Sun GlassFish Web Space Server 10.0 Secure Web Access Add-On Guide


The high level design of Secure Web Access (SWA) provides access to intranet web contents from the Internet in a secure fashion. The two major components of SWA are Gateway and Rewriter. The Gateway component uses the Rewriter to rewrite the URLs in the contents that are obtained from the origin servers located in the intranet to point back to the Gateway.

SWA Gateway is implemented as a web application. You can off-load the low level networking and encryption to the web container or server to keep the Gateway code cleaner. The configuration of SSL and certificates will be more standard.

Gateway and Rewriter both use JCR as their data repository. The bundled JCR implementation is Jackrabbit, which is configured to use the local file system as the persistent data store for the ease of deployment out of the box. It can easily be reconfigured to use RDBMS or WebDAV in a production environment. Consult the Jackrabbit documentation for more details.

The SWA Gateway is a plain web application and the resources that it is trying to protect are all based on URLs of the intranet portal or non-portal web contents. Therefore, any access manager that is designed to protect web contents (such as OpenSSO, CA SiteMinder, IBM Tivoli Access Manager) can be used for authentication and access control. The SWA Gateway will be tested with the OpenSSO only out of the box.