I have a java web start application that runs a local websocket server. This app receives some data, sign these data and returns the signed data to the browser through the websocket connection.
I'm using Tyrus container as my local websocket server. Recently i found myself stuck: the browser tries to established a connection to the ws in a ssl context but my ws server does not supports secured websocket connections.
I got the following error:
Mixed Content: The page at 'https://example.com' was loaded over
HTTPS, but attempted to connect to the insecure WebSocket endpoint
'ws://localhost:8025/sign/'. This request has been blocked; this
endpoint must be available over WSS.
Uncaught SecurityError: Failed to construct 'WebSocket': An insecure
WebSocket connection may not be initiated from a page loaded over
new org.glassfish.tyrus.server.Server.Server("wss", "localhost", 8025, "/sign", null, MyClass.class);
I found out that Netty IO (https://github.com/netty/netty) has the ability to provide secure sockets in a standalone way. However i gave up because i needed to provide a valid digital certificate (jks) inside my java web start application. This is a huge security issue since anyone can decompile the jar and use that certificate for building a website or sign documents with my credentials.
So i moved my logic to a web socket server instantiated by a JBoss.