This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Sockets and Internet Protocols and the fly likes HTTPS POST using java.net Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "HTTPS POST using java.net" Watch "HTTPS POST using java.net" New topic
Author

HTTPS POST using java.net

Rajendra Kulkarni
Greenhorn

Joined: Apr 09, 2003
Posts: 3
How can I do a <b>HTTPS</b> (not HTTP) using java.net API.
Our web application has some sensitive information that cannot be exposed directly to the user via HTML. When user does a FORM POST, the data is gathered inside a servlet and is clubbed together with the sensitive data and posted again to some different server to gather back the response.
I am using JDK 1.4. Do I need to configure something else in order to achieve above.
Thanks.
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
JDK 1.4 and above integrate JSSE (Java Secure Sockets Extension), so you have all the ingredients necessary.
If you're using the java.net.URL class, all you have to do is specify a "https://..." URL. JSSE includes a https protocol handler for the URL class, so https will work out of the box. Performing a POST using the URL class can be a bit cumbersome; if you need help there, just ask.
If you're using Sockets, which you might do for example if you are using your own POST helper class, you will have to instantiate SSL sockets rather than normal sockets. You cannot instantiate them directly, but have to use the javax.net.ssl.SSLSocketFactory to create them.By the way, this is a subclass of a new javax.net.SocketFactory class; the nice thing is that you can create SSL sockets and normal sockets in exactly the same way, and dynamically change between them simply by using a different factory (SocketFactory.getDefault() or SSLSocketFactory.getDefault()).
- Peter
[ April 10, 2003: Message edited by: Peter den Haan ]
Rajendra Kulkarni
Greenhorn

Joined: Apr 09, 2003
Posts: 3
Peter,
I am using the following code. There are 2 problems :
1. It gives me a java.net.UnknownHostException ?
2. How can I post data to the socket URL ?
Thanks.
Code is as follows -
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket("https://secure.authorize.net/gateway/transact.dll", 443);
socket.startHandshake();
PrintWriter out = new PrintWriter(new BufferedWriter(
new OutputStreamWriter(socket.getOutputStream())));
out.println("GET http://secure.authorize.net HTTP/1.1");
out.println();
out.flush();
if (out.checkError())
System.out.println("SSLSocketClient: java.io.PrintWriter error");
/* read response */
BufferedReader in = new BufferedReader(
new InputStreamReader(socket.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
out.close();
socket.close();
Michael Morris
Ranch Hand

Joined: Jan 30, 2002
Posts: 3451
Moving this to the Sockets forum.


Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius - and a lot of courage - to move in the opposite direction. - Ernst F. Schumacher
Joel McNary
Bartender

Joined: Aug 20, 2001
Posts: 1817

Originally posted by Michael Morris:
Moving this to the Sockets forum.

Grrr.... In the time I took to write my response, you moved the thread!
Anyway, here's my (cut-and-pasted) response:
-------------------------------------------
Hmm...

I havn't tried your solution, but I am also working on creating a connection to authorize.net. My solution was as follows:



Due to various technical reasons, I havn't actually been able to test this code yet (that should be sometime next week when these issues are resolved.) I do know that this was exactly the same code used to successfully connect to another credit card authorization service (that did not use secure connection?! )

I'm afraid that I can't help you more than this; I'm not 100% sure that my code will work. Also, I believe that you have to setup on Authorize.net's site what web pages are allowed to access their authorization process.

If you want, you can test my code for me You will have to modify it to fit into your code, of course, but it's my solution.

Also, if you manage to work out your solution, keep us (or at least me) informed! (Just in case mine doen't work after all....)


