What should I do to make my Java web application to use HTTPS?

By default, the Java web apps that I develop runs on http.

Suppose, if I want my web app to run on https, is there something specific that I should do as a developer? Or it it totally a network-guy task and un-related to developer?

Basically I want to know the steps to host a Java web app开发者_StackOverflow中文版lication on https.

---

You don't need any programmatic changes in your web-application, You need to configure SSL with your web/app server

• Glassfish SSL Conf
• Tomcat SSL Conf
• Jetty SSL Conf
• JBoss SSL Conf

---

It depends on what J2EE(Web Container) you are using,

But there should be no developer changes required.

For tomcat you can click here.

---

The other answers are correct, but I want to add just one tip: sometimes a website serves some pages as http and others as https, usually in the mistaken belief that this will somehow improve performance since https is supposedly harder on the server, best to serve as much un-encrypted http as possible.

Don't do this! It's such a waste of developer effort since you now have to plan all your http -> https transitions, and perhaps even your https -> http transitions. You risk introducing security holes with the transitions (oops, anyone with session cookie can make the transition!). I recommend just doing all 100% https in this scenario. Crypto will never be a significant performance bottleneck, since it's perfectly scalable (more servers, more processors, more threads, etc, always help crypto, you won't be so lucky with the database!).

---

To enable HTTPS on sever and to make specific application accessible only through secured mode i.e https please do following

1. Create KeyStores and Add Certificates to the key store [ Links can be found from above answer :) ]

2. Add the following to your web.xml

   Restricted URLs /appname/* CONFIDENTIAL

you can add various patterns like /appname/login*,/appname/service* etc..