>
>[Note that there are two separate messages above, one in response to
>the other.]
>
>There are really two separate issues here. One is where the servlet
>engine is on the server end of the https request (i.e. sitting behind
>the web server), and one where it is the client of the https request.
>
>I believe Eric Wang was talking about the former of these. In this
>case, there isn't really a concern, as the servlet engine sits behind
>the web server, and the web server takes care of the SSL stuff between
>itself and the client browser.*
I agree.
>I believe Pankaj was talking about the latter case, where the servlet
>makes the https request to another web server. In this case, you do
>need some kind of SSL support. And my understanding is that JWS does
>have this support, but for other web servers, you need to use some
>third party product(s) (or perhaps there are other products from Sun
>that can be used). This has come up on the list before, so I would
>check the archives for discussion of such products.
If you are in USA and Canada you can download Secure Socket Extension (SSE)
API from Sun.
if you are (as myself) in the rest of the world you should implement your
own ssl extension....
are you still alive? :-)
or use something like OPENSSL and the ITISSL java classes (java 2) based on it.
Where do you can find them?
Here:
http:\\www.openssl.org
http://www-sp.iti.informatik.tu-darmstadt.de/itissl/
>*There actually may be an issue in this situation, depending on how
>the servlet engine interfaces/communicates with the web server. If it
>communicates via sockets (and thus allows the possibility of the
>servlet engine being on a different machine than the web server), then
>there may be some concern about the communication between the servlet
>engine and the server. What can be done about this depends on the
>servlet engine.
>
>Milt Epstein
>Research Programmer
>Software/Systems Development Group
>Computing and Communications Services Office (CCSO)
>University of Illinois at Urbana-Champaign (UIUC)
>[EMAIL PROTECTED]
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
