Bax Fos

Greenhorn
+ Follow
since Jan 10, 2018
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by Bax Fos

Hello Community,

I stuck with a problem I can't find a solution to and I already tried to get help on stackoverflow (https://stackoverflow.com/questions/49572255/how-to-restore-a-session-in-a-servlet-created-in-another-on-glassfishv4) but because nobody could help me there I would like to ask here too, maybe here are the experts that can point out what I am doing wrong.
I am using Servlets to provide a webservice to an android app. My problem is that I create two objects in my LogonServlet which I would like to restore in my other servlets:

What I am aiming to do:

I want to create different servlets. One of these is my LogonServlet which creates and Object which deals with RFCs to a SAP. This object I want to restore on my other servlets for the same session.

What I have done so far:

LogonServlet: (no real user authentification because I am still testing functionality)


The code of a different servlet to restore the session variables:



The problem is that it always returns "null" for the session.

This is my web.xml


I have no clue what I am doing wrong. It could be some setup I need to activate in glassfish v4 or something I have to do in the client that the server knows I would like to continue the session. This is my first project with javaEE, glassfish and servlets.

Thank you very much in advance.
6 years ago
Where do I get the certificate to sign it?
I want to provide a webservice via glassfish v4 with a servlet which just a chosen number of user can connect to. These users already have the public key on their devices (manually installed).
Since I am completly new to JavaWebservices and all this server stuff I would be happy if you could explain in detail if you know something about it.
I have some problems about what the actual signing process does. Asymetric cryptography is completly clear to me atleast from a mathematical point of view.

When I know create a private and a public key and keep the private one and give the public one away to people I would like to communicate with they can encrypt the information with this key and I can decrypt the messages with my key.

So where is the use of signing a key, especially self-signing a key and what is exaclty done when a key got signed?

PS.: I just randomly picked one of the subforum because I have no plan which fitts with my needs. I want to setup a glassfish v4 server that lets only access users to a servlet with already own the public key or whatever the signing process does with the public key. I am like reading a million tutorials which use different keytools make different suggestions and tell me about this or that shouldn't be used in practice but we doing it here anyway stuff. I have no idea how to reach my goal atm. :/
I am currently learning how to use JavaEE stuff and currently trying to create a GlassFish-Server (up and running) that has attached a Servlet. The Servlet should present a Login-Page and after Login the users are allowed to add words they tipe into a field to a list.

Important is that the connection should be secure in every aspect means I would like to use HTTPS (mutual). Also I read that HTTPS has weaknesses like side-channel-attacks. This should be preventable/reduceable by using stateless communictaion?

* I would like to get some hints where I can find information about Glassfish-Configuration for HTTPS?
* What do I need to do to make my Servlet working with HTTPS?
* Is it possible to keep up a session over time with stateless communication?
* Are there other things I have to take care of?

I am using Eclipse, JavaEE7, GlassFish and creating a Servlet with the by Eclipse given defaults for "dynamic web project". I already created simple servlets running on the Server using HTTP.

I would appreciate some help - literature hints. Maybe a step by step intstruction. Some basic Ideas about security concepts etc.

----
I am from Germany and I am happy if you correct my English because it is the only way to improve it.
7 years ago