Writing a HostnameVerifier class

You need to write a host name verifier that validates the host.

A host name verifier validates that the host to which an SSL connection is made is the intended or authorized party. In an Endeca JSP application, you use the AuthHttpENEConnection.setHostnameVerifier() method to set the host name verifier. Because this method takes a javax.sun.net.ssl.HostnameVerifier object type , you must create your own HostnameVerifier class.

During testing, you may want to use a null version of the HostnameVerifier class, which always returns true. The Java code for such a class is used in the example below. In a production environment, you would want to write a class that actually verifies that the host name is an acceptable match with the server's authentication scheme.

To write and implement your HostnameVerifier class:

  1. Create a .java file with the following Java code. Note that the example creates a package named myverifier. 
    package myverifier;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
/**
 * Create a class to trust all hosts, so always returns true
 */

public class NullHostnameVerifier implements HostnameVerifier {
  public boolean verify(String urlHostname, SSLSession sslSession) {
    return true;
  }
}
  2. Compile the .java file, as in the following example. 
    javac NullHostnameVerifier.java
  3. Place the resulting .class file where it can be imported into your application. For example, if your application is located in the C:\Tomcat\webapps\endeca_jspref directory, then place the .class file in the following location. 
    C:\Tomcat\webapps\endeca_jspref\WEB-INF\classes\myverifier
  4. Import the class into your application, as in the following example. 
    <%@ page errorPage="error.jsp" %>
<%@ page import="com.endeca.navigation.*" %>
<%@ page import="com.endeca.logging.*" %>
<%@ page import="myverifier.NullHostnameVerifier" %>
When the AuthHttpENEConnection.setHostnameVerifier() method is used in your application, your NullHostnameVerifier class provides the verifier object: 
//Instantiate a connection object for the MDEX Engine
AuthHttpENEConnection nec = new AuthHttpENEConnection(eneHost, enePort);
// Enable the SSL connection with our NullHostnameVerifier class
nec.setHostnameVerifier(new NullHostnameVerifier());