Home » Java » Authentication in the application of JavaWeb (prog...

Authentication in the application of JavaWeb (programming) - servlet SSL

programming security can also be combined with SSL, but it needs to provide the following features as compared to conventional programming security:



(1) determines whether the SSL

is in use
The

ServletRequest interface provides two methods for determining whether or not to exist with SSL



 (getScheme) returns HTTP or HTTPS -- >
IsSecure (false) or true (true / return to illustrate the use of the HTTPS

)

(2) redirects non SSL requests to SSL requests


Redirection interface: response.sendRedirect

but is difficult to produce new URL, http://xxxx to https://xxxx, Java and no built-in interface to realize, can only get URL through request.getRequestURL method, through the string HTTP to https



(3) the number of keys to determine the encryption key


In the servlet2.3 and later versions, for the SSL request, an attribute named javax.servlet.request.key_size is automatically generated to specify the name, and the request.getAttribute method is called to get the length, demo as follows:

String keyAttribute = "javax.servlet.request.key_size""
Integer keySize = (Integer) request.getAttribute (keyAttribute);
If (keySize, =null)
{
/ / implementation code
}


(4) lookup encryption algorithm


Similarly, in version servlet2.3 and later, according to the SSL request will automatically generate a javax.servlet.request.cipher_suite attribute with the specified name, call the request.getAttribute method to get the encryption algorithm, demo as follows:

String cipherAttribute = "javax.servlet.request.cipher_suite""
String cipher_suite = (String) request.getAttribute (cipherAttribute);
If (cipher_suite, =null)
{
/ / implementation code
}








Latest