Tulio Gomes Tulio Gomes - 9 days ago 8
Java Question

Is it possible to run a standalone Tyrus websocket server with SSL?

I have a java web start application that runs a local websocket server. This app receives some data, sign these data and returns the signed data to the browser through the websocket connection.
I'm using Tyrus container as my local websocket server. Recently i found myself stuck: the browser tries to established a connection to the ws in a ssl context but my ws server does not supports secured websocket connections.

I got the following error:


Mixed Content: The page at 'https://example.com' was loaded over
HTTPS, but attempted to connect to the insecure WebSocket endpoint
'ws://localhost:8025/sign/'. This request has been blocked; this
endpoint must be available over WSS.

Uncaught SecurityError: Failed to construct 'WebSocket': An insecure
WebSocket connection may not be initiated from a page loaded over
HTTPS.


In other words, Tyrus does not gives me something like that:

new org.glassfish.tyrus.server.Server.Server("wss", "localhost", 8025, "/sign", null, MyClass.class);


Is there a way that i can run Tyrus Server with SSL or does someone knows another self-contained websocket server?

Thanks in advance

Answer

I found out that Netty IO (https://github.com/netty/netty) has the ability to provide secure sockets in a standalone way. However i gave up because i needed to provide a valid digital certificate (jks) inside my java web start application. This is a huge security issue since anyone can decompile the jar and use that certificate for building a website or sign documents with my credentials.

So i moved my logic to a web socket server instantiated by a JBoss.