• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 446
  • Last Modified:

Servlet over HTTPS

I have a servlet.  I want it be invoked using https for security purposes.

How do you add that without the use of certificates?

I noticed tomcat's manager application is over https without certificates.  It uses username and password with dialog as authenication.

Is there a way for a java client to invoke the https servlet using the username and password as authentication without the dialog?  That is, the invoke servlet without browser?
2 Solutions
SSL is certificate / key based, so impossible to implement without a set, but if all you want to do is password protect the serverlet (no encryption of traffic), then simply enable BASIC AUTH in your web.xml.  See tip (5) in http://oreilly.com/java/archive/tomcat-tips.html
arober11 is quite correct.  It sounds as if he might be correct also that you really want password protection, not encryption of the connection.

If your tomcat manager app answers on https then tomcat has a certificate.  It's required by the HTTP protocol.

If https is running on your server, then you can use https to access your servlet.

If your tomcat is set up to respond to https requests (which it must, if you are right about the manager app being on https), then you can use web.xml and the security-constraint transport-guarantee to force all access to your servlet through https.  For example, this fragment will do that for a servlet:


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now