Saturday Dec 01, 2007

Using SSL with GlassFish

Lorenz Machine

SSL (Overview, SSL@TA) is the workhorse of secure browser-client communication - at least until the more efficient EEC (ECC@TA) gains adoption over it. SSL has been supported in GlassFish since v1 but GFv2 includes additional keystore features that are profile-specific, which are covered in detail in Kumar's tip on Using SSL with GFv2.

Kumar's tip is based on an even more detailed entry where he covers SSL and CRL with GFv2. Check both out!

Thursday Sep 27, 2007

How to Install OpenPortal on GlassFish v2 with SSL

Informational Sign

A tip from Ajit:
Installing OpenPortal on SSL instance of GFv2

Tuesday Sep 04, 2007

Number 9 - GlassFish from the UK

I am planning to start highlighting some of our regular contributors from around the world.


Number 9 (Dick Davies) regularly covers GlassFish and Solaris from the UK. I like his posts, they are useful, very detailed and tie things nicely together.

Some of Number 9's blogs on GlassFish include:

Adding SSL Keypairs to Java Keystores
Sharing JVMs Across Zones
Roller on GlassFish
SMF GlassFish on Port 80
DTracing Zoned JVMs
GlassFish in a Zone

Check out Number 9, specially if you are using (or are considering using) GlassFish on Solaris!

PS - I am not sure why the blog is called number 9; my best guess would be because of Hello, Operator from The White Stripes, but I'm sure Dick will correct me :-)... While searching I also found this very Nice Set of Photos) posted by a Number 9!

Friday Jun 15, 2007

Reduce your Bandwidth Usage by Half, and other Reasons to Upgrade to GlassFish version 2

Get yourself an upgrade!

Upgrading can be troublesome and human being are reluctant to change by nature, but sometimes it's just too good to miss out. Glen Smith is reporting why and how HTTP Compression Support and much improved virtual domains made the difference for him.

If you're concerned with preserving your GlassFish configuration, you should read Shalini's GlassFish upgrade story.

Other new GlassFish v2 Web Container features (Comet, WebDAV, SSL non-blocking nio, Asynchronous Request Processing and a lot more) are listed here. While Grizzly and more generally the Web Container have had substantial improvements, Clustering is probably the most important new feature in GlassFish version 2.

Whatever your favorite feature, make sure you try the beta version and report your experience.

Monday Jun 11, 2007

SSL and HTTP Basic Authentication with Glassfish and JAX-WS

Ryan de Laplante

When you're securing Web services, sometimes you need all the flexibility and features that Sun Java System Access Manager 7.1 gives you - centralized policy management, end-to-end identity via WS-I BSP/Liberty ID-WSF and all. Other times, well, you don't. For the latter case, Ryan de Laplante has done a great job documenting the steps required to secure Web services traffic with SSL and HTTP basic authentication.

Wednesday Sep 27, 2006

Nonblocking SSL support now in Grizzly

Grizzly with SSL

Jean-Francois writes another informative article this time on adding SSL to Grizzly which uses NIO. This means that he is adding SSL over a framework that uses NIO SocketChannel (non-blocking) implementation. As he comments, SSL support has been in GlassFish since it's inception but that uses the blocking socket method. He goes over the obsticles that he faced and the solutions he came up with.

He did say it was a bit like riding your bike in the snow. Doable but hard...

Wednesday Sep 06, 2006

Secure Comet with Project GlassFish

The Cone of Silence

GlassFish V2 is incorporating support for Comet through Grizzly and, as we gain more experience, we are improving this support. In his latest blog, Jean-Francois describes how to easily Secure the Comet Communication using SSL (not through a Cone of Silence).

I'd expect continued improvements on Comet support through GF V2.

Saturday May 13, 2006

GlassFish with ECC (Eliptic Curve Cryptography) Support! Faster, Safer!

A graph of an elliptic curve

Do you want security with the purchase you just did through your mobile? If so, learn about Elliptic Curve Cryptography (Wikipedia, Overview@Sun, ECC and IETF, SunLabs) as it significantly reduces the computational requirements needed to encrypt content. The latest news on ECC are Shing Wai's detailed instructions on How to Enable ECC in GlassFish / SJS AS 9.0. Do not miss this brief comment at the end:

A preliminary benchmark of HTTPS with ECC in GlassFish on the Windows XP platform shows that the performance of ECC is double that of RSA...

Also see ECC support in Sun's Web Server and ECC support in Java.

PS. I had missed an interesting entry by Shing Wai: Using SSL for EJB; you may want to also check that one out.

Monday Apr 10, 2006

EJBs and SSL


Shin Wai has posted a blog on how to configure SSL for use with EJBs. He describes the two kinds of authentications for SSL/TLS and how to specify each for EJBs. Also includes information for using SSL in a standalone client or within the application client container.

Looking for an overview of SSL? There's a pointer in an earlier post on TheAquarium as well as a pointer to a blog on using SSL in GlassFish.

Monday Mar 27, 2006

An overview of SSL

an acytale

Ashutosh works on the GlassFish WS security implementation and recently wrote a good Overview of SSL. I bumped into the entry earlier today when looking at his more recent entries and it seemed worth sharing.

Also see an earlier entry on Using SSL in GlassFish.

Saturday Jan 21, 2006

Using SSL in GlassFish

an acytale

Secure Sockets Layer (SSL) and its successor Trasport Layer Security (TLS) are cryptographic protocols that provide secure layer communication in the internet. The two are usually refered by the term SSL and are supported out-of-the-box by GlassFish.

Jagadesh's latest blog has a brief introduction to the basics of using SSL in GlassFish. Since the implementation is dependent on JSSE, Jagadesh also included a document with examples of handling certificates using JSSE Tools.

Another useful reference is Carol Zhang's article on Developing an SSL-Enabled WebApp with SJSAS 8.1. This is a fully developed article that goes into many details and includes example code. Check it out!