aspose file tools*
The moose likes Servlets and the fly likes Using HTTPS to access a servlet.... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Using HTTPS to access a servlet...." Watch "Using HTTPS to access a servlet...." New topic
Author

Using HTTPS to access a servlet....

SAFROLE YUTANI
Ranch Hand

Joined: Jul 06, 2001
Posts: 257
I have a very simple servlet that a user can access from their browser and enter a userId and password in order to log into an application. I would like to encrypt the userId and password sent from the user's browser to the servlet. In other words, I'd like to use SSL. What is the easiest way to do this? Would it be simple enough to listen for requests on a different port, such as 443?
thanks guys,
SAF
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16019
    
  20

You have to do slightly more than just change ports. You have to have whatever product is doin the web serving on alert to use the "https" protocol instead of "http".
In some configurations, the J2EE server won't actually see http or https - instead it will be frontended by a server such as Apache, and Apache will handle the https, then pipe to/from the J2ee server. For others the J2EE server will have its own http (and optionally https) ports.
Check the docs for your appserver - there's almost sure to be something on SSL (https) serving. Then if you run into trouble, ask in the JavaRanch forum that supports whichever appserver you're using (Tomcat, WebSphere, WebLogic, etc.)


Customer surveys are for companies who didn't pay proper attention to begin with.
SAFROLE YUTANI
Ranch Hand

Joined: Jul 06, 2001
Posts: 257
I just checked with my System Administrator, and we are using IPlanet Webserver to route HTTP requests to JRun App server. Using the IPlanet admin console, there is a setting that enables SSL, however, it enables SSL for the entire site. There was a message that prompted us immediately after we enabled SSL that indicated all previuos HTTP mappings must now be accessed using HTTPS. I dont wish to use SSL across the entire site. I simply want to use SSL on the login page. That's it. Is it possible to enable SSL at the page level?
thanks,
SAF
Napa Sreedhar
Ranch Hand

Joined: Jan 29, 2002
Posts: 62
I used Apache HTTP server + modssl + jserver in combination successfully. However I am not aware how IPlanet + JRun Server work.
This may probably help
At IPlanet
Port 80 may be left free as it was previously.
Port 443 can be mapped for https connection to your login servlet.
The above mentioned would be configuration issues.

However establishing a https connection is a little bit complex.
This link would be helpful. (It deals with getting Digital certification, CA, server certificates and other stuff).
http://www.pseudonym.org/ssl/ssl_cook.html
http://www.openssl.org is a great library for people who want to deal with SSL
Napa

SAF
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16019
    
  20

I'm afraid I've never driven iPlanet - you might want to ask folks in the iPlaner JavaRanch forum. But generally, if I'm woried enough about security to use SSL on the login page, I'd want to secure the login-controlled pages as well.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using HTTPS to access a servlet....