This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Services and the fly likes https or SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "https or SSL" Watch "https or SSL" New topic
Author

https or SSL

Steven Alvarez
Ranch Hand

Joined: Nov 01, 2006
Posts: 66
Hey,

Im looking for a nice simple example on how to use SSL or HTTPS. Ok, what I really want to do is use POST or GET so that I can work with websites that use SSL or HTTPS. A book that teaches this also would be nice, but I would settle for an easy(im a newbie) example to go with.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41147
    
  45
Welcome to JavaRanch.

This introduction to the SAAJ API has a good introduction on how to use SSL with web services on Tomcat on the last few pages.


Ping & DNS - my free Android networking tools app
Manny Pacman Pacquiao
Ranch Hand

Joined: Oct 04, 2006
Posts: 36
Does this mean that in my submission I just need to state that: configure SSL in the Web Server and add a link to the HTTPS URL? The link would contain payment total etc...

Another option instead of link containing payment total is puttin in session...
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41147
    
  45
Manny,

I'm not sure what the "submission" is you're talking about, and your mention of links and sessions is too vague to give an answer: TellTheDetails
[ November 13, 2006: Message edited by: Ulf Dittmer ]
Manny Pacman Pacquiao
Ranch Hand

Joined: Oct 04, 2006
Posts: 36
Ah, sorry about that too few information. This is about the security part of the submission. What I meant was is it enough for me to say SSL would be configured in the web servers? And then provide a little scenario where after customer confirms the itinerary, a link like https://<etc>+paymentValue=1000USD would lead to payment..., would be provided in my page to make payment.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41147
    
  45
By "submission", do you mean submitting a solution to some certification? Don't know the first thing about those, so can't help you with that.

Transferring a payment value in a URL seems a bad idea. Data like that should be kept on the server, so that the user has no way of manipulating it.
gopinathang nathan
Ranch Hand

Joined: Oct 28, 2006
Posts: 41
For any SSL application, you should provide rootCA for SSL handshake. Once the SSL handshake is successful, actual webservice invocation takes place. So refering the rootCA at client program varies from webserver to webserver. in general cacerts java trust will be refer as Trust keystore.

where webservice is deployed? what is the client [java/webapp]? For weblogic app server refer http://edocs.bea.com/wls/docs81/webserv/security.html#1053182.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: https or SSL
 
Similar Threads
https
is there a any validation API in java
Multiple SSL Certificates in Single Keystore File Possible?
SSL Post redirection
Secure sockets