Problem solve Get help with specific problems with your technologies, process and projects.

Enabling HTTPS in J2EE Web components

HTTPS protocol is a valuable security feature for J2EE Web components. Expert Ramesh Nagappan explains how to implement HTTPS in JSPs and servlets.

How do I implement HTTPS protocol for JSP? Or, how do configure SSL in a Web application? My platform is WebLogic 8.1, Windows.

The Java EE (J2EE) platform defines an XML-based "Web Deployment Descriptor (web.xml)" for specifying configuration features that allows the enforcement of secure communication using HTTP with SSL/TLS protocols for Web components such as Java Server Pages (JSPs) and servlets.

To enable HTTPS communication support in Web components, the "<transport-guarantee>" sub-element of the "<user-data-constraint>" sub-element of a "<security-constraint>" element must be specified as "CONFIDENTIAL" in the Web deployment descriptor. The following XML snippet illustrates the Web deployment descriptor (web.xml) showing the "<transport-guarantee>" sub-element:

   . . .
    . . .
     . . .
  . . .

In general, it is the responsibility of the Web application developer/assembler to define the required attributes for a Web application before its deployment to the Java EE application server.

As it is a standard practice, the Web deployment descriptor specified information applies to all Java EE providers such as BEA Systems' WebLogic, IBM's WebSphere, Sun Java System Application Server, JBoss and also its underlying operating systems.

Dig Deeper on Software Security Testing Tools

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.