Note: This Java plug-in guide describes features released prior to the Java SE 6 update 10 release. See Java Rich Internet Applications Development and Deployment for the latest information.
< Contents
Protocol Support
This chapter includes the following topics:
HTTP, FTP, and GOPHER
Java Plug-in supports HTTP, FTP, and GOPHER protocols, including
built-in proxy configuration support.
HTTPS
Introduction
HTTPS is supported in Java Plug-in through Java Secure Socket
Extension (JSEE), which provides a Java implementation of SSL and
HTTPS for the Java platform.
Error handling support
When accessing an HTTPS server, errors may occur. Java Plug-in
has hooked into JSSE to provide the following types of error
handling:
- Hostname mismatch: If the HTTPS server host name does
not match the name on the server certificate, a warning dialog will
appear.
- Untrusted server certificate: If the server certificate
can not be verified during the SSL handshaking, a warning dialog
will appear.
- Untrusted client certificate: In case client
authentication is required by the server and the client certificate
cannot be verified, a warning dialog will be appear.
- Server authentication: If the client accesses a
protected directory on the HTTPS server, the users will be prompted
for a username and password. Note:
Only basic authentication is currently supported.
Potential issues with HTTPS through JSSE
Although support of HTTPS through JSSE eliminates many
browser-specific problems, there are several issues that developers
should be aware of:
- Untrusted server certificate: When SSL handshaking takes
place in establishing an HTTPS connection, the server certificate
is verified against the root CA store in Java SE. However, Java SE
supports fewer root CA certificates than does the browser. As a
result, you may have problems with untrusted server
certificates.
- Client authentication: Java Plugin supports browser
keystore in JRE 1.5 or later. With browser keystore client
authentication of HTTPS server is performed differently for
Internet Explorer and Mozilla family browsers. For Internet
Explorer the certificate is not imported into the JRE keystore. For
Mozilla family browsers, a JSS package should be installed to read
the certificate from the Mozilla keystore. By default browser
keystore support is turned on.
- Level of error handling: Java Plug-in currently handles
the types of error listed in the previous section. However, if
there are additional types of error that Java Plug-in doesn't
recognize, the Java applet code may break.
Socks
Java Plug-in currently supports SOCKS version 4.
Note: For HTTP/HTTPS, a SOCKS proxy
server may be used with a web proxy server to add caching. The
behavior, however, may differ from that observed when running a
similar configuration in a browser without Java Plug-in.
NTLM Authentication
Java Plug-in supports NTLM authentication protocol for
HTTP/HTTPS. When attempting to access a server requiring NTLM
authentication, the following dialog is displayed:
To authenticate enter User Name,
Password and the Domain in the
respective fields.