File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes SSL for Login Servlet. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "SSL for Login Servlet." Watch "SSL for Login Servlet." New topic
Author

SSL for Login Servlet.

L Goundalkar
Ranch Hand

Joined: Jul 05, 2001
Posts: 395
Hi,
How can I implement SSL only for my application and not for any other application installed on my application server? I am using JRun4.
Is there anyway to implement SSL only for login servlet and not for other requests?
Thanks.


SCJP, SCWCD
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
Not that I know of, but nothing stops you from writing a servlet filter which examines request.getContextPath(), request.getServletPath() and request.isSecure() and, using this information, makes sure that secure requests only go where you want them to go.
- Peter
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I would consider this the responsibility of the web server (not the container) and could be implemented using pattern matching and redirects. ie 'only accept HTTPS for the login servet and not for anything else'
We have quite a different set up and tend to enforce HTTPS via an application context.
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
Thanks David. Good call. If you front JRun with a "proper" web server then by all means use that.
- Peter
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SSL for Login Servlet.