On 6/28/2012 9:27 AM, Jeffrey Janner wrote:
-----Original Message-----
From: David kerber [mailto:dcker...@verizon.net]
Sent: Thursday, June 28, 2012 7:25 AM
To: Tomcat Users List
Subject: Adapting a webapp to use https
We have an application that we've been running successfully for years.
Now one of our potential customers wants to investigate possibly
switching it to use https instead of http, and I'm trying to figure out
what's involved in the conversion.
The clients are headless industrial computers that collect data and
transmit it to the tc server, so there is no user to enter IDs and
passwords. I have both TC 6 and TC 7 servers in use, and it works find
with both of them.
What might be the best way of doing this? Should I have the client app
do its own logins? Or can this be done with certificates? Or what?
I'm a total newbie at writing and configuring https connections, so
could use whatever pointers or references you can give me.
Dave
Dave -
A lot depends on the actual requirements being proposed by your potential
customer.
You don't mention anything about how your app currently handles authentication. If the
current method is acceptable, then all you really need to do is convert
the<connector> attribute to support SSL and get a certificate. You may also want to
add a<security-constraint> with a transport guarantee of CONFIDENTIAL to your app's
web.xml file.
Because the clients are headless, there really isn't any authentication,
just some identifying information in the data packet, which is also
lightly encrypted. The server just throws away anything it doesn't know
exactly what to do with. I'm getting the info 2nd hand, but my
understanding is that they're mainly looking for secure transport, so it
can't be sniffed.
See the online documentation for your tomcat release, e.g.
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html.
Thanks for the link; that's what I was looking for at this point.
You will also need to insure that the client computers can be configured to
support/use SSL.
Yes, another programmer is looking into that. I only wrote the server
side; somebody else wrote the client app.
If however, the goal is to add some improved form of authentication, you'll
need to read deeper, and then come back with some specific questions about the
path you wish to take.
Yes, I'll come back if my understanding of the requirements changes.
Thanks!
Dave
Jeff
__________________________________________________________________________
Confidentiality Notice: This Transmission (including any attachments) may
contain information that is privileged, confidential, and exempt from
disclosure under applicable law. If the reader of this message is not the
intended recipient you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly prohibited.
If you have received this transmission in error, please immediately reply to
the sender or telephone (512) 343-9100 and delete this transmission from your
system.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
