Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: pass (nike.apache.org: domain of moleyharey@gmail.com designates
 209.85.161.173 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=Az2Gld4Fnbiz5ymuVn0nFtKh5ePqLE+BzAAKlv4yTuAQh6allVsgXkJGAJpqF/ogVm
         I7w/wL/T1UPttvezgfu0uJfqViTNXEwp0iYu6s6R+BpyfTkfBK5djH6lO8StpDCciFlc
         el4FmUyNNlh+/kmUV3JrFKTLtstRY+Dp0UKN8=
MIME-Version: 1.0
In-Reply-To: <4CE2C53A.5070707@ice-sa.com>
References: <AANLkTimQmjQdkUea-52HZVtbQ3akVjDYT7SK4jJJ-jts@mail.gmail.com>
	<AANLkTinN8iC=eta7=4ATBOdNkx6fuhd3k1J+iRBe-55b@mail.gmail.com>
	<4CE2C53A.5070707@ice-sa.com>
Date: Wed, 17 Nov 2010 09:35:17 +0100
Message-ID: <AANLkTimB4vW-CFJ+CPywvT6vxrZnZLHD5wQrCaxUiPJ1@mail.gmail.com>
Subject: Re: Usage of Tomcat SSL in client-side class
From: Moley Harey <moleyharey@gmail.com>
To: Tomcat Users List <users@tomcat.apache.org>
Content-Type: multipart/alternative; boundary=0016362839d0935e6b04953b8d73

--0016362839d0935e6b04953b8d73
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks Andr=E9, I have been checking Apache Http Commons API for connecting
through HTTPS in my client-side classes and it seems that protocol is
supported well.

My doubt regarding if I had to do anything special in the client side was
related to the certificate, I have a self generated certificate using JSSE
keystore tool and I had read that those kind of certificates must be
accepted explicitly by the client (the same that browsers do), therefore I
was wondering how can I do that in my client to accept that automatically..=
.

2010/11/16 Andr=E9 Warnier <aw@ice-sa.com>

> Moley Harey wrote:
>
>> Hello folks,
>>
>> I have a set of web services installed in Tomcat 6.0.26 that I would lik=
e
>> to
>> access using HTTPs, I have following the instructions in Tomcat web side
>> to
>> set up JSSE support and now I can access the web services using SSH.
>>
>> My question is what do I have to do in my Java client-side classes to wo=
rk
>> with HTTPs requests from Tomcat? Do I have to accept somehow the
>> certificate
>> provided by Tomcat in my Java classes? Well, I'm totally newbie in these
>> security issues :-/
>>
>>
> Only because you mention that you are a total newbie, and because I am
> myself not far above that level, some beginning pointers :
>
> It helps to give things their correct name (or acronym), so as to be able
> to find the correct documentation and understand their relationship.
> SSL is "Secure Socket Layer". (Google : SSL RFC)
> SSH is an acronym for "Secure Shell" (Google : SSH RFC)
> HTTP is an acronym for "HyperText Transport Protocol". (Google : HTTP RFC=
)
> HTTPS (with a big S) is an acronym for "HTTP over SSL". (Google : HTTPS
> RFC)
>
> So you are not accessing the web services over SSH, you are accessing you=
r
> web services over HTTPS, which itself "lives" above an SSL connection, wh=
ich
> itself lives above a TCP connection, which itself lives above an IP link
> (which itself lives over an Ethernet link (probably) etc..).
>
> And on top of it all, you have the application (both at the client side,
> and at the server side).
>
> Schematically :
>
> Client application                            Server application
> Client "container" (?) (e.g. a JVM)           Server container (e.g. JVM =
+
> Tomcat)
> Client O.S.                                   Server OS
> Client SSL layer (optional)                   Server SSL layer (optional)
> Client OS TCP/IP layer                        Server OS TCP/IP layer
> Client-side Ethernet layer                    Server-side Ethernet layer
> Client-side hardware layer <-------------->   Server-side hardware layer
>
> When the client side application sends something to the server-side
> application, whatever data is sent goes through all the layers on the cli=
ent
> side, then over the physical connection, then through all the layers on t=
he
> server side up to the server application.
> The encryption/decryption, if any, takes place at the SSL layer level,
> automatically.
>
> So basically, to answer our question, you do not /have/ to do something
> special at the application level.  The container and the OS take care of =
the
> interface, so that your application can just use the standard "read" and
> "write" and "open" and "close" and request.getParameters() calls, no matt=
er
> if the connection uses an SSL layer or not.
>
> But you /can/ make use of some of the SSL-specific things, if you want.
> For example, the server-side application setup /could/ tell the container
> that it will only accept requests that come over a secure channel, and on=
ly
> if they come from a client identified as "X" or "Y".
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

--0016362839d0935e6b04953b8d73--