Securing a Java Application

Thread view:

Francesco - 29 Jan 2007 16:40 GMT

Hi all !
I have a Java application that uses JSP for visualizing data and EJB
for queries.
Application is secured using HTTPS.
I need to create a Java client that connects to the J2ee application.
the client that connects must be secured too.
How can I do it ? using Secure Sockets ? (SSL)
Can I use the same certificates for the Java Application that are used
for the web application ?
Thanks
Francesco

Reply to this Message

Alex Hunsley - 31 Jan 2007 22:11 GMT

> Hi all !
> I have a Java application that uses JSP for visualizing data and EJB
[quoted text clipped - 7 lines]
> Thanks
> Francesco

Don't reinvent the wheel. The existing Java Http comms classes can
already handle the https protocol for you. As for certs - I remember
some annoying shenanigans around this... Ideally the cert is only needed
at the server end. If your server cert isn't 'official' (signed by
verisign et al) I think the client code has to override some security
provider setting somewhere in order to function... sorry, can't remember
more specifics.

Google around HttpClient or Http and Java...
lex

Reply to this Message

Alex Hunsley - 31 Jan 2007 22:14 GMT

>> Hi all !
>> I have a Java application that uses JSP for visualizing data and EJB
[quoted text clipped - 10 lines]
> Don't reinvent the wheel. The existing Java Http comms classes can
> already handle the https protocol for you.

Correcting myself: don't think they do. But if you use the Jakarta
commons HttpClient package, that will handle HTTPS.
See http://jakarta.apache.org/commons/httpclient/sslguide.html

> As for certs - I remember
> some annoying shenanigans around this... Ideally the cert is only needed
[quoted text clipped - 4 lines]
>
> Google around HttpClient or Http and Java...

> lex

Reply to this Message

Securing a Java Application

Free Magazines