Sun GlassFish Web Space Server 10.0 Secure Web Access Add-On Guide

About the Gateway

The Gateway provides the interface and security barrier between remote user sessions originating from the Internet and your corporate intranet. The Gateway securely presents content from internal web servers and application servers through a single interface to a remote user.

The Gateway resides in the demilitarized zone (DMZ). The Gateway provides a single secure access point to all intranet URLs and applications, thus reducing the number of ports to be opened in the firewall. All other Web Space Server services reside behind the DMZ in the secured intranet. Communication from the client browser to the Gateway is encrypted using HTTP over Secure Sockets Layer (SSL). Communication from the Gateway to the server and intranet resources can be either HTTP or HTTPS.

In Secure Mode, SSL is used to encrypt the connection between the client and the Gateway over the Internet. SSL can also be used to encrypt the connection between the Gateway and the server. The presence of the Gateway between the intranet and the Internet extends the secure path between the client and the Web Space Server.

The swa-gateway component of the Secure Web Access Add-On holds the Gateway functionality. After you install the gateway component, you can access Web Space Server through the Gateway. Consider a simple deployment where you are installing Web Space Server and the three SWA components on a single machine. If http://machine-name:8080 is the URL for the local instance of Web Space Server, you can send HTTP and HTTPS requests to access the gateway using the URL http://machine-name:8080/gateway/index.jsp. You can type a URL in the Enter the URL you want to access: box and click Go to access a web application. In this scenario, type http://machine-name:8080 to be redirected to your Web Space Server instance.

For the detailed instructions about how to use a Gateway to access an OpenSSO or Access Manager Policy Agent, see Chapter 5, Policy Agent.