Skip to main content
View by: Most Recent | Topic | Community | Webloggers   
Monthly Archives:    

Blogs by topic GlassFish and user kumarjayanti

• Accessibility • Ajax • Blogging • Business • Community 
• Databases • Deployment • Distributed • Eclipse • Education 
• EJB • Extreme Programming • Games • GlassFish • Grid 
• GUI • IDE • Instant Messaging • J2EE • J2ME 
• J2SE • Jakarta • JavaFX • JavaOne • Jini 
• JSP • JSR • JXTA • LDAP • Linux 
• Mobility • NetBeans • Open Source • OpenSolaris • OSGi 
• P2P • Patterns • Performance • Porting • Programming 
• Research • RMI • RSS Feeds • Search • Security 
• Servlets • Struts • Swing • Testing • Tools 
• Virtual Machine • Web Applications • Web Design • Web Development Tools • Web Services and XML 


J2EE

 GlassFish users who make use of CLIENT-CERT authentication with SSL  in their JavaEE applications  should consider upgrading to JDK1.6.0_22. The good news is that JDK1.6.0_22 contains a full fix for  the renegotiation protocol flaw in SSL (The IETF issued RFC 5746 ).  A fix which implements RFC 5746 and supports secure renegotiation. More details are...
on Nov 18, 2010
Shing Wai's post explains the @ServletSecurity annotation that has been introduced newly in JavaEE 6 (Servlet 3.0 specification). The @ServletSecurity annotation provides an alternative mechanism for defining access control constraints equivalent to those that could otherwise have been expressed declaratively via security-constraint elements in the portable deployment descriptor. There is also a...
on Dec 24, 2009

Security

The GlassFish Certificate Realm in V2.X and V3.0 releases is somewhat limiting. Many users expressed the need to able to do some custom authentication based on the client-certificate (or extensions within)  in a Mutual-SSL scenario. And subsequently do custom group assignment's which ultimately affect the authorization results. With V2.X/V3.0 the only two  things that were possible are...
on Mar 25, 2010
Embedded GlassFish v3 is a delivery vehicle of GFv3 so that applications and tools can use GFv3 just as a library, inside their JVM.  More details on this can be found  on the separate project page that has been created for  Embedded GlassFish.   One would thus expect that even secure applications which use security annotations on an EJB or security-constraints in a web...
on Mar 25, 2010
The Java KeyStore API supports multiple keystore formats which include JKS( the default Java KeyStore), PKCS12, PKCS11 etc. By default when GlassFish V3 is installed the default Keystore Type is JKS and the server keystore (keystore.jks) is located in the domain config directory.  With latest GlassFish V3 builds it should be possible to define a different KeyStore Type such as PKCS11 or...
on Aug 26, 2009