from http to https

I have a simple web app: a web page with a form to submit, and a 开发者_如何学Cservlet on the server side.

It works.

I am now asked to change it so that the address of the form changes from

http://www.example.com/myForm.html to https://www.example.com/myForm.html

What are the steps to do this? Do I have to change my servlet? My deployment? My web page? All of them?

Thanks.

Just your deployment, not your servlet. It's a matter of configuring your web server to use HTTPS (HTTP over SSL) rather than HTTP (cleartext HTTP) to serve the page.

That configuration change should have no effect on your servlet whatsoever, provided your servlet doesn't have absolute (rather than relative) links to itself, but you wouldn't do that anyway. :-)

More about HTTPS here. The details of the configuration will depend on the web server you're using.

The servlet container has to be configured to deliver the contents encrypted. Here is how to to do that on Tomcat. If you use another servlet container please add that information to your question.

1. Obtain a server certificate. This can be either a self-signed certificate, or a certificate issued by a trusted issuer.
2. Configure your servlet container to accept https connections (on tomcat - via a special <Connector>)

It's just a change in the way how the client and the server communicate over network with each other. This is a matter of server configuration. Just configure the server to use HTTPS instead. No changes in the code logic/flow are necessary, you only need to update any referenced absolute URL's in your webapp accordingly (in HTML links, form actions, etc). So if your form action is for example http://www.example.com/myForm.html instead of myForm.html and the currently opened page is not opened by HTTPS, then you need to change the form action to the HTTPS URL.

As to the server configuration, it's unclear what server you're using, so here's a Tomcat-targeted example how to configure the server to use HTTPS (SSL): http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html. Any self-respected server ships with this information.