Protocol Support

This chapter includes the following topics:

• HTTP, FTP, and GOPHER
• HTTPS
• Socks
• NTLM Authentication

HTTP, FTP, and GOPHER

Java Plug-in supports HTTP, FTP, and GOPHER protocols, including built-in proxy configuration support.

HTTPS

Introduction

HTTPS is supported in Java Plug-in through Java Secure Socket Extension (JSEE), which provides a Java implementation of SSL and HTTPS for the Java platform.

Error handling support

When accessing an HTTPS server, errors may occur. Java Plug-in has hooked into JSSE to provide the following types of error handling:

• Hostname mismatch: If the HTTPS server host name does not match the name on the server certificate, a warning dialog will appear. 
  
• Untrusted server certificate: If the server certificate can not be verified during the SSL handshaking, a warning dialog will appear.
  
• Untrusted client certificate: In case client authentication is required by the server and the client certificate cannot be verified, a warning dialog will be appear.
  
• Server authentication: If the client accesses a protected directory on the HTTPS server, the users will be prompted for a username and password. Note: Only basic authentication is currently supported.

Potential issues with HTTPS through JSSE

Although support of HTTPS through JSSE eliminates many browser-specific problems, there are several issues that developers should be aware of:

• Untrusted server certificate: When SSL handshaking takes place in establishing an HTTPS connection, the server certificate is verified against the root CA store in J2SE. However, J2SE supports fewer root CA certificates than does the browser. As a result, you may have problems with untrusted server certificates.
  
• Client authentication: An HTTPS server may require client authentication, in which case a local client certificate is sent to the server for authentication. In JSSE, client certificates are stored in a separate file and are independent of the browser. In order for client authentication to work, developers must import client certificates into JSSE through the keytool. See the JSSE documentation for more information.
  
• Level of error handling: Java Plug-in currently handles the types of error listed in the previous section. However, if there are additional types of error that Java Plug-in doesn't recognize, the Java applet code may break. 
  

Socks

Java Plug-in currently supports SOCKS version 4.

Note: For HTTP/HTTPS, a SOCKS proxy server may be used with a web proxy server to add caching. The behavior, however, may differ from that observed when running a similar configuration in a browser without Java Plug-in.

NTLM Authentication

Java Plug-in supports NTLM authentication protocol for HTTP/HTTPS. When attempting to access a server requiring NTLM authentication, the user will be presented with a dialog requesting two items (fields) of information: username and password. If the user's domain is the same as the domain of the server to be accessed, only username and passwork need be entered. But when the domain of the user is different from that of the server, then the domain of the server must be entered as well. It should be entered in the username field with a separating backslash (\) as follows:

<domain>\<username>

password is entered as it normally is in the password field.