|
|
Sponsored Links
-
Speed-up HPC Grid Apps - FREE Download
FREE Download 1- 13 Distributed caching eliminates data bottlenecks. ScaleOut StateServer®
Java Tip 96: Use HTTPS in your Java client code
Find out how to use the HTTPS protocol with the standard URL class
- Feedback
- Discuss
java.net.URL class doesn't support the HTTPS protocol. The server-side implementation of that equation is fairly straightforward. Almost
any Web server available today provides a mechanism for requesting data, using HTTPS. Once you have your Web server set up,
any browser can request secure information from your server simply by specifying HTTPS as the protocol for the URL. If you
don't already have an HTTPS server set up, you can test your client code with almost any HTTPS Webpage on the Internet. The
Resources section contains a short list of candidates that you can use for that purpose.From the client perspective, however, the simplicity of the S at the end of the familiar HTTP is deceiving. The browser is
actually doing a considerable amount of behind-the-scenes work to ensure that no one has tampered with or monitored the information
that you requested. As it turns out, the algorithm to do the encryption for HTTPS is patented by RSA Security (for at least
a few more months). The use of that algorithm has been licensed by browser manufacturers but was not licensed by Sun Microsystems
to be included in the standard Java URL class implementation. As a result, if you attempt to construct a URL object with a string specifying HTTPS as the protocol, a MalformedURLException will be thrown.
Fortunately, to accommodate that constraint, the Java specification provides for the ability to select an alternate stream
handler for the URL class. However, the technique required to implement that is different, depending on the virtual machine (VM) you use. For
Microsoft's JDK 1.1-compatible VM, JView, Microsoft has licensed the algorithm and provided an HTTPS stream handler as part
of its wininet package. Sun, on the other hand, has recently released the Java Secure Sockets Extension (JSSE) for JDK 1.2-compatible VMs,
in which Sun has also licensed and provided an HTTPS stream handler. This article will demonstrate how to implement the use
of an HTTPS-enabled stream handler, using the JSSE and Microsoft's wininet package.
JDK 1.2-compatible virtual machines
The technique for using JDK 1.2-compatible VMs relies primarily on the Java Secure Sockets Extension (JSSE) 1.0.1. Before that technique will work, you must install the JSSE and add it to the class path of the client VM in question.
After you have installed the JSSE, you must set a system property and add a new security provider to the Security class object. There are a variety of ways to do both of these things, but for the purposes of this article, the programmatic
method is shown:
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
After making the previous two method calls, the MalformedURLException will no longer be thrown by calling the following code:
- Feedback
Resources
- The source code zip file for this article contains the platform-independent code shown above implemented in a class called
HttpsMessage.HttpsMessageis intended as a subclass to theHttpMessageclass written by Jason Hunter, author of Java Servlet Programming (O'Reilly & Associates). Look forHttpsMessagein the upcoming second edition of his book. If you wish to use that class as intended, you'll need to download and install thecom.oreilly.servletspackage. Thecom.oreilly.servletspackage and corresponding source code can be found on Hunter's Website
http://www.servlets.com - You can also download the source zip file
http://www.javaworld.com/javatips/javatip96/HttpsMessage.zip - Here are a few good Webpages for testing HTTPS communication:
- https://www.verisign.com/
- https://happiness.dhs.org/
- https://www.microsoft.com
- https://www.sun.com
- https://www.ftc.gov
- More information on the JSSE as well as the downloadable bits and installation instructions can be found on Sun's Website
http://java.sun.com/products/jsse/. - A description of how to use some JSSE services, including the technique described above, can be found in "Secure Networking
in Java" by Jonathan Knudsen on the O'Reilly Website
http://java.oreilly.com/bite-size/java_1099.html - More information on
WininetStreamHandlerFactoryclass can be found in the Microsoft JSDK documentation
http://www.microsoft.com/java/sdk/. In addition, the Microsoft knowledge base also publishes "PRBAllowing the URL class to access HTTPS in Applications"
http://support.microsoft.com/support/kb/articles/Q191/1/20.ASP - For more information on using HTTPS with the Java 2 plug-in, see "How HTTPS Works in Java Plug-In" on Sun's Website
http://java.sun.com/products/plugin/1.2/docs/https.html
Sponsored Links
About Us | Advertise | Contact Us | Terms of Service/Privacy
Copyright, 2006-2010 Infoworld, Inc. All rights reserved.
about Use HTTPS in your Java client codeBy Anonymous on September 21, 2009, 9:35 amis this post too old?
Reply | Read entire comment
Java Enterprise EditionBy Anonymous on April 7, 2009, 11:09 pmI need programs source code for managing clients. I need ClientServer Programs. How clients are managed by servers
Reply | Read entire comment
View all comments