The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

import-bot (20211) [Avatar] Offline
#1
[Originally posted by thefnordling]

I've got a copy of your book, but i am still in the 4th chapter.

Currently, I am using jms to send xml messages between my client and server in
an instant messaging app. The connection is encrypted with ssl and this
allows me to send sensitive data over the public internet.

My jms IM product however, seems to take up a lot of bandwidth and cpu
resources (primarily initiating the connection & jndi lookup), so i am
researching switching to jabber for the messaging exchange. I will need to
have my jabber client talking to my jabber server through SSL.

Will your book cover setting this up? and if not, can you point me to any
helpful resources?
import-bot (20211) [Avatar] Offline
#2
Re: SSL Encryption
[Originally posted by iainshigeoka]

> I've got a copy of your book, but i am still in the 4th chapter.
>
> Currently, I am using jms to send xml messages between my client and server in
> an instant messaging app. The connection is encrypted with ssl and this
> allows me to send sensitive data over the public internet.
>
> My jms IM product however, seems to take up a lot of bandwidth and cpu
> resources (primarily initiating the connection & jndi lookup), so i am
> researching switching to jabber for the messaging exchange. I will need to
> have my jabber client talking to my jabber server through SSL.

Yeah. JMS is a bit of a hog. It does give you better delivery guarantees
though. For something light weight and less mission critical like IM it tends
to be overkill. Also, depending on your JMS provider, you may run into
firewall problems with JMS based solutions when you go out onto the wider
Internet. It will also be extremely expensive to handle extremely large
numbers of users with JMS.

> Will your book cover setting this up? and if not, can you point me to any
> helpful resources?

It depends on what you mean by "setting this up". The book covers the
standard network port to use for SSL (I think in chapter 2). Otherwise, the
protocols are exactly the same for SSL and non SSL traffic.

If you want to support SSL connections with the book software, the book
doesn't explain how, but it is easy. Just substitute an SSL socket for the
normal Java Socket class in the code and you'll be using SSL. The class is
javax.net.ssl.SSLSocket and is a standard part of the JDK 1.4 libraries and a
standard extension for JDK 1.3 (download it from java.sun.com). The Javadoc
for the class should provide enough info to configure the class.

If you are looking for an discussion of how to secure SSL with authentication
and certificates that's a bit beyond the scope of the book (and is definitely
not covered there). There are several books on java security. I have Java 2
Network Security by Pistola, et. al. and Inside Java 2 Platform Security by
Gong. Both are pretty good. I'm sure the others are too.

Finally, I would like to alert you to the fact that there is a JEP (Jabber
Enhancement Proposal) being discussed at www.jabber.org that would substitute
SASL for both transport security (TLS... basically negotiated SSL) and client
authentication (replacing iq:auth). This is a good step forward for Jabber
security and meshes with the existing Internet use of SASL so I expect it to
eventually take over for plain SSL sometime in the future (next year?).

-iain