Securing a Java Application

[Francesco]

Hi all !
I have a Java application that uses JSP for visualizing data and EJB
for queries.
Application is secured using HTTPS.
I need to create a Java client that connects to the J2ee application.
the client that connects must be secured too.
How can I do it ? using Secure Sockets ? (SSL)
Can I use the same certificates for the Java Application that are used
for the web application ?
Thanks
Francesco

 

[Alex Hunsley]

Hi all !
I have a Java application that uses JSP for visualizing data and EJB
for queries.
Application is secured using HTTPS.
I need to create a Java client that connects to the J2ee application.
the client that connects must be secured too.
How can I do it ? using Secure Sockets ? (SSL)
Can I use the same certificates for the Java Application that are used
for the web application ?
Thanks
Francesco

Don't reinvent the wheel. The existing Java Http comms classes can
already handle the https protocol for you. As for certs - I remember
some annoying shenanigans around this... Ideally the cert is only needed
at the server end. If your server cert isn't 'official' (signed by
verisign et al) I think the client code has to override some security
provider setting somewhere in order to function... sorry, can't remember
more specifics.

Google around HttpClient or Http and Java...
lex

 

[Alex Hunsley]

Don't reinvent the wheel. The existing Java Http comms classes can
already handle the https protocol for you.

Correcting myself: don't think they do. But if you use the Jakarta
commons HttpClient package, that will handle HTTPS.
See http://jakarta.apache.org/commons/httpclient/sslguide.html