Re: HTTPS URL Handler

Mike Burati (burati@pubweb.net)
Thu, 11 Jun 1998 12:22:37 -0400

Message-Id: <3.0.1.32.19980611122237.01026100@mail.pubweb.net>
Date: Thu, 11 Jun 1998 12:22:37 -0400
To: java-security@web2.javasoft.com, khetan@cmu.edu
From: Mike Burati <burati@pubweb.net>
Subject: Re: HTTPS URL Handler

> Can you give a ball park estimate of when the following will be
> implemented ?? Is it likely to be in the JDK 1.2 production release ??
> ...
> HTTPS URL Handler
> ...

You didn't mention where/how you would like to use this, so
I'll throw my $.019999999 in...

Jeff responded with how you could use it from an applet, but
it wasn't clear that's where you wanted to use it.

If you want to make outgoing connections from a service to
yet another service, try the Java Web Server (JWS 1.1), also
from JavaSoft (cf http://jserv.javasoft.com ). There's a
trial version there (for something like 30 days), and supposedly
now a free-for-educational-use version (see recent JWS mailing
list messages at: http://hplbwww.hpl.hp.com/people/ak/archives/jeeves/ )

Since JWS has an SSL license, it has an https URL handler which
appears to work for both incoming and outgoing https/SSL connections.

I've tried it to get privacy from an outgoing connection from
one of my JAVA Servlets to another JAVA servlet running in a
second JWS (the destination could have been any secure web server,
but the middle tier - servlet making the outgoing connection
needs to be on JWS, since it's the only web server servlet runner
that I know of with an https URL handler), and it appeared to
work fine. Another regular on the JWS mailing list above has
tried it with JWS1.1.1 and claims to have gotten certificate
based client authentication to work from his first servlet to
the second one, in addition to privacy (it used the Server
cert of the first servlet's JWS to authenticate to the second
one).

Good luck,
..Mike