HTTP vs. HTTPS
We have already breifly talked about Hypertext Transfer Protocol (HTTP): HTTP is one of the foundations of world wide web and at its most basic, it is a an application layer (in the OSI model) protocol that allows for the communication between client and server in our app. It is commonly used to send user requests via the browser to the server as well as transfer data from a web server to a browser in order to allow users to view web pages.
HTTPS stands for Hypertext Transfer Protocol Secure. The problem with the regular HTTP protocol is that the information that flows from server to browser or vice versa is not encrypted, which means it can be easily stolen. HTTPS protocols remedy this by using an SSL (secure sockets layer) certificate, which helps create a secure encrypted connection between the server and the browser, thereby protecting potentially sensitive information from being stolen as it is transferred between the server and the browser.
SSL Certificate
An SSL (Secure Sockets Layer) certificate is a digital certificate (a small data file) that authenticates the identity of a website and encrypts information sent to the server using SSL technology. An SSL certificate serves two purposes:
- It authenticates the identity of the website (this guarantees visitors that they’re not on a bogus site)
- It encrypts the data that’s being transmitted
HTTPS On SparkJava
It is possible to use HTTPS with SparkJava. You need to call secure
method before setting up your routes to set the SSL certificate. Before you do so though, you will need to generate a certificate. You could do so in various ways/formats e.g. using openssl
. Generating and properly configuring SSL certificates is beyond the scope of this class, but if you'd intend to enable/utilize HTTPS for your app on Heroku, you could start here.