Protocol Support
This chapter includes the following topics:
HTTP, FTP, and GOPHER
Java Plug-in supports HTTP, FTP, and GOPHER protocols, including built-in proxy
configuration support.
HTTPS
Introduction
HTTPS is supported in Java Plug-in through Java Secure Socket Extension (JSEE),
which provides a Java implementation of SSL and HTTPS for the Java platform.
Error handling support
When accessing an HTTPS server, errors may occur. Java Plug-in has hooked into
JSSE to provide the following types of error handling:
- Hostname mismatch: If the HTTPS server host name does not match the
name on the server certificate, a warning dialog will appear.
- Untrusted server certificate: If the server certificate can not be
verified during the SSL handshaking, a warning dialog will appear.
- Untrusted client certificate: In case client authentication is required
by the server and the client certificate cannot be verified, a warning dialog
will be appear.
- Server authentication: If the client accesses a protected directory
on the HTTPS server, the users will be prompted for a username and password.
Note: Only basic authentication is currently
supported.
Potential issues with HTTPS through JSSE
Although support of HTTPS through JSSE eliminates many browser-specific problems,
there are several issues that developers should be aware of:
- Untrusted server certificate: When SSL handshaking takes place in
establishing an HTTPS connection, the server certificate is verified against
the root CA store in J2SE. However, J2SE supports fewer root CA certificates
than does the browser. As a result, you may have problems with untrusted server
certificates.
- Client authentication: An HTTPS server may require client authentication,
in which case a local client certificate is sent to the server for authentication.
In JSSE, client certificates are stored in a separate file and are independent
of the browser. In order for client authentication to work, developers must
import client certificates into JSSE through the keytool. See the JSSE
documentation for more information.
- Level of error handling: Java Plug-in currently handles the types
of error listed in the previous section. However, if there are additional
types of error that Java Plug-in doesn't recognize, the Java applet code may
break.
Socks
Java Plug-in currently supports SOCKS version 4.
Note: For HTTP/HTTPS, a SOCKS proxy server may
be used with a web proxy server to add caching. The behavior, however, may differ
from that observed when running a similar configuration in a browser without
Java Plug-in.
NTLM Authentication
Java Plug-in supports NTLM authentication protocol for HTTP/HTTPS. When attempting
to access a server requiring NTLM authentication, the user will be presented
with a dialog requesting two items (fields) of information: username and password.
If the user's domain is the same as the domain of the server to be accessed,
only username and passwork need be entered. But when the domain of the user
is different from that of the server, then the domain of the server must be
entered as well. It should be entered in the username field with a separating
backslash (\
) as follows:
<domain>\<username>
password is entered as it normally is in the password field.