O'Reilly logo

J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice by Pankaj Kumar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

HTTPS with Apache Tomcat

As we know, SSL connections provide a secure pipe over an insecure network, incorporating server authentication, data integrity, confidentiality, and optionally, client authentication. In fact, SSL was developed to address the security concerns regarding use of the Internet for conducting e-commerce transactions.

URLs starting with https:// imply HTTP connection over SSL. Under the hood, though, both client and server must support HTTPS for this to work. Tomcat supports HTTPS, but by default, this support is disabled. You need to do some planning and edit the configuration file server.xml to setup Tomcat to accept HTTPS connections and serve Web pages corresponding to https URLs.

In the rest of this section, we go through ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required