HttpsURLConnection
Class
The https protocol is similar to http, but https first establishes a secure channel using SSL/TLS
sockets and then verifies the identity of the peer before
requesting/receiving data. The javax.net.ssl.HttpsURLConnection
extends the
java.net.HttpsURLConnection
class, and adds support for https-specific features.
See the java.net.URL
, java.net.URLConnection
, java.net.HttpURLConnection
, and javax.net.ssl.HttpURLConnection
classes for more information about how https URLs are
constructed and used.
HttpsURLConnection
, you can
configure a number of http or https parameters before actually initiating
the network connection using the method URLConnection.connect
.
Of particular interest are:
Setting the Assigned SSLSocketFactory
In
some situations, it is desirable to specify the SSLSocketFactory
that
an HttpsURLConnection
instance uses. For example,
you may want to tunnel through a proxy type that isn't supported by
the default implementation. The new SSLSocketFactory
could
return sockets that have already performed all necessary tunneling,
thereby allowing HttpsURLConnection
to use additional
proxies.
The HttpsURLConnection
class has a
default SSLSocketFactory
which is assigned when the
class is loaded. (In particular it is the factory returned by the
method SSLSocketFactory.getDefault
.) Future instances
of HttpsURLConnection
will inherit the current default SSLSocketFactory
until
a new default SSLSocketFactory
is assigned to the
class using the static method HttpsURLConnection.setDefaultSSLSocketFactory
.
Once an instance of HttpsURLConnection
has been created,
the inherited SSLSocketFactory
on this instance can
be overriden with a call to the setSSLSocketFactory
method.
Note
that changing the default static SSLSocketFactory
has
no effect on existing instances of HttpsURLConnections
,
a call to the setSSLSocketFactory
method is necessary
to change the existing instance.
One can obtain the per-instance
or per-class SSLSocketFactory
by making a call to
the getSSLSocketFactory
/getDefaultSSLSocketFactory
methods,
respectively.
Setting the Assigned HostnameVerifier
If
the hostname of the URL does not match the hostname in the credentials
received as part of the SSL or TLS handshake, it is possible that
URL spoofing has occured. If the implementation cannot determine a
hostname match with reasonable certainty, the SSL implementation will
perform a callback to the instance's assigned HostnameVerifier
for
futher checking. The hostname verifier can perform whatever steps
are necessary to make the determination, such as performing alternate
hostname pattern matching or perhaps popping up an interactive dialog
box. An unsuccessful verification by the hostname verifier will close
the connection. (See RFC
2818 for more information regarding hostname verification.)
The setHostnameVerifier
/setDefaultHostnameVerifier
methods
operate in a similar manner to the setSSLSocketFactory
/setDefaultSSLSocketFactory
methods,
in that there are HostnameVerifiers
assigned on a
per-instance and per-class basis, and the current values can be obtained
by a call to the getHostnameVerifier
/ getDefaultHostnameVerifier
methods.