Securing your AJAX/Comet application using GlassFish
Starting with GlassFish v2 build 15, secure AJAX/Comet requests are now supported by default (more info about Comet support in GlassFish here) . The GlassFish's out-of-the-box configuration always create a secure http-listener which listen on port 8181.To enable secure AJAX/Comet support, you just need to add the cometSupport property to the secure http-listener of GlassFish (edit your domain.xml):
<http-listener acceptor-threads="1" address="0.0.0.0"
enabled="true" family="inet" id="http-listener-1" port="8181"
security-enabled="true" server-name="" xpowered-by="true">
<property name="cometSupport" value="true"/>
Now I will try to benchmark the SSL versus the clear text case to see how much slower the SSL support is. The good news is the SSL handshake will occurs only once when the Comet functionality is enabled (the SSL handshake is always a performance bottleneck). I'm not expecting a huge difference between the two, and I really think secure Comet requests can probably be used in a lot of case, if not all.
But I need to have data before stating that! Does someone knows an AJAX/Comet benchmark I can use to gather some data? Let see what I can find....