Skip to main content

Kumar Jayanti

Kumar Jayanti is a staff engineer at Sun Microsystems and works in the Web Technologies and Standards team. In his current role, Kumar is the implementation lead for GlassFish V3 Security, Metro WebServices Security and also the specification and implementation lead for the SAAJ (JSR 67). He has been working in the areas of application and infrastructure security effort at Sun since early 2004. Kumar holds an M.Tech degree in Computer Science from IIT Mumbai, India. His areas of interest include Distributed computing, CORBA, XML, WebServices and Security.


kumarjayanti's blog

GlassFish V 3.1

Posted by kumarjayanti on March 16, 2011 at 9:00 PM PDT

I posted my blogs on GlassFish V3.1 Security at  due to the non-availability of during the V3.1 release.



SSL Renegotiation Issue Fixed in JDK1.6.0_22

Posted by kumarjayanti on November 18, 2010 at 4:46 AM PST

 GlassFish users who make use of CLIENT-CERT authentication with SSL  in their JavaEE applications  should consider upgrading to JDK1.6.0_22.

Custom Authentication of Client Certificate in Mutual SSL Scenarios on GlassFish

Posted by kumarjayanti on March 25, 2010 at 5:06 AM PDT

The GlassFish Certificate Realm in V2.X and V3.0 releases is somewhat limiting. Many users expressed the need to able to do some custom authentication based on the client-certificate (or extensions within)  in a Mutual-SSL scenario. And subsequently do custom group assignment's which ultimately affect the authorization results.

GlassFish V3 Embedded Mode : How to run applications that use Security

Posted by kumarjayanti on March 25, 2010 at 4:43 AM PDT

Embedded GlassFish v3 is a delivery vehicle of GFv3 so that applications and tools can use GFv3 just as a library, inside their JVM.  More details on this can be found  on the separate project page that has been created for  Embedded GlassFish.  

Using Custom JAAS LoginModule(s) for Authentication in GlassFish

Posted by kumarjayanti on February 1, 2010 at 1:55 AM PST

Many users often ask the question :  Can i use a custom  JAAS Login Module instead of the Proprietary GlassFish Custom Realms for user authentication ?.

Summary of new Security Features in Servlet 3.0

Posted by kumarjayanti on December 28, 2009 at 3:41 AM PST

Servlet 3.0 specification which is part of JavaEE 6 has many new features and some of them are in the area of security.

Using the @ServletSecurity annotation in JavaEE 6

Posted by kumarjayanti on December 24, 2009 at 2:42 AM PST

Shing Wai's post explains the @ServletSecurity annotation that has been introduced newly in JavaEE 6 (Servlet 3.0 specification).

Summary of Proprietary Features in SAAJ RI 1.3.4

Posted by kumarjayanti on December 10, 2009 at 12:09 AM PST

In this post i would like to provide a brief summary of some of the Propietary Features and implementation details of SAAJ 1.3.4 that are not necessarily related to the SAAJ API specifications. 

Configuring Non-JKS KeyStore with GlassFish V3

Posted by kumarjayanti on August 26, 2009 at 3:39 AM PDT

The Java KeyStore API supports multiple keystore formats which include JKS( the default Java KeyStore), PKCS12, PKCS11 etc.

JSR 196 in Metro WebServices Stack

Posted by kumarjayanti on July 8, 2009 at 3:12 AM PDT

Metro Security has a pluggable architecture and it makes use of JSR 196  (SOAP Profile) to achieve this pluggability.   The use of JSR-196 provides a standard way to integrate Metro with the Authentication and Authorization Infrastructure of the underlying container.  Though not all containers  on which metro can run today support JSR 196, the idea is that as more and m