Blog

Managed File Transfer and Network Solutions

Secure File Transfer with Java FTP Library

Posted by Charles Ott on Thu, Dec 08, 2011 @ 01:27 PM

secure file transfer javaWhen two little kids want to exchange a secret, a lot of negotiation is necessary: "Promise you won't tell? Cross your heart and hope to die?". When a client and server computer want to exchange secrets, they need to negotiate too: public keys, encryption methods, ports and more. Fortunately, JSCAPE's Secure FTP Factory and server software (such as JSCAPE MFT Server) handle most of the details for you.

In the previous article, we discussed insecure transfers using plain, unencrypted FTP. Fortunately, the FTPS (FTP Secure) version is almost identical, except that it can keep a secret. This kind of transfer uses the same SSL (Secure Sockets Layer) protocol used to create https:// web pages. Most of the negotiations, such as choosing a port and an encryption method, are handled automatically and your code does not need to be concerned with them.

One choice you should be aware of is "explicit" versus "implicit" connection type. It's an easy choice: you want the explicit connection unless it doesn't work. "Implicit" connections are deprecated and should only be used in some rare circumstances, typically because your server software or firewall doesn't understand "explicit" connections.

The difference is negotiation. In an "explicit" connection, the client sends a specific command to the server to start the encrypted communications, and the client and the server can then dicker over the encryption type and port used. Like an intransigent Congressman, an "implicit" connection won't negotiate. It just assumes that the server understands the secure requirements, and it defaults to "well-known" port numbers 990 and 989.

This example uploads GIF images using FTPS. (See the previous article for more explanations of this code.) You'll note that it's almost identical to the insecure example except that we create an "Ftps" object instead of an "Ftp" object, and we set the "connectionType" as explained in the comments.

Secure File Upload with FTPS

import com.jscape.inet.ftp.*;
import com.jscape.inet.ftps.*;
import java.io.*;
import java.util.Enumeration;

public class SecureUpload extends FtpAdapter {
    private String hostname;
    private String username;
    private String password;
    
    // perform multiple file upload
    public void doUpload(String hostname, String username, String password) throws FtpException {
        Ftps ftp = new Ftps(hostname,username,password);
        
        //capture Ftps related events
        ftp.addFtpListener(this);
		
		// Set the connection type. Explicit is Ftps.AUTH_TLS. 
		// Implicit (which is deprecated) is Ftps.IMPLICIT_SSL
		ftp.setConnectionType(Ftps.AUTH_TLS);
		
        ftp.connect();
        ftp.setBinary();
        ftp.mupload(".*\\.gif");
        ftp.disconnect();
    }
    
    public static void main(String[] args) {
        String hostname = "ftp.somewebsite.com";
        String username = "IFeelSecure";
        String password = "zip1a2dee3doo4dah";
        try {
            SecureUpload theUploader = new SecureUpload();
            theUploader.doUpload(hostname,username,password);
        }
        catch(Exception e) {
            e.printStackTrace();
        }
    }
}

A secure download is just as easy:

Secure File Download with FTPS

/*
 * SecureDownload.java
 *
 * An example using FTPS.
 */

import com.jscape.inet.ftp.*;
import com.jscape.inet.ftps.*;
import java.io.*;
import java.util.Enumeration;

public class SecureDownload extends FtpAdapter {
    private String hostname;
    private String username;
    private String password;
    private String filter;
    
    // Multiple file downloader from one particular website.
    public void doDownload(String filter) throws FtpException {
        Ftps ftp = new Ftps();
        
        //capture Ftp related events
        ftp.addFtpListener(this);
        ftp.setHostname("ftp.somewebsite.com");
        ftp.setUsername("IFeelSecure");
        ftp.setPassword("zip1a2dee3doo4dah");
        ftp.connect();
        ftp.setBinary();
        ftp.mdownload(filter);
        ftp.disconnect();
    }
    
    public static void main(String[] args) {
        String filter;
        try {
			filter = ".*\\.gif";
            SecureDownload theDownloader = new SecureDownload();
            theDownloader.doDownload(filter);
        }
        catch(Exception e) {
            e.printStackTrace();
        }
    }
}

With FTPS, you can protect your username, your password and the contents of the transferred files and you don't even have to swear "cross my heart and hope to die"!

Download Secure FTP Factory

Topics: Secure FTP Factory, FTP