Try JAAS AKAIK it's not under export control restrictions and is very easy to work with.
----- Original Message ----- From: Vaishnavi <[EMAIL PROTECTED]> Date: Friday, September 28, 2001 7:46 am Subject: Security using Servlets > Hi, > > im a newbie with security issues and posting to this list cos > the security list doesnt have ANY members!!! i have to create some > kind of a security framework (2 - way authentication between a web > page client <-> java servlet) for an existing java servlet (pretty > big one at that!!). i realise that i have issues like export > laws(im in India) regarding digital certs and all... I have the > following questions: > > 1. Can i obtain a digital signature from a CA and access my > servlet using a shttp url? i plan to use JSSE for enabling usage > of a shttp url... and the java.security classes.... > > 2. my servlet is using http request and response objects to > send/receive data.. using JSSE means porting all that code to > sockets since JSSE is providing extensions for sockets?... i hope > im right, if im not someone please correct me... > > 3. What else can i do? can i do this using some options in my HTTP > header itself? > > Suggestions/Comments/Links to References Invited. > > Regards > Vaishnavi > eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee > > Don't frown. You never know who is falling in love with your smile. > > eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee > > ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
