Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Mock question on statefulness and HTTPS

 
David Follow
Ranch Hand
Posts: 223
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

the mock question goes something like this:
"...a web application is required to be secure and stateful..."

The correct answer is:
use HTTPS since it is secure and stateful because of SSL

While I understand the security aspect of it, I am not quit firm on the statefulness of it. How can I utilize statefulness of HTTPS from a Java perspective?

Will my Java code look different if I use HTTP or HTTPS? I don't think so. The whole point is that I enable HTTPS on my application server and therefore my application will use HTTPS but with no modification of my code.

Is the underlying implementation of the Servlet API recognizing that HTTPS is in use and utilizes its ability of statefulness...?

Thanks for your thought.

D.
 
Byron Estes
Ranch Hand
Posts: 313
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David,

HTTPS doesn't make your application stateful. It can help you handle authentication and keep the data passed over the the wire from prying eyes (...unless their pretty smart, determined and have the right processing power at their disposal to break the encryption, or have compromised physical security in some way).

Making a web application stateful means that you need to persist information about the interaction you are having with a client over a series of request/response pairs. You do need to make adjustments in your code to account for that. The most common way to do that is by using the session object in the web tier. Persistence of the session may be handled in a number of way including URL rewriting etc. You can continue this notion of remembering parts of the conversation your application is having with a client into the business logic tier by using stateful session beans.

Hope this helps.
 
David Follow
Ranch Hand
Posts: 223
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Byron,

that's what I thought too.
Therefore the answer to the mock question is pretty much useless, since HTTPS doesn't provide (a from a Java application point of view usable kind of) statefulness. What do you think...

D.
 
Byron Estes
Ranch Hand
Posts: 313
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree. The only state related stuff with SSL is the notion of being able to authenticate once and recognize future requests from the authenticated client so that additional challenges are not necessary. To that extent there is a certain amount of state, but you can have a stateful web based application without it too.

I wonder if what the question was actually arguing was the "old favorite": Is HTTP a connetion less or connection oriented protocol.

Have a great weekend!

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic