Discussion:
HttpServlet and https
Ted Yu
2013-11-12 00:36:02 UTC
Permalink
Hi,
My Servlet extends javax.servlet.http.HttpServlet.

Is there anything special for the servlet to support https ?

Thanks
Ron Reynolds
2013-11-12 01:24:55 UTC
Permalink
not from a servlet POV so long as your server returns some form of SSL certificate that your browser can be made to accept.



On Monday, November 11, 2013 4:36 PM, Ted Yu <ted_yu-/***@public.gmane.org> wrote:

 
Hi,
My Servlet extends javax.servlet.http.HttpServlet.

Is there anything special for the servlet to support https ?

Thanks
Robert Kuhar
2013-11-12 01:26:59 UTC
Permalink
Its not so much your Servlet that cares HTTPS vs HTTP, its the Servlet
Runner. If you are Tomcat you do one bit of configuration to turn on an
HTTPS "listener" for lack of a better name. If you are Jetty, you do
something slightly different. Most bigger scale web-app architectures,
where there are LoadBalancers or a CDN sitting in front of your webapp, the
typical dance is to strip off HTTPS at that point and forward the requests
along to the app servers plain-jane HTTP.
Hi,
My Servlet extends javax.servlet.http.HttpServlet.
Is there anything special for the servlet to support https ?
Thanks
Ron Reynolds
2013-11-12 01:42:27 UTC
Permalink
oh yeah, you need something listening on port 443 since that's the default https port if you have direct browser-server communication (all our LBs handle the HTTPS/certs so it's all http internally - i always forget about that part). :)



On Monday, November 11, 2013 5:27 PM, Robert Kuhar <robertkuhar-***@public.gmane.org> wrote:

 
Its not so much your Servlet that cares HTTPS vs HTTP, its the Servlet Runner.  If you are Tomcat you do one bit of configuration to turn on an HTTPS "listener" for lack of a better name.  If you are Jetty, you do something slightly different.  Most bigger scale web-app architectures, where there are LoadBalancers or a CDN sitting in front of your webapp, the typical dance is to strip off HTTPS at that point and forward the requests along to the app servers plain-jane HTTP.
Post by Ron Reynolds
 
Hi,
My Servlet extends javax.servlet.http.HttpServlet.
Is there anything special for the servlet to support https ?
Thanks
Nichole King
2013-11-12 09:17:35 UTC
Permalink
The web.xml, web descriptor, could/should also have a security-constraint
element using transport- guarantee confidential.

Like all web apps and pages your session management will be different due
to the difference in scheme.
The web.xml, web descriptor, could/should also have a security-constraint
element using transport- guarantee confidential.
Like all web apps and pages your session management will be different due
to the difference in scheme.
Post by Ron Reynolds
oh yeah, you need something listening on port 443 since that's the
default https port if you have direct browser-server communication (all our
LBs handle the HTTPS/certs so it's all http internally - i always forget
about that part). :)
On Monday, November 11, 2013 5:27 PM, Robert Kuhar <
Its not so much your Servlet that cares HTTPS vs HTTP, its the Servlet
Runner. If you are Tomcat you do one bit of configuration to turn on an
HTTPS "listener" for lack of a better name. If you are Jetty, you do
something slightly different. Most bigger scale web-app architectures,
where there are LoadBalancers or a CDN sitting in front of your webapp, the
typical dance is to strip off HTTPS at that point and forward the requests
along to the app servers plain-jane HTTP.
Hi,
My Servlet extends javax.servlet.http.HttpServlet.
Is there anything special for the servlet to support https ?
Thanks
Loading...