15.4 Secure Communication

Secure communication channels are an important part of a secure environment. As SSL is a widely accepted secure transport protocol, communication between containers can be encrypted using SSL. This will ensure that the data transmitted over the wire will be kept confidential so that no unauthorized user can gain access to the information while data is in transit. It will also ensure the integrity of any data sent between containers; in other words, it will ensure that data is not modified by unauthorized users during transit. SSL can also be used for secure communication from the containers to external servers, such as LDAP directories, to ensure an end-to-end secure communication.

15.4.1 Using JSSE

JSSE is a Java implementation of the SSL protocol (see Section 13.4.1 on page 460). Java-based WASs can use JSSE to achieve secure communication between the servers. Keys can be kept secure by selecting an appropriate keystore type. For instance, if a hardware keystore provides a way to store keys securely, JSSE can be configured to use that keystore. Similarly, through a custom keystore, it is possible to centrally manage keys in distributed computing environments.

15.4.2 Client Certificates

According to the servlet specification, Web containers must allow users to authenticate themselves using client certificates. In such cases, in addition to a Web server authenticating to a Web clienttypically, a Web browserwhen an SSL connection is established between them, the client will be required to authenticate to the server, using a client certificate. Because a Web server can be independent of a Web container, the HTTP end pointthat is, the Web serverneeds to be configured to require client certificate. However, because an SSL connection can perform either server authentication or mutual authentication, a separate SSL port needs to be assigned to accept client certificates.

Figure 15.4 illustrates the process of client-certificate authentication using SSL. As the figure shows, the steps for SSL client authentication are as follows .

1. The authentication process starts when a user makes a request to a Web server, using HTTPS.

2. On receiving the request, the Web server responds by presenting its server certificate to the client.

3. The Web client verifies the server certificate.

4. The Web server then requests a client certificate.

5. The client browser presents the client certificate to the server on behalf of the user.

6. The server attemtps to verify the user's identity, based on the contents of the client certificate.

7. If the server verifies the user's identity successfully, the client will be able to access the protected resources on the server over an encrypted SSL connection.

A Web container depends on the HTTP end pointtypically, the Web serverto authenticate the client. This implies that the Web container may not engage in the SSL handshake, which is performed exclusively by the HTTP listenerthe Web server, in this case. Therefore, when a resource is accessed in the Web container, the SSL connection is already established. Given this configuration, the Web container will have to trust the Web server to have performed a valid SSL handshake and deliver the accurate information related to the SSL session, such as the contents of the X.509 client certificate, to the Web container. Given that a servlet can access information pertaining to the client certificate using the APIs and attributes defined in the Java Servlet specification, the information that is related to the SSL session is used by the Web container to answer such queries from a servlet.