Infosys Interview Question
Software Engineer / DevelopersCountry: India
Interview Type: In-Person
lem me add few things in it in terms if you are implementing the same thing with context to servlet..
The servlet container should automatically redirect the user to the HTTPS listener if you set the transport-guarantee element to CONFIDENTIAL or INTEGRAL in your web.xml, like so:
<security-constraint>
<web-resource-collection>
<url-pattern>*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
There is a small change required in java when changing form non secure to secure URL (http to https).
Say for example when creating a java.io.url object for reading an online resource, the only change you would do it instead of http url, you would specify https url.
(Site does not allow me to specify external url in the comments section)
from:
to:
What happens behind the scene is, when a connection is opened, due to an SSL url mentioned, an SSL handshake activity is performed.
- Saurabh July 09, 2014Overall, the SSL handshake has following steps
1. JVM looks for a certificate in the default java keystore. This keystore is usually a cacerts file inside the java installation jre/lib/security folder unless specified separately while instantiating the JVM.
2. If the certificate is not found it throws a handshake error and the program errors out.
3. If the certificate is found, it uses the public key in the certificate to communicate with the secure host. Host uses his private key to decrypt the information sent.
For the browsers thought you might think, you directly access the secure url and never import any certificate as such.
That is because most of the modern browsers come with the bunch of certificates preinstalled. And since most of the sites uses approved CA certs from Certificate authorities like Verisign, you have all those certs pre installed.
So the bottom line is to convert from http to https you dont need much changes in the code other than changing the URL end point from http to https. The behind the scenes work of importing the certificate to the keystore is what is required to make the change work.