db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas <Thomas.K.H...@t-online.de>
Subject how do I make the pieces in this puzzle fit?
Date Sun, 28 Nov 2010 09:41:34 GMT

the puzzle I am refering to consists of the following pieces:
a hosted Derby Network Server, SSL and mixed client apps

I need help in understanding how the different components need to be 
configured so that they work together properly.

1) my Derby Server is not running in my LAN, but is hosted by a java
hoster on the internet
2) the Security Manager installed is using the Basic Security Server
policy, i.e. default options
3) the Network Server is expected to require user authentication 
4) the Network Server is expected to support network security with SSL
5) the SSL certificates I would like to create and issue myself 
(I don't want to use a Certification Authority and buy certificates at 
this stage aa my application is not used in real production yet)
6) the Derby Server will receive connections from "fat" clients and
from web client applications (with Apache http server and Tomcat 5.5 
servlet  container)

So far, I have a workable solution for java *fat* client applications:

ad 1) the Derby Server is started from the command line (my hoster
has written the necessary scripts to tie derby start/shutdown to the
Tomcat start/stop processes. I can issue Tomcat start/stop/restart
command via the default web interface supplied by the hoster to allow
their customers to start/stop their Tomcats themselves)
ad 2) no special configuration has be done here
ad 3) SQL authentication has been configured and users are managed
using the build-in user system (users as data base properties)
ad 4) the server starts up fine reporting "server started and ready
to accept SSL connections" - I am not using peer authentication, but
basic ssl security only at this stage
ad 5) my certificates have been self-generated/signed using the java
keytool utility. Keystores files (server truststore and client keystore)
are available as needed 
ad 6) connections from my java application or from IJ are possible
==> as said, for a fat client environemnt I think I have a workable solution

Now I would like to connect to my data base server also from a web 
application - and it is not clear to me how this can be achieved:

ad 1) would the Derby Server still be started from the command line?
-> I would expect so, as SSL encryption needs to be kept in place for
my fat client applications which I want to use in parallel to the web
version and I have also not found SSL related options that could be 
used when running the Derby Server as a servlet under Tomcat.
Or is SSL support now to be implemented at a different level?
between the web server and the browsers of my users?
ad 2) do I have to change default options of the Security Manager or
can they stay as they are in this scenario?
ad 3) I expect user authentication works the same way in both secanrios
ad 4) how does SSL support work in this context?? how do I need to 
configure Tomcat and/or Apache hhtp server? 
ad 5) do my users needs to load certificates into their browser 
certificate store? can I still use self-signed certificates? do I need
a specific algorithm / type of certificate? (RSA instead of DES)?

Thanks for your support

View raw message