• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

https servlet

 
pankaj semwal
Ranch Hand
Posts: 303
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi List[]

Can any body tell me how to run an https servlet .And for that what we have to .I am using Apache Tomcat 5.1.

Please help me.
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by pankaj semwal:
Hi List[]

Can any body tell me how to run an https servlet .And for that what we have to .I am using Apache Tomcat 5.1.

Please help me.


You are asking wrong question but I understood what you need.

You will have to buy a (or create one dummy) certificate, configure that into your server on a port and you get a different port for secured communication (HTTPS).

My google page might help you: http://ankurrathi.googlepages.com/configureyourowncertificateintomcat
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is no Tomcat version 5.1, but assuming you meant 5.5, this page contains everything you need to know. (Replace "5.5" by "5.0" in the URL in case you're running Tomcat 5.0.)
 
pankaj semwal
Ranch Hand
Posts: 303
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

how to run servlet on a specific i m ruuning servlet on https 8443 port but it is also running on http 8080 port.so how could i restrict 8080 to work on that particular servlet
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use the isSecure and getServerPort methods of HttpServletRequest to determine which port the request came through, and reject it if it came on a port it shouldn't have.

But I'm curious: Why would you accept requests through HTTP, but not HTTPS?
 
Satya Maheshwari
Ranch Hand
Posts: 368
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by pankaj semwal:
Hi

how to run servlet on a specific i m ruuning servlet on https 8443 port but it is also running on http 8080 port.so how could i restrict 8080 to work on that particular servlet


I guess, when you are trying to access the secured servlet through the http, you are being auto redirected to https.

And to achieve this, you may have put the transport guarantee to INTEGRAL or CONFIDENTIAL. Hence this is the correct behavior as this ensures that the communication between the client and the server is on SSL.

I think your other requirement is that of 'Authentication' or 'Client Identification'. For this you could impose a 'auth-constraint' on the servlet. This will ensure that the client is always authenticated and the communication is over SSL. It would also ensure that the client trying to access the servlet over http is not rejected and prompted to authenticate herself. This maybe desired as people tend to forget to put https instead of http in the address bar of browser.

If still you want to restrict any communication over http(even the initial redirect to https), the you should follow the approach as Ulf suggested.
[ November 27, 2008: Message edited by: Satya Maheshwari ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic