see Rama's post), which includes support for WS-Addressing - Metadata using Policy project. Metro 2.0 can also used on Java SE, see Fabian's note. Full details on Metro 2.0 in its OnePagers; also see the Roadmap, with the usual warning about dates!

Wednesday Dec 10, 2008

Taking a closer look at SailFin (Part 1) : Authenticated Identity Management

Sailfin logo

Venu has blogged about RFC 4474 support in SailFin. This feature introduces a mechanism for securely identifying originators of SIP messages. A lot more information about this feature is available here and here.

It is also worthwhile to look at the following blogs to know more about security in SailFin.
 1. Authentication of SIP Servlet Resources (I, II, III)
 2. RunAS and P-Asserted-Identity

Next week, I will post an entry on how SailFin handles some of the spec related issues in RFC 3261 and JSR 289.

Sunday Sep 21, 2008

... Rails vs Merb, Securing WebApps, Fast Deployments, Compass 2.1, Localizing WebSynergy, IM and Cisco and CDN and Amazon

A compilation of today's news of interest:

Radio Receiver Icon

At MindBucket Paul provides a comparison of the (single-client) performance of Rails vs Merb. Rails is the incumbent in Ruby frameworks; Merb is a very interesting newcomer. Merb is thread-safe, and so will be Rails 2.0, but the comparison does not consider concurrency so that should be a key issue. The comparison includes numbers on GlassFish Server (and stay tuned for more fine-tuning for that case).

From the NetBeans team, a Tutorial on Securing WebApps using Role-Based authentication. The tutorial has detailed step-by-step instructions using NetBeans 6.5 and GlassFish Server.

Ludo addresses Rapid Deployment of Apps on GlassFish in a thread at the GlassFish Users Forum Also hints at future improvements (teaser!).

Shay reports that Compass 2.1 M3 is now available with improved GlassFish support.

From Mahipalsinh an explanation of how to Localize WebSynergy, so you can do it for your favorite language.

And, on the section of important Industry News, Cisco buys Jabber, which should provide integrated IM in their offerings, and Amazon launches CDN service, a la Akamai, LimeLight and others. One of the nice things of working in this industry, it is never boring!

Wednesday Apr 30, 2008

Latest Enterprise Tech Tip focuses on Java EE security and JSR 196


The latest Enterprise Tech Tip is written by Ron Monzillo and covers JSR 196, Java Authentication Service Provider Interface for Containers. The document goes thru detailed steps on how to write, install, and configure a simple SAM (server authentication module) but also how to have your application bind to it.

GlassFish v2 already supports the Servlet Container Profile for this JSR and community member Greg Luck has written (with the help of others) the Spnego implementation for SPNEGO and Kerberos to be used in GlassFish.

Friday Mar 28, 2008

Tech Tip: Secure Conversations for Web Services With Metro

Not so secure image

A new Tech Tip written by Jiandong Guo of the Application Server Web Services Security team was just posted. Read the tip and learn the basics of WS-SecureConversation. Also see an example that demonstrates how to enable secure conversations for a web service through the WS-SecureConversation support in Metro. You can find the tip here.

Setting up the infrastructure can be tricky, so if you're getting started with WS-SecureConv, this is a good document to read.

You can get to all the Tech Tips from this site or this blog.

Tuesday Feb 26, 2008

SOAP Security in GlassFish's Metro

Map of Beijing Metro

Does GlassFish support REST or SOAP Web Services? Both! REST through Jersey and SOAP through Metro (Jersey will be included in a future Metro release, see Roadmap).

Security is very important for SOAP Web Services and Jiandong has a set of notes describing how Metro supports WS-SX (OASIS Web Services Security Exchange). Check out the Overview, How to Issue SAML Tokens and a description of a Scenario based on WS-SX.

Sunday Jan 20, 2008

Defining ANYONE Access in GlassFish

Stick Figure

Java EE has a sophisticated security mechanism based on Roles, Principals and Realms but we need more examples for simple use-case scenarios. I think we will see more of these as a consequence of our general Open Source push and this will also help us improve implementations and specifications.

Ron has been the Java EE security lead for many years and he has started writing some good entries in this area. Check Principal to Role Mapping and his latest How to Define ANYONE access.

Please give us feedback on what we can do to make security easier for you to use.

Saturday Dec 08, 2007

Metro Security - Configuring Kerberos Token Profile and Accessing SAML Assertions

Mosaic of Cerberus - From Valencia, Spain

Two new posts explaining advanced uses of Web Services security in Metro. First Ashutosh explains how to Run a Kerberos Token Profile based WS Security scenario as it was used at the Latest Plugfest at Redmont. This builds on an earlier entry describing earlier entry on the same topic.

Then Kumar shows how to programmatically Access the SAML Assertion in a WSIT Secure Scenario.

Saturday Dec 01, 2007

Using SSL with GlassFish

Lorenz Machine

SSL (Overview, SSL@TA) is the workhorse of secure browser-client communication - at least until the more efficient EEC (ECC@TA) gains adoption over it. SSL has been supported in GlassFish since v1 but GFv2 includes additional keystore features that are profile-specific, which are covered in detail in Kumar's tip on Using SSL with GFv2.

Kumar's tip is based on an even more detailed entry where he covers SSL and CRL with GFv2. Check both out!

Monday Oct 22, 2007

HowTo Resources on Web Services Security using Metro

Informational Sign

A tip from Jiandong:
Information on Web Services Security at Metro

Tuesday Jun 12, 2007

Spnego 1.0 Released

Spnego Project Logo

The Spnego Project provides a Kerberos-over-SPNEGO plugin for JSR 196-compliant application servers. These are security technologies which can support complex integration scenarios such as single-sign-on all the way from your operating system login to a remote web application.

Greg Luck recently announced that the project team has completed a 1.0 release. They're doing development and testing on GlassFish V2, but their code shouldn't contain anything GlassFish-specific (since they align to JSR 196). Once other app servers support this standard, they too will be able to use the Spnego plugin. For more info, see the project's User Guide and FAQ.