glassfish_at_javadesktop.org wrote:
>> There is no need to do anything special in the application.
>>
>
> You may be answering a different question than the one I had asked, however your answer turns out to be partially correct anyway: My servlet (running in glassfish) needs to make an OUTGOING
see below.
> SSLSocket connection to another server (I don't actually care how the webserver is configured for INCOMING https).
>
> When my servlet asks for the SSLSocketFactory provided by the container (using HttpsURLConnection.getSSLSocketFactory()) the object I get back is a:
>
> com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
>
> This is a JSSE socket, and NOT a JSS/NSS socket and at first I though this was a problem; however as it turns out: this SocketFactory IS backed by the NSS truststore anyways. Removing
Yes, GlassFish EE uses NSS for SSL.
> the trust for the foreign server from the domain's NSS truststore and re-adding it confirms this.
>
> - It is not clear if glassfish uses the NSS libraries directly (via. new the java 6 PKCS11 stuff) -- or accesses them through JSS, it would be helpful to know.
>
NSS PKCS11 provider is added to GlassFish EE. And hence, we are using
NSS libraries thru JSSE socket.
Note that it should still be working in JDK 5.
> The original question was: how to I use JSS/NSS from within a servlet.
>
> The problem with doing so, as I see it is this:
> - In order to use JSS/NSS directly you must first call CryptoManager.initialize(config) (static method)
> - The actual java class in scope for any servlet is that servlet's private copy of CryptoManager which is different the the container's copy of CryptoManager (since the web container and servlet have different classloaders). Which is why CryptoManager says it is not initialized in a call to CryptoManager.getInstance().
> - CryptoManager seems to rely on static member variables which will start off in an un-initialized state for the servet's copy of the class, even though the native NSS library is properly initialized (by the container)
>
> - Thus: a call to CryptoManager.initialize() FAILS with the exception in an earlier post, but JSS/NSS still functions fine after that -- probably because NSS is a native library and is actually already initialized by the container, and since the container and servlet run in the same process (that of the JVM) once the JSS classes have the proper static state to let them think that the NSS has been initialized, they function properly.
>
Yes, the NSS init has been called by container.
What feature in JSS/NSS are you working for?
> [Message sent by forum member 'suggarglider' (suggarglider)]
>
> http://forums.java.net/jive/thread.jspa?messageID=322468
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>