This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes JSP and the fly likes jsp can access java card? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "jsp can access java card?" Watch "jsp can access java card?" New topic
Author

jsp can access java card?

Edward Chen
Ranch Hand

Joined: Dec 23, 2003
Posts: 798
I am wondering the java card with jsp. let me assume the clinet has java card read/write machine connected, when the client want to log in some sensitive page and get the maxium security, the JSP file can access the java card data and check them.

I think this solution has some securiy, because it has to have a physical card and machine. Based on this, we add more security to it if the card can combine with a traditional log-in form.

But jsp can access java card. It seem like "NO". because the JSP is located in web server in server side. it doesn't know the client side. I check the web, java card can have its own APPLET, so we can use applet to access it. This is just my thinking. Please correct me.

By the way, I found javaranch doesn't have a forum to discuss the hardware with java. for example, java card, java comm, TINI, how a java application to access / control a sensor if we have the sensor driver installed, how to remotely control a web camera? I hope future here have a specific forum just for java-hardware.

Thanks.
Aaron Roberts
Ranch Hand

Joined: Sep 10, 2002
Posts: 174
You can check for the card, sort of. If you are using a security card with the machine, then you can use an https connection that is set for requiring both client and server security certificates. For the Apache web server, you set the client auth setting to required. This will make sure the user has a certificate.

If you have a card reader, you will install the certificate into the browser. When you go to a site with https, if the server requires a certificate, the browser will ask you which one to send. You choose the one from the card.

In your servlet, you examine the request for the X509 certificate array. This will hold the security certificate the user sent from the browser. You can then examine the different attributes to decide if you want to let them in or not.

If you do a search you will come across another way of doing it with applets. IBM did something with banks and a java applet and the article gives some info on it.

HTH,
Aaron R>
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: jsp can access java card?