Skip to main content

Securing your AJAX/Comet application using GlassFish

Posted by jfarcand on September 5, 2006 at 8:15 AM PDT

Starting with GlassFish v2 build 15, secure AJAX/Comet requests are now supported by default (more info about Comet support in GlassFish here) . The GlassFish's out-of-the-box configuration always create a secure http-listener which listen on port 8181.To enable secure AJAX/Comet support, you just need to add the cometSupport property to the secure http-listener of GlassFish (edit your domain.xml):


        <http-listener acceptor-threads="1" address="0.0.0.0"
           blocking-enabled="false" default-virtual-server="server"
           enabled="true" family="inet" id="http-listener-1" port="8181"
           security-enabled="true" server-name="" xpowered-by="true">
                <property name="cometSupport" value="true"/>
        </http-listener>

That's it. Just deploy your Grizzly Comet application, and point your browser to https://localhost:8181/yourApp.

Now I will try to benchmark the SSL versus the clear text case to see how much slower the SSL support is. The good news is the SSL handshake will occurs only once when the Comet functionality is enabled (the SSL handshake is always a performance bottleneck). I'm not expecting a huge difference between the two, and I really think secure Comet requests can probably be used in a lot of case, if not all.

But I need to have data before stating that! Does someone knows an AJAX/Comet benchmark I can use to gather some data? Let see what I can find....

technorati:

Related Topics >>