Some reader favorites:
EJB fundamentals and session beans
Create a scrollable virtual desktop in Swing
Wizard API updated!
Tim Boudreau has released a new version of the Swing Wizard library (version 0.997) that fixes the WizardException bug reported in JavaWorld's recent Open Source Java Project profile. The article's examples have been reworked to test out the new, improved WizardException. Thanks, Tim, for this helpful fix!
Open Source Java Projects: The Wizard API
Featured Whitepapers
Java Tip 96: Use HTTPS in your Java client code
Find out how to use the HTTPS protocol with the standard URL class
If you've ever tried to implement secure communication between a Java client and an HTTPS (HyperText Transfer Protocol Secure) server, you've probably discovered that the standardjava.net.URL class doesn't support the HTTPS protocol. The server-side implementation of that equation is fairly straightforward. Almost
any Web server available today provides a mechanism for requesting data, using HTTPS. Once you have your Web server set up,
any browser can request secure information from your server simply by specifying HTTPS as the protocol for the URL. If you
don't already have an HTTPS server set up, you can test your client code with almost any HTTPS Webpage on the Internet. The
Resources section contains a short list of candidates that you can use for that purpose.From the client perspective, however, the simplicity of the S at the end of the familiar HTTP is deceiving. The browser is
actually doing a considerable amount of behind-the-scenes work to ensure that no one has tampered with or monitored the information
that you requested. As it turns out, the algorithm to do the encryption for HTTPS is patented by RSA Security (for at least
a few more months). The use of that algorithm has been licensed by browser manufacturers but was not licensed by Sun Microsystems
to be included in the standard Java URL class implementation. As a result, if you attempt to construct a URL object with a string specifying HTTPS as the protocol, a MalformedURLException will be thrown.
Fortunately, to accommodate that constraint, the Java specification provides for the ability to select an alternate stream
handler for the URL class. However, the technique required to implement that is different, depending on the virtual machine (VM) you use. For
Microsoft's JDK 1.1-compatible VM, JView, Microsoft has licensed the algorithm and provided an HTTPS stream handler as part
of its wininet package. Sun, on the other hand, has recently released the Java Secure Sockets Extension (JSSE) for JDK 1.2-compatible VMs,
in which Sun has also licensed and provided an HTTPS stream handler. This article will demonstrate how to implement the use
of an HTTPS-enabled stream handler, using the JSSE and Microsoft's wininet package.
JDK 1.2-compatible virtual machines
The technique for using JDK 1.2-compatible VMs relies primarily on the Java Secure Sockets Extension (JSSE) 1.0.1. Before that technique will work, you must install the JSSE and add it to the class path of the client VM in question.
After you have installed the JSSE, you must set a system property and add a new security provider to the Security class object. There are a variety of ways to do both of these things, but for the purposes of this article, the programmatic
method is shown:
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
After making the previous two method calls, the MalformedURLException will no longer be thrown by calling the following code:
- The source code zip file for this article contains the platform-independent code shown above implemented in a class called
HttpsMessage.HttpsMessageis intended as a subclass to theHttpMessageclass written by Jason Hunter, author of Java Servlet Programming (O'Reilly & Associates). Look forHttpsMessagein the upcoming second edition of his book. If you wish to use that class as intended, you'll need to download and install thecom.oreilly.servletspackage. Thecom.oreilly.servletspackage and corresponding source code can be found on Hunter's Website
http://www.servlets.com - You can also download the source zip file
http://www.javaworld.com/javatips/javatip96/HttpsMessage.zip - Here are a few good Webpages for testing HTTPS communication:
- https://www.verisign.com/
- https://happiness.dhs.org/
- https://www.microsoft.com
- https://www.sun.com
- https://www.ftc.gov
- More information on the JSSE as well as the downloadable bits and installation instructions can be found on Sun's Website
http://java.sun.com/products/jsse/. - A description of how to use some JSSE services, including the technique described above, can be found in "Secure Networking
in Java" by Jonathan Knudsen on the O'Reilly Website
http://java.oreilly.com/bite-size/java_1099.html - More information on
WininetStreamHandlerFactoryclass can be found in the Microsoft JSDK documentation
http://www.microsoft.com/java/sdk/. In addition, the Microsoft knowledge base also publishes "PRBAllowing the URL class to access HTTPS in Applications"
http://support.microsoft.com/support/kb/articles/Q191/1/20.ASP - For more information on using HTTPS with the Java 2 plug-in, see "How HTTPS Works in Java Plug-In" on Sun's Website
http://java.sun.com/products/plugin/1.2/docs/https.html
Free Download - 5 Minute Product Review. When slow equals Off: Manage the complexity of Web applications - Symphoniq
Free Download - 5 Minute Product Review. Realize the benefits of real user monitoring in less than an hour. - Symphoniq