You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Himanshu Thube <hi...@kenati.com> on 2004/05/19 17:47:54 UTC
Sun's javax.net.ssl and HttpClient
Hi
I am trying to suggest Apache Http client library against SUN
javax.net.ssl for our application, our application requirement is as
follows :
1. SSL support
2. Reuse the SSLSession / HttpState while reconnecting to web server
(Apache)
3. Restablishing Http(s) connection multiple times to web server
4. HttpClient should have same behaviour like a Browser (IE)
5. Asynchronous communication where Http client opens connection and
should recieve data from server whenever server has some data for http
client.
6. Other requirements are Performance, etc..
From the web I found few comparisons but some of them were vague (e.g.
One features page of Http client it is written "The jdk has the
HttpUrlConnection which is limited and in many ways flawed") but there
is no concrete explaination for this.
Another comparison link http://www.nogoop.com/product_16.html#compare
does not provide sufficient comparison for my requirement.
Can someone provide concrete link or information, about comparison
between Apache Http client library against SUN javax.net.ssl for my
requirements ?
For my requirement, I came up with only one valid point where Apache
Http client library provides a API where I can associate HttpState with
Http(s) connection. I guess if I dig more into JDK I will also find a
way to do this over there.
One more question - Does HttpState contain the Credentials ? Does this
also contain SSL information (certificates, etc...) It is just a marker
interface at the moment. So does it contain certificates, etc... like
SUN's SSLSession ?
Regards
Himanshu
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
Re: Sun's javax.net.ssl and HttpClient
Posted by Ortwin Glück <or...@nose.ch>.
Himanshu Thube wrote:
> Hi
>
> I am trying to suggest Apache Http client library against SUN
> javax.net.ssl for our application, our application requirement is as
> follows :
>
> 1. SSL support
HttpClient makes no assumptions about the underlying Transport Level
Security. This is completely abstracted away by Socket Factories. You
may use any SSL Implementation of your choice.
see the SSL Guide for more detailed information:
http://jakarta.apache.org/commons/httpclient/sslguide.html
> 2. Reuse the SSLSession / HttpState while reconnecting to web server
> (Apache)
HttpClient can reuse open connections through a connection pool. You
must do proper SSL session handling yourself.
> 3. Restablishing Http(s) connection multiple times to web server
No problem.
> 4. HttpClient should have same behaviour like a Browser (IE)
What do you mean exactly? HTTP is a standard. We follow the standards.
For convenience we have support for 'browser compatibility' mode in some
places like Cookie handling, to mimic common bugs in popular browsers.
HttpClient also has an option (strict mode = off) to be forgiving about
server-side HTTP misbehaviour (like plain wrong headers).
> 5. Asynchronous communication where Http client opens connection and
> should recieve data from server whenever server has some data for http
> client.
You can get the response data as a non-buffered input stream. Reading is
blocking. However you will need to account for connection timeouts.
> 6. Other requirements are Performance, etc..
HttpClient performs extremely well (set logging to a high level).
> From the web I found few comparisons but some of them were vague (e.g.
> One features page of Http client it is written "The jdk has the
> HttpUrlConnection which is limited and in many ways flawed") but there
> is no concrete explaination for this.
>
> Another comparison link http://www.nogoop.com/product_16.html#compare
> does not provide sufficient comparison for my requirement.
That comparison seems up to date, even though it has been online for
several years now. I would say 'fix turnaround' is very high here though.
> Can someone provide concrete link or information, about comparison
> between Apache Http client library against SUN javax.net.ssl for my
> requirements ?
None that I know of. If you find any third party reviews of HttpClient,
please let us know.
> For my requirement, I came up with only one valid point where Apache
> Http client library provides a API where I can associate HttpState with
> Http(s) connection. I guess if I dig more into JDK I will also find a
> way to do this over there.
>
> One more question - Does HttpState contain the Credentials ? Does this
> also contain SSL information (certificates, etc...) It is just a marker
> interface at the moment. So does it contain certificates, etc... like
> SUN's SSLSession ?
HttpState does contain the credentials. However SSL certificates are
completely handled by the underlying SSL implementation. HttpClient does
not handle those for you.
> Regards
> Himanshu
HTH
Ortwin Glück
--
_________________________________________________________________
NOSE applied intelligence ag
ortwin glück [www] http://www.nose.ch
software engineer [email] ortwin.glueck@nose.ch
hardturmstrasse 171 [pgp id] 0x81CF3416
8005 zürich [office] +41-1-277 57 35
switzerland [fax] +41-1-277 57 12
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
Re: Sun's javax.net.ssl and HttpClient
Posted by Roland Weber <RO...@de.ibm.com>.
Hello Himanshu,
Http Client and javax.net.ssl are in no way comparable at all.
SSL is a technique to secure connections on the transport
layer. HTTP is a protocol for client/server communication,
which runs on top of a transport layer. By combining HTTP
and SSL, you get HTTPS. For example, you can use the
HttpClient to communciate over an SSL connection from
javax.net.ssl.
The HttpURLConnection in the standard JDKs is flawed
because it does not provide flexibility with respect to
timeout handling, multithreading, connection pooling,
streaming, HTTP protocol versions and server specific
dialects, authentication, error handling, retry handling, and
probably plenty of other things I forgot.
The HttpsURLConnection from javax.net.ssl is the same
as the HttpURLConnection, except that it uses SSL instead
of plain sockets for the transport layer.
HttpClient uses a generic interface to create SSL connections
when needed for HTTPS connections. It is up to you to
implement this interface, and you can support SSL session
reuse if you want to. You can also implement your own
HTTP connection pool, which can be aware of your SSL
connection pool to optimize reuse.
hope that helps,
Roland
Himanshu Thube <hi...@kenati.com>
19.05.2004 17:47
Please respond to "Commons HttpClient Project"
To: commons-httpclient-dev@jakarta.apache.org
cc:
Subject: Sun's javax.net.ssl and HttpClient
Hi
I am trying to suggest Apache Http client library against SUN
javax.net.ssl for our application, our application requirement is as
follows :
1. SSL support
2. Reuse the SSLSession / HttpState while reconnecting to web server
(Apache)
3. Restablishing Http(s) connection multiple times to web server
4. HttpClient should have same behaviour like a Browser (IE)
5. Asynchronous communication where Http client opens connection and
should recieve data from server whenever server has some data for http
client.
6. Other requirements are Performance, etc..
From the web I found few comparisons but some of them were vague (e.g.
One features page of Http client it is written "The jdk has the
HttpUrlConnection which is limited and in many ways flawed") but there
is no concrete explaination for this.
Another comparison link http://www.nogoop.com/product_16.html#compare
does not provide sufficient comparison for my requirement.
Can someone provide concrete link or information, about comparison
between Apache Http client library against SUN javax.net.ssl for my
requirements ?
For my requirement, I came up with only one valid point where Apache
Http client library provides a API where I can associate HttpState with
Http(s) connection. I guess if I dig more into JDK I will also find a
way to do this over there.
One more question - Does HttpState contain the Credentials ? Does this
also contain SSL information (certificates, etc...) It is just a marker
interface at the moment. So does it contain certificates, etc... like
SUN's SSLSession ?
Regards
Himanshu
---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org