CareerCup

There is a small change required in java when changing form non secure to secure URL (http to https).

Say for example when creating a java.io.url object for reading an online resource, the only change you would do it instead of http url, you would specify https url.

(Site does not allow me to specify external url in the comments section)

from:

URL url = new URL("http:..//.....");
  URLConnection ucon = url.openConnection();

to:

URL url = new URL("https:..//....");
  URLConnection ucon = url.openConnection();

What happens behind the scene is, when a connection is opened, due to an SSL url mentioned, an SSL handshake activity is performed.

Overall, the SSL handshake has following steps

1. JVM looks for a certificate in the default java keystore. This keystore is usually a cacerts file inside the java installation jre/lib/security folder unless specified separately while instantiating the JVM.
2. If the certificate is not found it throws a handshake error and the program errors out.
3. If the certificate is found, it uses the public key in the certificate to communicate with the secure host. Host uses his private key to decrypt the information sent.

For the browsers thought you might think, you directly access the secure url and never import any certificate as such.
That is because most of the modern browsers come with the bunch of certificates preinstalled. And since most of the sites uses approved CA certs from Certificate authorities like Verisign, you have all those certs pre installed.

So the bottom line is to convert from http to https you dont need much changes in the code other than changing the URL end point from http to https. The behind the scenes work of importing the certificate to the keystore is what is required to make the change work.

<http>
<intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
<intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"/>
</http>

A list of few more java interview questions like

1. By default, Java is pass by reference or pass by value. how it handles it.
2. In which scenario, you will use custom exceptions in java.
3. how garbage collection works in java

Check more : newtechnobuzzz.blogspot.in

lem me add few things in it in terms if you are implementing the same thing with context to servlet..

The servlet container should automatically redirect the user to the HTTPS listener if you set the transport-guarantee element to CONFIDENTIAL or INTEGRAL in your web.xml, like so:

<security-constraint>
    <web-resource-collection>
        <url-pattern>*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>