1

Sorry if this will be too common or simple question but I don't know what should I put into Google to finaly find the answer.

I have GWT application which is now currently running on Glassfish. I can run the application on port 8080 (http) or 8181 (https). The thing is - am I using SSL now?

Default self signed certificate is enough for me for now (I know about keytool and import certificates), I just have to clarify this simple question.

I red here GWT and SSL not working? I need to set up security-constraint in web.xml 

<security-constraint>
<web-resource-collection>
<web-resource-name>sslprotect</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Is this enough then? In the comments Sam writes something about "implement the whole usage of SSL correctly."

So question: Is this enough? Is my application SSL protected now?

To be honest, I studied security algorithms on the University but I failed in implementation misserably.

Community
  • 1
  • 1
Miroslav
  • 444
  • 1
  • 7
  • 21

1 Answers1

2

It should be enough.
If you can see the https in front of your URL, everything is fine. You can check if you are SSL-protected by browsing to the http URL, this should return an error or redirect you to the https URL.

unwichtich
  • 13,712
  • 4
  • 53
  • 66
  • Thank you for your answer. Yes, there is https and when I try to access standard http, there is Error 403. Then I suppose everything should be ok. Thank you again – Miroslav Jan 15 '13 at 15:08