HTTPS with Apache Tomcat
As we know, SSL connections provide a secure pipe over an insecure network, incorporating server authentication, data integrity, confidentiality, and optionally, client authentication. In fact, SSL was developed to address the security concerns regarding use of the Internet for conducting e-commerce transactions.
URLs starting with https:// imply HTTP connection over SSL. Under the hood, though, both client and server must support HTTPS for this to work. Tomcat supports HTTPS, but by default, this support is disabled. You need to do some planning and edit the configuration file server.xml to setup Tomcat to accept HTTPS connections and serve Web pages corresponding to https URLs.
In the rest of this section, we go through ...
Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.