File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Mock question on statefulness and HTTPS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Mock question on statefulness and HTTPS" Watch "Mock question on statefulness and HTTPS" New topic
Author

Mock question on statefulness and HTTPS

David Follow
Ranch Hand

Joined: Oct 16, 2001
Posts: 223
Hi all,

the mock question goes something like this:
"...a web application is required to be secure and stateful..."

The correct answer is:
use HTTPS since it is secure and stateful because of SSL

While I understand the security aspect of it, I am not quit firm on the statefulness of it. How can I utilize statefulness of HTTPS from a Java perspective?

Will my Java code look different if I use HTTP or HTTPS? I don't think so. The whole point is that I enable HTTPS on my application server and therefore my application will use HTTPS but with no modification of my code.

Is the underlying implementation of the Servlet API recognizing that HTTPS is in use and utilizes its ability of statefulness...?

Thanks for your thought.

D.


SCJP, SCEA
Byron Estes
Ranch Hand

Joined: Feb 21, 2002
Posts: 313
David,

HTTPS doesn't make your application stateful. It can help you handle authentication and keep the data passed over the the wire from prying eyes (...unless their pretty smart, determined and have the right processing power at their disposal to break the encryption, or have compromised physical security in some way).

Making a web application stateful means that you need to persist information about the interaction you are having with a client over a series of request/response pairs. You do need to make adjustments in your code to account for that. The most common way to do that is by using the session object in the web tier. Persistence of the session may be handled in a number of way including URL rewriting etc. You can continue this notion of remembering parts of the conversation your application is having with a client into the business logic tier by using stateful session beans.

Hope this helps.


Byron Estes<br />Sun Certified Enterprise Architect<br />Senior Consulant<br />Blackwell Consulting Services<br />Chicago, IL<br /><a href="http://www.bcsinc.com" target="_blank" rel="nofollow">www.bcsinc.com</a>
David Follow
Ranch Hand

Joined: Oct 16, 2001
Posts: 223
Hi Byron,

that's what I thought too.
Therefore the answer to the mock question is pretty much useless, since HTTPS doesn't provide (a from a Java application point of view usable kind of) statefulness. What do you think...

D.
Byron Estes
Ranch Hand

Joined: Feb 21, 2002
Posts: 313
I agree. The only state related stuff with SSL is the notion of being able to authenticate once and recognize future requests from the authenticated client so that additional challenges are not necessary. To that extent there is a certain amount of state, but you can have a stateful web based application without it too.

I wonder if what the question was actually arguing was the "old favorite": Is HTTP a connetion less or connection oriented protocol.

Have a great weekend!

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Mock question on statefulness and HTTPS
 
Similar Threads
Https Question
URL = new URL("https://secure_server???
Statefulness using JMS
HTTPS implementation with a Java application
Http and Https