J2EE[tm] Blueprints > Java[tm] Pet Store Administrator > Configuring HTTPS

Configuring HTTPS

The Java Pet Store Administrator uses the HTTP protocol by default. This document describes how to enable a secure communication channel with this application by enabling HTTPS.

Note: These instructions use $JPS_HOME (UNIX) and %JPS_HOME% (Win32) to denote the root directory of the J2EE Blueprints bundle.

  1. Generate a security key using the J2EE Reference Implementation key-generation tool.

    To create a private key for use in secure transactions, open up a shell or command prompt, change your current directory to $J2EE_HOME/bin (UNIX) or %J2EE_HOME%\bin (Win32), and execute the following command:

    keytool -genkey -keyalg RSA -alias jpsCert

    The tool will prompt for a password. Enter the following password:

    changeit

    The tool will then ask you a series of questions. Your answers to these questions will be used to generate a new key, which will take a few minutes.

    Once it has finished generating the key, the tool will ask you to supply a password for <jpsCert>. Just hit the Return (or Enter) key to use the keystore password.

    Note: To use a certificate signed by a certificate authority, please refer to the section "Setting Up a Server Certificate" in Chapter 8 of the J2EE Developer's Guide.

  2. Configure the application to use secure communication.

    Go to the the directory $JPS_HOME/src/petstoreadmin/src/docroot/WEB-INF/ (UNIX) or %JPS_HOME%\src\petstoreadmin\src\docroot\WEB-INF\ (Win32) and open the file web.xml.

    3. Look for the following line:

    <transport-guarantee>NONE</transport-guarantee>

    Change the value of the transport-guarantee entry to CONFIDENTIAL.

  3. Build and deploy the application.

    Build and deploy the HTTPS-enabled Java Pet Store administrator.

  4. Test the configuration.

    Visit the Java Pet Store Administrator using the link given at the end of these instructions. Click the link on the welcome page to load the login page.

    The browser will now attempt to connect to the server over a secure channel. The browser will display several warnings, because the new security key you created is not signed by a well-known certificate authority.

    Click through the warning dialogs in order to accept the certificate. Once you accept the certificate, the login process and all subsequent interaction with the application will occur over HTTPS.

    5. To use the HTTP-enabled administrator module, click the following link:

    http://localhost:8000/admin/

    Note: These instructions assume that the application is deployed on a machine named localhost and port 8000. You should substitute localhost and 8000 with the name of the machine and the port on which the application is deployed.
Copyright © 2001 Sun Microsystems, Inc. All Rights Reserved.