Wednesday, 7 December 2011

Run your web application on HTTPS (HTTP over SSL) protocol

I want to send post request using https(over secure socket layer) protocol.



Run Your java web application on https(http over ssl)

Step 1:
First you need signed certificate

for that write following in command prompt

Windows:

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

Unix:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

Step 2:

using step 1 keystore file would be generated, whist is saved in user home directory.
file named .keystore.

step 3:

open server.xml file from tomcat folder.

uncomment following code and add keystore filepath and keystorepassword which is given by you during generating

keystore.

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               keystoreFile="C:/Documents and Settings/Administrator/.keystore" keystorePass="tomcat"
               clientAuth="false" sslProtocol="TLS" />



Step 4:



Add following lines of code into your web.xml file

<security-constraint> <!-- This tag describe security constraint of our web application -->


<web-resource-collection>
<web-resource-name>app or resourcename</web-resource-name><!-- this is mandatory. It is used for internal purpose. It will not used any other place.  -->
<url-pattern>/*</url-pattern> <!-- write here url pattern on which you want to apply security constraint
ex. <url-pattern>/login.do</url-pattern> -->
<http-method>GET</http-method>
<http-method>POST</http-method> <!-- Put here method list in this tag which is restricted -->
</web-resource-collection>

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee><!-- There are three types of transportation.  None, Integral and confidential, Write here confidential to send request on http over ssl(https).-->
</user-data-constraint>
</security-constraint>

Full code is here.


<security-constraint>
<web-resource-collection>
<web-resource-name>app or resourcename</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

save  web.xml file and deploy and run your application.
When login.do servlet will execute , url redirect to https.


https://localhost:8443

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)