Re: Securing a Java Application
- From: Alex Hunsley <lard@xxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 31 Jan 2007 22:14:17 GMT
Alex Hunsley wrote:
Francesco wrote:Hi all !
I have a Java application that uses JSP for visualizing data and EJB for queries.
Application is secured using HTTPS.
I need to create a Java client that connects to the J2ee application. the client that connects must be secured too.
How can I do it ? using Secure Sockets ? (SSL)
Can I use the same certificates for the Java Application that are used for the web application ?
Thanks
Francesco
Don't reinvent the wheel. The existing Java Http comms classes can already handle the https protocol for you.
Correcting myself: don't think they do. But if you use the Jakarta commons HttpClient package, that will handle HTTPS.
See http://jakarta.apache.org/commons/httpclient/sslguide.html
As for certs - I remember some annoying shenanigans around this... Ideally the cert is only needed at the server end. If your server cert isn't 'official' (signed by verisign et al) I think the client code has to override some security provider setting somewhere in order to function... sorry, can't remember more specifics.
Google around HttpClient or Http and Java...
lex.
- References:
- Securing a Java Application
- From: Francesco
- Re: Securing a Java Application
- From: Alex Hunsley
- Securing a Java Application
- Prev by Date: Re: Securing a Java Application
- Next by Date: Re: Example code from SwingWorker documentation could have race condition?
- Previous by thread: Re: Securing a Java Application
- Next by thread: JMS vs. Home-grown... Which is better in cluster?
- Index(es):
