File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes SSL for Login Servlet. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "SSL for Login Servlet." Watch "SSL for Login Servlet." New topic

SSL for Login Servlet.

L Goundalkar
Ranch Hand

Joined: Jul 05, 2001
Posts: 395
How can I implement SSL only for my application and not for any other application installed on my application server? I am using JRun4.
Is there anyway to implement SSL only for login servlet and not for other requests?

Peter den Haan
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
Not that I know of, but nothing stops you from writing a servlet filter which examines request.getContextPath(), request.getServletPath() and request.isSecure() and, using this information, makes sure that secure requests only go where you want them to go.
- Peter
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

I would consider this the responsibility of the web server (not the container) and could be implemented using pattern matching and redirects. ie 'only accept HTTPS for the login servet and not for anything else'
We have quite a different set up and tend to enforce HTTPS via an application context.
Peter den Haan
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
Thanks David. Good call. If you front JRun with a "proper" web server then by all means use that.
- Peter
I agree. Here's the link:
subject: SSL for Login Servlet.
Similar Threads
Login page security using Servlet
SSL For Tomcat and Apache Servers
securing a web application in wsad
Struts app on JRUN over HTTP/HTTPs in Apache
security in a web application