Java Reference
In-Depth Information
"<p>Or view <a href=\"" + VIEW_SOURCE_URL + "\">" +
"the WebServer0 source on github</a>.</p>\n" +
"<hr/><em>Java-based WebServer0</em><hr/>\n" +
"</html>\n" ;
os . print ( "Content-length: " +
( reply1 . length () + from . length () + reply2 . length ()) + CRLF );
os . print ( CRLF );
os . print ( reply1 + from + reply2 + CRLF );
os . flush ();
s . close ();
} catch
catch ( IOException e ) {
System . out . println ( "IOException " + e );
}
return
return ;
}
}
Securing a Web Server with SSL and JSSE
Problem
You want to protect your network traffic from prying eyes or malicious modification, while
the data is in transit.
Solution
Use the Java Secure Socket Extension, JSSE, to encrypt your traffic.
Discussion
JSSE provides services at a number of levels, but the simplest way to use it is simply to get
your ServerSocket from an SSLServerSocketFactory instead of using the ServerSocket
constructor directly. SSL is the Secure Sockets Layer; a revised version is known as TLS. It
is specifically for use on the Web. To secure other protocols, you'd have to use a different
form of the SocketFactory .
The SSLServerSocketFactory returns a ServerSocket that is set up to do SSL encryption.
Example 16-9 uses this technique to override the getServerSocket() method in Serving the
HTTP Protocol . If you're thinking this is too easy, you're wrong!
Search WWH ::




Custom Search