How to transfer login credential using ssl in glassfish 3

0
votes

I was able to setup Glassfish container managed security following this http://jugojava.blogspot.com/2011/02/jdbc-security-realm-with-glassfish-and.html

Now, all my secured resources requires a login page.

But I still dont know how to securely transmit the login information from the client to the server. I read somewhere taht I should use SSL (Secure Sockets Layer).

I googled about this but I cant find a good resource on how to do this in Glassfish 3.

Some of the tutorials requires certificate signed from the net which I think is too complicated for my intranet app.

Does anybody know a good resource on how to do this simple use case?

Thanks

1
javasecurityglassfish-3

1 Answers

2
votes

You can force SSL transmission by adding a user-data-constraint to your security-constraint in web.xml. It is explained in the Java EE tutorial.

Here is the sample configuration from the tutorial:

<security-constraint>
    <web-resource-collection>
        ...
    </web-resource-collection>
    <auth-constraint>
        ...
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Glassfish comes with a default certificate which gives browser warnings but you can use it for tests.