HTTP Basic Security and HTTPS Project

CS-431
HTTP Basic Security and HTTPS Project

Purpose:: The purpose of this project is to familiarize the student with HTTP Basic Security and the use of the Secure Sockets Layer (SSL).

Description:

Using the HTTP server used in CS-328 (click here ) as a starting point, modify the server to implement HTTP Basic Security (RFC 2617) and HTTPS on port 443.

your server shall handle both HHTP and HTTPS
your server's GUI shall allow the user to define security realms and access control information (aci)with which the Basic Security mode will work. Once authenticated to a realm the client user shall not have to reauthenticate for that realm until their session has timed out (5 minutes).
aci should include userids/passwords and groups to which users can be assigned.

Hints:

Read the portion of RFC 2617 that deals with Basic Security and SSL API carefully. Make sure that you have access to the jsse.jar file (this may require you to download and install the J2EESDK from java.sun.com).

Use a combination of the incoming IP and a time/date stamp to keep track of sessions.

To build a Keystore and a certificate to use with SSL use the keytool that comes with the JSDK:

         keytool -genkey -keystore SSLStore -alias SSLCertificate

To run your program and have it use the keystore you created:

    java -Djavax.net.ssl.keyStore=SSLStore
              -Djavax.net.ssl.keyStorePassword=password  myServer

         where: password is the password you used to create the keystore

Last updated: 03/29/2009 - RVS

CS-431HTTP Basic Security and HTTPS Project

CS-431
HTTP Basic Security and HTTPS Project