Piscis Babelis est parvus, flavus, et hiridicus, et est probabiliter insolitissima raritas in toto mundo.
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
1. You are not giving the Socket a host. You are giving it a URL. The host would be "secure.authorize.net".
2. POST blah di blah, followed by the form data in encoded form. Translation: you don't want to do that. Believe me.
The Java Developers Almanac kindly lists a code snippet illustrating how you perform a simple POST using the java.net.URL class. Replace the http protocol by https, presto, you should be done. Much simpler.
Alternatively, use a HTTP client class such as the Apache Jakarta Commons HttpClient. It is easier to use, supports many more features, and is open source.
- Peter
Michael Morris
Ranch Hand

Joined: Jan 30, 2002
Posts: 3451

Anyway, here's my (cut-and-pasted) response:

And I should like to compliment you on the skilled use of your system clipboard.
Rajendra Kulkarni
Greenhorn

Joined: Apr 09, 2003
Posts: 3
Hi Joel McNary,
Thanks for your help. Following is the working code for establishing communication with Authorize.Net payment gateway.
It tested and works great.
----------------- CODE SCRIPLET ---------------
public static void gatewayPost() {
// Data in [Key] / [Value] pair, that will be posted to Authorize.Net URL
// Note : Replace x_login and x_tran_key with actual merchant login details
String data = URLEncoder.encode("x_login", "UTF-8") + "=" + URLEncoder.encode("ReplaceWithAcutalMerchantLogin", "UTF-8");
data += "&" + URLEncoder.encode("x_tran_key", "UTF-8") + "=" + URLEncoder.encode("ReplaceWithTransactionKey", "UTF-8");
data += "&" + URLEncoder.encode("x_method", "UTF-8") + "=" + URLEncoder.encode("CC", "UTF-8");
data += "&" + URLEncoder.encode("x_amount", "UTF-8") + "=" + URLEncoder.encode("27", "UTF-8");
data += "&" + URLEncoder.encode("x_card_num", "UTF-8") + "=" + URLEncoder.encode("370000000000002", "UTF-8");
data += "&" + URLEncoder.encode("x_exp_date", "UTF-8") + "=" + URLEncoder.encode("0503", "UTF-8");
data += "&" + URLEncoder.encode("x_requestId", "UTF-8") + "=" + URLEncoder.encode("43", "UTF-8");
// Make the connection to Authoize.net
URL aURL = new java.net.URL("https://secure.authorize.net/gateway/transact.dll");
HttpURLConnection aConnection = (java.net.HttpURLConnection)aURL.openConnection();
aConnection.setDoOutput(true);
aConnection.setDoInput(true);
aConnection.setRequestMethod("POST");
aConnection.setAllowUserInteraction(false);
// POST the data
OutputStreamWriter streamToAuthorize = new java.io.OutputStreamWriter(aConnection.getOutputStream());
streamToAuthorize.write(data);
streamToAuthorize.flush();
streamToAuthorize.close();
// Get the Response from Autorize.net
InputStream resultStream = aConnection.getInputStream();
BufferedReader aReader = new java.io.BufferedReader(new java.io.InputStreamReader(resultStream));
StringBuffer aResponse = new StringBuffer();
String aLine = aReader.readLine();
while(aLine != null){
aResponse.append(aLine);
aLine = aReader.readLine();
}
resultStream.close();
System.out.println(aResponse.toString());
}
Shankar Shanmugam
Greenhorn

Joined: Sep 12, 2001
Posts: 23
Hi,
I know that I am replying to an old chain.
Just hoping that someone else wud respond.
I just tried the above program and I get this error.
PLease let me know if any of you people have faced similair problems.
java.util.NoSuchElementException
at java.util.StringTokenizer.nextToken(StringTokenizer.java:232)
at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:768)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:516)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(DashoA6275)
at Test.gatewayPost(Test.java:58)
at Test.main(Test.java:34)
Exception in thread "main"


Shankar Shanmugam<br />Sun Certified Programmer for Java 2 Platform<br />Sun Certified Developer for Java 2 Platform<br />Email: shankar.s@vsnl.net<br /> "Walking on water and building IT Architecture from <br /> specification are easy if and only if both are frozen"<br />-----------------------------------------------
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HTTPS POST using java.net
 
Similar Threads
cannot get response!!!
Tomcat SSL issue with "user-data-constraint"
http to https redirect jboss 5.0.1 GA
specifying specific URL's to use SSL
How to turn off https once logged in?