wood burning stoves 2.0*
The moose likes Servlets and the fly likes HTPPS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "HTPPS" Watch "HTPPS" New topic
Author

HTPPS

ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
What is HTPPS?

It is called secured connection (HTTP request). But what exactly is this secured connection? and why not other HTTP request are secured?

Thanks.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41155
    
  45
HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.


Ping & DNS - my free Android networking tools app
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Originally posted by Ulf Dittmer:
HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.


Thanks Ulf.
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Originally posted by Ulf Dittmer:
HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.


But in case of Post request, browser encrypts the *data* but it is a HTTP request not the HTTPS. Why?

Thanks.
Darren Edwards
Ranch Hand

Joined: Aug 17, 2005
Posts: 69
HTTP post requests are not encrypted, they may be encoded, but it is still plain text that is being passed over the HTTP link.
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Originally posted by Darren Edwards:
HTTP post requests are not encrypted, they may be encoded, but it is still plain text that is being passed over the HTTP link.


Thanks Darren.
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
How can I force/let my browser to make request https???

Thanks.
Mandar Max
Ranch Hand

Joined: Mar 14, 2006
Posts: 38
You can't force the browser, it's the server who should support a secure connection..


"The trouble with doing something right the first time is that nobody appreciates how difficult it was!"
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41155
    
  45
Hello Mandar-

On your way in you may have missed that JavaRanch has a policy on display names, and yours does not comply with it; specifically, a first name and a last name are required. Please adjust it accordingly, which you can do right here. Thanks for your prompt attention to this matter.
Mandar Max
Ranch Hand

Joined: Mar 14, 2006
Posts: 38
Thanks Ulf, indeed I had missed the naming policy...
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Originally posted by Mandar:
You can't force the browser, it's the server who should support a secure connection..


Does it means, HTTPS request doesn't exist, only HTTPS response exist???

And HTTP request and HTTPS response is called secured connection???

Thanks.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Servers can check to make sure that incoming requests are secure.

If not, they can either throw an exception or (more useful) redirect the user to the same page but with the secure ('https://') scheme.
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/ServletRequest.html#isSecure()

This can be done programmatically from within your code or declaratively from the security-constraint entry in your deployment descriptor.

There is a link to the Servlet Spec in my signature.
Download the PDF and perform a search with the following criteria:
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
to learn more about declarative security in j2ee apps.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41155
    
  45
Does it means, HTTPS request doesn't exist, only HTTPS response exist???

No. HTTPS requests exist as well. If the browser accesses an URL starting with "HTTPS", then the request is encrypted as well.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HTPPS
 
Similar Threads
UrlConnections versus HttpURLConnection versus Apaches HttpClient
Security Problem; 403 Forbidden Error
Java Server Client Desktop Application
Opening secured URL connection
Need to consume secure web service using Axis