Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Using HTTPS to access a servlet....

 
SAFROLE YUTANI
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a very simple servlet that a user can access from their browser and enter a userId and password in order to log into an application. I would like to encrypt the userId and password sent from the user's browser to the servlet. In other words, I'd like to use SSL. What is the easiest way to do this? Would it be simple enough to listen for requests on a different port, such as 443?
thanks guys,
SAF
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You have to do slightly more than just change ports. You have to have whatever product is doin the web serving on alert to use the "https" protocol instead of "http".
In some configurations, the J2EE server won't actually see http or https - instead it will be frontended by a server such as Apache, and Apache will handle the https, then pipe to/from the J2ee server. For others the J2EE server will have its own http (and optionally https) ports.
Check the docs for your appserver - there's almost sure to be something on SSL (https) serving. Then if you run into trouble, ask in the JavaRanch forum that supports whichever appserver you're using (Tomcat, WebSphere, WebLogic, etc.)
 
SAFROLE YUTANI
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I just checked with my System Administrator, and we are using IPlanet Webserver to route HTTP requests to JRun App server. Using the IPlanet admin console, there is a setting that enables SSL, however, it enables SSL for the entire site. There was a message that prompted us immediately after we enabled SSL that indicated all previuos HTTP mappings must now be accessed using HTTPS. I dont wish to use SSL across the entire site. I simply want to use SSL on the login page. That's it. Is it possible to enable SSL at the page level?
thanks,
SAF
 
Napa Sreedhar
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I used Apache HTTP server + modssl + jserver in combination successfully. However I am not aware how IPlanet + JRun Server work.
This may probably help
At IPlanet
Port 80 may be left free as it was previously.
Port 443 can be mapped for https connection to your login servlet.
The above mentioned would be configuration issues.

However establishing a https connection is a little bit complex.
This link would be helpful. (It deals with getting Digital certification, CA, server certificates and other stuff).
http://www.pseudonym.org/ssl/ssl_cook.html
http://www.openssl.org is a great library for people who want to deal with SSL
Napa

SAF
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm afraid I've never driven iPlanet - you might want to ask folks in the iPlaner JavaRanch forum. But generally, if I'm woried enough about security to use SSL on the login page, I'd want to secure the login-controlled pages as well.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic