Mix protocols transparently in Web applications

Resources Links

Ajax
Articles
Bioinformatics-Tutorials
Database-Tutorials
Free Books
Hibernate-Tutorials
J2EE-Tutorials
J2ME-Tutorials
Java-Tutorials
JavaScript
JDBC-Tutorials
JMS-Tutorials
JSP-Tutorials
Linux-Tutorials
MS Technology
PHP
RMI-Tutorials
Servlets-Tutorials
Struts-Tutorials
Tools For Java Technology
UML-Tutorials
Web Graphics Designing
Web Hosting Tutorial
Web-Services-Tutorials

More Tutorials

JSP Tutorials
Hibernate Tutorials
Struts Tutorials
JSF Tutorials MySQL Tutorials
Spring Tutorials
EAI Tutorials
JAXB Tutorials
Web Services Tutorials
JDO Tutorials
Java Tutorials
Java Certification
Linux Tutorials
Java Servlets
WAP Tutorials
EJB Tutorials
JDBC Tutorials
Bio Informatics
Java Server Faces Java Interview Questions

Tutorial: Mix protocols transparently in Web applications

Mix protocols transparently in Web applications

Tutorial Details:

Mix protocols transparently in Web applications
Mix protocols transparently in Web applications
By: By Steve Ditlinger
Implement HTTP and HTTPS in a safe, flexible, and easily maintainable manner
any Web applications, especially those deployed for e-commerce, necessitate the transmission of sensitive data between the Web server and the client browser. This data could include passwords, credit card numbers, or bank account numbers -- any information users would not want divulged to the general public. To protect sensitive data during transmission, developers at Netscape Communications created Secure Sockets Layer (SSL) and its companion protocol, HTTP over Secure Sockets Layer (HTTPS). HTTPS employs SSL to protect data by encrypting it at the source, be it the server or the client, and decrypting it at the destination, thus preventing anyone monitoring Internet data transmissions from easily capturing this data. The client and server exchange public keys to enable encryption and decryption.
The encryption/decryption process comes at a performance price, however. Data throughput for a Web server transmitting via HTTPS is often as little as one-tenth that of data transmission via HTTP. For this reason, you shouldn't deploy an entire Web application under SSL. For fastest performance, deploy a Web application under HTTP and employ HTTPS only for those pages and processes that transmit sensitive data. In this article, I propose and develop a solution for implementing this protocol mixture.
Current SSL implementations: Static links
Perhaps the most prevalent approach for integrating SSL into a Web application is to specify the entire URL, including the HTTPS protocol, in those hyperlinks that lead to Webpages or servlets requiring HTTPS. This leads to HTML code like the following snippet from a page not requiring SSL:
Non-SSL link
SSL Link
Similarly, pages requiring HTTPS should specify the HTTP protocol in hyperlinks that lead to pages or servlets that do not require the extra data protection. The following HTML would come from a page requiring SSL:
Non-SSL link
SSL Link
Advantages
One advantage to this method: you can easily implement it during development. You need no mechanism beyond what basic HTML provides.
Disadvantages
As is often the case, what proves easy to implement during development turns into a maintenance problem in production. Changing the protocol for any particular Webpage or servlet requires that you find and edit all links to that page or servlet to specify the new protocol. For portability reasons, you should specify hyperlinks in a fashion relative to a common directory or root context. Forcing the entire URL specification in hyperlinks creates a maintenance problem when the application moves from development to deployment, or any time the domain name or root context changes.
The biggest problem with the static link implementation is that nothing prevents a user from specifying the wrong protocol by manually entering a URL into the browser. The penalty for manually specifying HTTPS for a page or servlet not requiring HTTPS: reduced performance. Far worse is the penalty for manually specifying HTTP for nonsecure access of a page that does require HTTPS: sensitive data exposure.
Current SSL implementations: Restrict access
To prevent nonsecure access of sensitive data, the Java Servlet Specification 2.2 (and 2.3) defines the user-data-constraint element of the deployment descriptor for Web applications, better known as the web.xml file. As a child of the security-constraint element, user-data-constraint contains the transport-guarantee element. This element must specify one of three protection types for communication between client and server: NONE , INTEGRAL , or CONFIDENTIAL . While a NONE designation means that the Web resource being specified requires no transport guarantees, an INTEGRAL designation indicates that the Web resource must transmit between the client and server in a way that prevents changes to the resource's data while in transit. CONFIDENTIAL means that the Web resource's data must travel in a way such that no one can observe it while in transit. Most containers -- including BEA's WebLogic Server 6.1, which we'll use in this discussion -- treat the INTEGRAL or CONFIDENTIAL designations as a requirement for SSL usage. When a Web resource is specified as INTEGRAL or CONFIDENTIAL in the web.xml file as shown below, the user cannot access that resource over HTTP:

/SomeSslServlet

CONFIDENTIAL

If a user attempts to access such a resource over HTTP, perhaps by manually entering the URL into her browser, a page pops up informing her that she needs SSL to access the requested resource. When WebLogic is the container, this message reads, "Need SSL connection to access this resource."
Advantages
This approach combined with the static links method continues to provide the deployment advantages described for the static links method. The use of user-data-constraint in the deployment descriptor adds little complexity to an existing web.xml file. Using the deployment description in this way eliminates sensitive data exposure, which was the greatest disadvantage of using static links alone.
Disadvantages
The static link approach's other disadvantages remain. Link maintenance within pages will continue to prove troublesome for the same reasons outlined earlier. A new problem, however, might surface, where a user confronted with the given error message or even a more descriptive page might not understand the need to use HTTPS for accessing a secured Web resource. The message might intimidate or frustrate her; rather than re-enter the URL with the appropriate protocol, she might simply leave the Website.
Better solution needed
The ideal solution: an approach that automatically uses the correct protocol when accessing Web resources. This would both prevent access via an inappropriate protocol and shield users from re-entering URLs. The ideal solution should also prove easy for developers to implement and maintain.
Java Web application resource flow mechanisms
To develop our desired solution, we need to devise a process for routing users to the appropriate protocol for each Web resource. J2EE (Java 2 Platform, Enterprise Edition) provides two mechanisms that send users to another URL.
The first of these mechanisms is the forward() method found in the RequestDispatcher interface. Web applications that follow the MVC (Model-View-Controller) architecture often use this method to forward a request from a servlet to a JSP (JavaServer Page). A typical forward() instance within a servlet looks like this:
aRequest.getRequestDispatcher( "/somePage.jsp" ).forward(aRequest, aResponse);
A typical instance within a JSP, like this:
application.getRequestDispatcher( "/somePage.jsp").forward(aRequest, aResponse);
However, this limited mechanism can forward only to either another resource with the same root context or another context with the same document root, which includes the request protocol. This limitation prevents us from using the mechanism to forward a request with another protocol.
The second mechanism, the sendRedirect() method in the HttpServletResponse interface, provides the power to route to any URL with any protocol, as shown here:
aResponse.sendRedirect("http://some.otherdomain.com/aPage.jsp");
The only caveat here is that a response can only issue a redirect before it has committed. If a response attempts a redirect after committing, the sendRedirect() method will throw an IllegalStateException . With this limitation in mind, we select the sendRedirect() mechanism for use in our SSL implementation solution because of its greater flexibility in URL specification.
Solution proposal
In addition to the redirect mechanism, we will use two other methods from the Java Servlet API: We use the getScheme() method on the ServletRequest interface to determine whether a Web resource was called using the HTTP or HTTPS protocol. The getRequestUrl() method on the HttpUtils class tells us what URL requested the Web resource. ( Note: This method has moved to the HttpServletRequest interface in the Servlet 2.3 specification.)
Basic solution algorithm
The fundamental algorithm for our solution:
Determines the protocol used to request our Web resource
If that protocol matches the protocol we want for this resource, it does nothing
If that protocol doesn't match the protocol we want, it redirects to the same URL using the correct protocol
As an example, if a user issues a request to SomeSslServlet using the URL http://www.somedomain.com/SomeSslServlet, our algorithm redirects the request to the URL https://www.somedomain.com/SomeSslServlet.
Develop the solution
The code corresponding to our algorithm, in its simplest form, appears below:
String desiredScheme = "https" ; // or "http"
String usingScheme = aRequest.getScheme();
if ( !desiredScheme.equals(usingScheme) ) {
StringBuffer url = HttpUtils.getRequestURL(aRequest);
url.replace(0, usingScheme.length(), desiredScheme );
aResponse.sendRedirect(
aResponse.encodeRedirectURL(url.toString()));
return;
}
The return statement after the redirect is necessary to terminate the thread executing the Web resource containing the logic. The desired scheme's specification could be hardcoded as shown here or read from an external source to allow the desired protocol's specification at deployment time for each Web resource. An external source could be a properties file, a database table, or the web.xml deploy

Read Tutorial at: Click here to view the tutorial

Rate Tutorial: Mix protocols transparently in Web applications

View Tutorial: Mix protocols transparently in Web applications

Related Tutorials:

Displaying 1 - 50 of about 1444 Related Tutorials.

Protocols
Protocols Protocols ... by the standard Java browsing views in Eclipse 3.0. The Protocols plug-in solves these problems. With the Protocols plug-in, grouping is manifested both through a new

Applications and Applets
Applications and Applets Applications and Applets...; Now a days, Java is widely used for applications and applets... and is executed by a run-time interpreter. Applications are stand alone

How JSF Fits For Web Applications?
How JSF Fits For Web Applications How JSF Fits For Web Applications? ... web development environment because of reasons described below : JSF has

Web Services - Web Services Tutorials
to n-tier systems, to distributed computing, Web service applications represent... Web Services,Web Services Tutorials,what is web services,web services soap,architecture,architectures,http Web Services

Web 2.0 Innovations
; Innovations associated with ?Web 2.0? Web-based applications and desktops Ajax, the rich... website. Web protocols Web communication protocols support the Web 2.0 infrastructure. Major Web protocols are: REST (Representational State Transfer

Why Web Services?
; the development of Enterprise applications. Why Web Services? Here.... Connecting Different Applications: Web Services allows different applications... applications can also use the services of the web services. For example VB or .NET

Developing responsive Ajax based Applications with ajax technologies
applications. These days Ajax has been used for the development of responsive web... for the development of your web based applications. Now a days Ajax can help... you will learn Ajax. Ajax is new technologies for the development of web

Web Services - Web Services Tutorials
realistic examples built using the web services are heterogeneous applications... practices are for JEE applications that are relevant to Web Services... minimum network traffic. Do not overuse Web Services in your applications

Web Services Tutorials and Links
: As communications protocols and message formats are standardized in the web... use to build, test and deploy XML applications, Web services, and Web applications with the latest Web service technologies and standards implementations

Web 3.0 Definition
Web 3.0 Definition,Web 3.0 Development,Web 3.0 Tools,Web 3.0 Technologies,Web 3.0 Applications Web 3.0 Definition...; Web 3.0 Debates over Definition Since the origins of the concept of Web

Building Search Engine Applications Using Servlets !
programmers writing web applications. ... Building Search Engine Applications Using Servlets... Search Engine Applications Using Servlets

Web Server
and to an application by using the web browser and he HTTP protocols respectively... Introduction to Web Server,What is Web Server,Web Server Introduction Web Server Introduction

Eclipse Plugin-Rich Client Applications
can rapidly build business applications on the web with advanced GUI... internet applications to the desktop. Roadmap is a web browser. ... Eclipse Plugin-Rich Client Applications Eclipse

J2EE interview questions page1
for developing multitier, web-based applications. ...) are intended to contain complete Web applications. In this context, a Web application..., resources, classes, and multiple Web applications. Each type of file (.jar, .war

Web Application
software on potentially thousand of computer. Web applications are used... Web Application Web Application Web Application is an application which is stored on the web

ASP.NET Web Hosting
for the development of web applications. ASP.NET is built upon the .NET Framework... Web applications and XML Web services. These days many applications... ASP.Net Web Hosting,ASP.Net Hosting,ASP Web Hosting Services,ASP Hosting

Web 2.0
2.0,Web 2.0 Technologies,Web 2.0 Tutorials,Web 2.0 Applications,Web 2.0 Overview,Web... applications to end users. Ultimately Web 2.0 services are expected to replace desktop... of Web 2.0, ?Web 2.0 refers to Rich Internet Applications (RIAs) that use

Web 3.0
Web 3.0 Definition,Web 3.0,Web 3.0 Tools,Web 3.0 Technologies,Web 3.0 Development,Web 3.0 Features Rich Internet Application Web 3.0

E-Commerce Web Hosting
Hosting refers to the web hosting for E-Commerce Web Applications. In case of e... e commerce web hosting,e commerce hosting,e commerce hosting services,web hosting E-Commerce Web Hosting

Open Source web mail
to make PHP work better with corporate databases and Web services protocols. IBM..., browser-based Web applications. Zimbra is a new groupware platform that centers around... Open source web mail Open Source web mail Open

Reseller Web Hosting
Reseller Web Hosting,Reseller Hosting Plan,Reseller Hosting Account,Web Hosting,Plans Reseller Web Hosting...; Reseller hosting is a form of web

Open Source Servers
and networked applications. Midgard utilizes PHP as the web scripting... the Internet using the industry standard RTP and RTSP protocols. Based on the same code... for delivering business-level applications. You can choose to use NetWare, SUSE Linux

Web 2.0 Tutorials
Web 2.0,Web 2.0 Tools,Web 2.0 Technologies,Web 2.0 Tutorial,Web 2.0 Tutorials,Web 2.0 Applications,Web 2.0 Overview,Web 2.0 News,Web 2.0 Note,Web 2.0 Review... the development of web-sites that copy personal computer applications like (M.S. Office

Managed Web Hosting
for your E-Commerce applications Some of the Best Managed Web Hosting Providers... Managed Web Hosting,Managed Hosting,Dedicated Servers,Dedicated Hosting Services Managed Web Hosting

SOA and Web Services
applications. J2EE Web... SOA and Web Services,Web Services Tutorials,SOA Tutorial,Service Oriented Architecture,Service Oriented Architecture - SOA,Web Services Tutorials

Windows Web Hosting
to host your web applications developed using ASP, ASP.NET, Active-X Controls, COM... Windows Web Hosting,Windows Hosting,Windows Hosting Service Windows Web Hosting

Web 3.0 Technologies
Web 3.0,Web3.0,Web 3.0 Tools,Web 3.0 Technologies,Web 3.0 Applications,Web 3.0 Development,Web 3.0 Definition,Web 3.0 Features Web...; Web 3.0 Web 3.0 is a term, which

What is Web Hosting
What is Web Hosting What is Web...; What is Web Hosting? If you have a company and want web presence than you need a website. With the website

History of Web 3.0
Web 3.0 Technologies,Web 3.0 Tools,Web 3.0 Features,Web 3.0 Applications,Web 3.0 Development,Web 3.0 Definition History of Web 3.0

Web 2.0 Model
and applications are stored on Web servers, and a user can access these from... But gradually, Web-based applications act like local applications, but on a worldwide level... that Web applications have a lot more than it had been used so far. They decided

What is EII?
to copying the data as well as to creating reports having mix up of ... multi applications for the big and small companies and users. The main function..., webpage, slides and graphics etc.) as well as having mix up of live (dynamic

Bioinformatics Resources on the Web
Bioinformatics Resources on the Web Bioinformatics Resources on the Web... and Protocols links Bio-Journals -- a big collection

Brief Introduction to the Web Application development
and Internet protocols is called Web Application... Brief Introduction to the Web Application development... Introduction to the Web Application development

Web sphere Portal Analyst
; Experience with the development of web applications using websphere portals... Webs phere Portal Analyst Web sphere Portal...; Position Vacant: Web sphere Portal Analyst

Web 3.0 Design
Web 3.0 Design,Web 3.0 Development,Web 3.0 Tools,Web 3.0 Technologies,Rss Web Web 3.0 Design ...; Web 3.0 Design

The Role of AJAX in enhancing the user experience on the Web
web application. AJAX applications eliminate the start-stop... and slow response that have plagued Web applications since their inception... According to Wikipedia Rich Internet Applications (RIA) are web

Overview of Web 3.0
Web 3.0,Web 3.0 Tools,Web 3.0 Applications,Web 3.0 Development,Web 3.0 Definition,Web 3.0 Conference Overview of Web 3.0..., user friendly and intelligent. Thus originates the concept of web 3.0 and now

Open Source Web Frameworks written in Java

Apache Tomcat Training
container that is used for the deployment of Java based Web applications using Java...-based Web applications. In this course, Java programmer will learn how to setup... principles of Web server administration and building Web applications using Servlet

Eclipse Plunging/Web
development environments to enable you to develop web applications based... Eclipse Plunging/WEB Eclipse Plunging/Web... creator that supports the Google Web Toolkit (GWT). With GWT Designer, you

VoIP Web Services
VoIP Web Services VoIP Web Services...; The Avaya Joins VoIP Web Services Communications software... telephony, or VoIP. Intelligent communications connects business applications

Open Source Web Frameworks in Java
Java developers to quickly build web applications. Turbine allows you to use... building web-based applications. Tapestry Tapestry... applications in Java. Tapestry reconceptualizes web application development in terms

Java Building a Simple Web Service ? A Tutorial Tutorial
and developing enterprise class web applications using JAVA and J2EE technologies. ... the newly created web applications ? WebServiceTutorial... Building a Simple Web Service ? A Tutorial

Xcarecrows4 Web Services
. Manage Web Applications Manage Tomcat users Deploy and undeploy Web Services Download new Web Applications Download new Web Services Apache Tomcat... users and Web applications, deploy or undeploy Web Services with Xcarecrows

Building Web Application With Ant and Deploying on Jboss 3.0
Building Web Application With Ant and Deploying on Jboss 3.0 Building Web Application With Ant and Deploying on Jboss 3.0...; In this lesson I will show you how to build you web

Applications - text example
Java: Applications - text example... normally run are called applications. A typical MS Windows application has an extension.... Applications, as opposed to applets for example, must have is a main method. Here

Rich Internet Application
Internet Applications) refers to web applications that have the features... Applications are a cross between web applications and traditional desktop applications... Application Vs. Standard Web Applications Traditional web applications processed all

Rich Internet Application
to web applications that have the features and functionality of traditional desktop applications, it means Rich Internet Applications are a cross between web... Web applications displays in a series of Web pages that needs a distinct download

GPS Tracking and its Applications
GPS Tracking and its Applications GPS Tracking and its Applications ... and this prompted companies to find new applications for the technology. GPS Tracking is one

Site navigation