aspose file tools*
The moose likes Servlets and the fly likes Realms and SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Realms and SSL" Watch "Realms and SSL" New topic
Author

Realms and SSL

Murasoli Maran
Ranch Hand

Joined: Jun 08, 2003
Posts: 193
Hi all,

I have simple but valid question in java web side.I refer a lot for answer,But could'nt find satisfying one.

i have seen many web applications which will run only if it'll be placed in webapp directory of Tomcat.No tomcat configuration is needed.My doubt is,

How these applications dealing with authentication and authorisation?(Without using container's ability to authenticate).

If the essential data for authentication and authorisation is from database ,How these sites deal with SSL?.

What is the real life practice to this issue?.To use container's ability to authenticate or custom code in serverside?.

Somebody plz..

MM
[ January 23, 2005: Message edited by: Murasoli Maran ]
Murasoli Maran
Ranch Hand

Joined: Jun 08, 2003
Posts: 193
Anyone plz
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

If your app relies on container managed resources, then you will need to configure those things at the container level.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Murasoli Maran
Ranch Hand

Joined: Jun 08, 2003
Posts: 193
What is my app dont relies on container managed resources?.How can i achieve SSL over http?.Actually this was my doubt.

Thanks for your reply.

MM
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

SSL has to be set up and configured in tomcat in order for your app to use it.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

http://wiki.apache.org/jakarta-tomcat/HowTo

#11 on the list.
Murasoli Maran
Ranch Hand

Joined: Jun 08, 2003
Posts: 193
Originally posted by Ben Souther:
SSL has to be set up and configured in tomcat in order for your app to use it.


Ben,

My question is how can i use SSL without Tomcat?.Is there any way?.I mean only programatically in serverside?.Wat's the best practice for authenticating?.To use Tomcat or not to use?.I know using tomcat is simple.But when deployment,Not relying much in container will better for easy and portable deployment.

So i seek experienced advice on this matter.

Thanks for the links ben.

MM
[ January 26, 2005: Message edited by: Murasoli Maran ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

SSL and authentication are not necessarily tied together.

You can do all the authentication in your application (programatic) or use the authentication provided by Tomcat (declarative).

SSL However, needs to be set up in the server/container you are using. You will not be able to do this ahead of time for the people to whom you ship your app. Only the owner of a domain will be able to buy a certificate from the major CAs.
Murasoli Maran
Ranch Hand

Joined: Jun 08, 2003
Posts: 193
Ben..Good advice. :claps:

Thanks.

MM
 
Don't get me started about those stupid light bulbs.
 
subject: Realms and SSL
 
Similar Threads
Authorisation using DB
Structure of Book - Enterprise Java 2 Security
question on form based authentication
Java program protection.
HTTPS Client authentication vs. HTTP basic/form-based