CODEWITHSUNDEEP
javaweb-serviceshttphttps
Niks
Niks

Reputation: 4842

Do I need HTTPS communication within a webapp and a webservice on the same instance?

I have a web service deployed on a server instance. On the same instance, we also have a webapp which consumes this web service and is a front-end to the end user.

Since both are on the same server instance and the communication is local, I was wondering whether or not using HTTPS will be an overhead?

Upvotes: 2

Views: 163

Answers (2)

Ramesh PVK
Ramesh PVK

Reputation: 15446

Yes, in the same server HTTPS just adds overhead. Can communicate over HTTP

If the web service server instance is not exposed to outside world, you can completely disable HTTPS listener.

If this web service server is exposed to outside world, then you can write a filter in which redirects the http request coming from outside to https.

This is how the filter looks:

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
    HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
    HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;        
    if(httpRequest.isSecure() || isHostAllowed(servletRequest.getRemoteHost()) ){
        filterChain.doFilter(servletRequest, servletResponse);
    } else{
        String url  = "https://"+servletRequest.getServerName() + "/" + httpRequest.getRequestURI();
        httpResponse.sendRedirect(url);
    }
}

Upvotes: 1

Sanjay T. Sharma
Sanjay T. Sharma

Reputation: 23218

If your web service is "local" to the box i.e. not public facing and bound to the loopback interface (or more like, a local network interface), using HTTPS would be a considerable overhead with no justification for obvious reasons (since it needs to do "more" work).

We have a similar architecture but instead of using HTTP, we use RMI for better performance. It provides binary transfer as opposed to a text protocol and not to mention the auto marshalling-unmarshalling which comes for free. If you are worried about portability, using another efficient protocol like protobuffers might help things in the long run. Though I'm sure these things don't apply in your case given that you don't mention anything about moving away from HTTP service.

Upvotes: 3

Related Questions