Servlet over HTTPS

Posted on 2012-09-17
Last Modified: 2012-09-18
I have a servlet.  I want it be invoked using https for security purposes.

How do you add that without the use of certificates?

I noticed tomcat's manager application is over https without certificates.  It uses username and password with dialog as authenication.

Is there a way for a java client to invoke the https servlet using the username and password as authentication without the dialog?  That is, the invoke servlet without browser?
Question by:lcor
    LVL 26

    Assisted Solution

    SSL is certificate / key based, so impossible to implement without a set, but if all you want to do is password protect the serverlet (no encryption of traffic), then simply enable BASIC AUTH in your web.xml.  See tip (5) in
    LVL 26

    Accepted Solution

    arober11 is quite correct.  It sounds as if he might be correct also that you really want password protection, not encryption of the connection.

    If your tomcat manager app answers on https then tomcat has a certificate.  It's required by the HTTP protocol.

    If https is running on your server, then you can use https to access your servlet.

    If your tomcat is set up to respond to https requests (which it must, if you are right about the manager app being on https), then you can use web.xml and the security-constraint transport-guarantee to force all access to your servlet through https.  For example, this fragment will do that for a servlet:


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
    There are numerous questions about how to setup an IBM HTTP Server to be administered from WebSphere Application Server administrative console. I do hope this article will wrap things up and become a reference for this task. You need three things…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now