This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I have a very simple servlet that a user can access from their browser and enter a userId and password in order to log into an application. I would like to encrypt the userId and password sent from the user's browser to the servlet. In other words, I'd like to use SSL. What is the easiest way to do this? Would it be simple enough to listen for requests on a different port, such as 443? thanks guys, SAF
You have to do slightly more than just change ports. You have to have whatever product is doin the web serving on alert to use the "https" protocol instead of "http". In some configurations, the J2EE server won't actually see http or https - instead it will be frontended by a server such as Apache, and Apache will handle the https, then pipe to/from the J2ee server. For others the J2EE server will have its own http (and optionally https) ports. Check the docs for your appserver - there's almost sure to be something on SSL (https) serving. Then if you run into trouble, ask in the JavaRanch forum that supports whichever appserver you're using (Tomcat, WebSphere, WebLogic, etc.)
An IDE is no substitute for an Intelligent Developer.
Joined: Jul 06, 2001
I just checked with my System Administrator, and we are using IPlanet Webserver to route HTTP requests to JRun App server. Using the IPlanet admin console, there is a setting that enables SSL, however, it enables SSL for the entire site. There was a message that prompted us immediately after we enabled SSL that indicated all previuos HTTP mappings must now be accessed using HTTPS. I dont wish to use SSL across the entire site. I simply want to use SSL on the login page. That's it. Is it possible to enable SSL at the page level? thanks, SAF
I used Apache HTTP server + modssl + jserver in combination successfully. However I am not aware how IPlanet + JRun Server work. This may probably help At IPlanet Port 80 may be left free as it was previously. Port 443 can be mapped for https connection to your login servlet. The above mentioned would be configuration issues.
I'm afraid I've never driven iPlanet - you might want to ask folks in the iPlaner JavaRanch forum. But generally, if I'm woried enough about security to use SSL on the login page, I'd want to secure the login-controlled pages as well.