GlassFish

Importing site certificate into Java Runtime certificate store

When your Java program attempts to connect to a server that has an invalid or self signed certificate, such as an application server in a development environment, you may get the following exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To make your Java runtime environment trust the certificate, you need to import it into the JRE certificate store.

Preventing remote access to datasources

When you define a JDBC connection pool in Glassfish (AKA Sun Java System Application Server 9) and JDBC resources for it, you usually include a user name and password as pool properties.  You may think that this information is available only to deployed applications, but in fact anyone with IP access to the servers ORB port (3700 by default) can fetch the entire datasource definition using a simple JNDI lookup. If the database server is also accessible, then you have a security problem.

Using Apache as a proxy to access a J2EE web application

OK, you have created a great web application and now you want to expose it to the world, or perhaps a limited subset of it. You probably don't want to allow full access to your application server so you need a proxy.

The apache proxy module (mod_proxy) can be used with a simple configuration like below:

<IfModule mod_proxy.c>

<Proxy *>
  Order allow,deny
  Allow from all
  SSLRequireSSL
</Proxy>

Subscribe to RSS - GlassFish