I am currently learning how to use JavaEE stuff and currently trying to create a GlassFish-Server (up and running) that has attached a
Servlet. The Servlet should present a Login-Page and after Login the users are allowed to add words they tipe into a field to a list.
Important is that the connection should be secure in every aspect means I would like to use HTTPS (mutual). Also I read that HTTPS has weaknesses like side-channel-attacks. This should be preventable/reduceable by using stateless communictaion?
* I would like to get some hints where I can find information about Glassfish-Configuration for HTTPS?
* What do I need to do to make my Servlet working with HTTPS?
* Is it possible to keep up a session over time with stateless communication?
* Are there other things I have to take care of?
I am using Eclipse, JavaEE7, GlassFish and creating a Servlet with the by Eclipse given defaults for "dynamic web project". I already created simple servlets running on the Server using HTTP.
I would appreciate some help - literature hints. Maybe a step by step intstruction. Some basic Ideas about security concepts etc.
----
I am from Germany and I am happy if you correct my English because it is the only way to improve it.