Hi,
You seem to have several questions roled into one.
What exactly are you trying to do?
If you simply want to protect information sent from a web browser
to your servlet/JSP, run your servlet engine from a SSL enabled
Web server.
You also seem to be confused as to exactly what SSL is. SSL
only encrypts the traffic between the server and the client. Part of
the negotiation of a SSL session is that the server MUST identify
itself (via a X.509 aka digital certificate). A client MAY authenticate
itself to a server (also via certificate, more on this later).
Typically you protect Web sites using either HTTP BASIC
authentication (e.g. the browser pops open a box asking for a
userid and password) OR via some sort of system that requires the
user to enter their userid and password via a form. Unless the
server is running SSL, this information is sent over the network in
the clear. One common use of SSL is to protect id and passwords
from being transmitted in the clear.
You can improve your authentication scheme by the use of client
certificates. SSL uses public key encryption (where the
encryption/decryption is accomplished using 2 keys. A private key
which is only known by the holder, and a public key that can be
shared. If something is encrypted with the private key, it can only
be decrypted by its public key. If something is encrypted by its
public key, it can only be decrypted by its private key). A digitial
certificate is simply a public key with some extra information (in
particular the key is signed by a trusted 3rd party who has verified
the owner of the key to be whom they say they are) to help
identify that it is indeed the public key of the holder. ). Under SSL
you can request a client's certificate. If you can verifiy the
certificate (at minimum by verifiying that it was issued by a trusted
third party or you can verify its contents by comparing it to a public
key stored in a directory service like LDAP) then the user is
authenticated.
Finally one possible outcome of your question is "how do I use
SSL for my application (eg. I need to connect to email server
securely for a web based mail reader)?". In which case you need to
use JSSE or some other similar SSL API for Java.
If that's not clear, let me know. I'll try to help.
Mark
On 24 Mar 00, at 12:30, Bragg, James wrote:
> Does anyone have an opinion on the best to incorporate SSL with JSP.
>
> Also is it possible to utilize SSL without having a Logon Screen.
>
> Sorry, just starting out with JSP and SSL...
>
> thanks..
>
> -------------------------------------------------------------------------
> James C. Bragg
> Senior Software Consultant
> Computer Associates International Inc
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
