HTTPS using Jersey Client
Construct your client as such
HostnameVerifier hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
ClientConfig config = new DefaultClientConfig();
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, myTrustManager, null);
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hostnameVerifier, ctx));
Client client = Client.create(config);
Ripped from this blog post with more details: http://blogs.oracle.com/enterprisetechtips/entry/consuming_restful_web_services_with
For information on setting up your certs, see this nicely answered SO question: Using HTTPS with REST in Java
How to consume https RestFul Webservice using jersey client
In your java installation folder is a file called cacerts
. This is the "Keystore" or "Truststore" of your JRE. It contains all certificates that are trusted by your JRE. You can add / remove certificates from the truststore.
To easily add / remove certificates, you can use the GUI Programm Keystore Explorer.
Option 1 Using Keystore Explorer and the default Truststore
Open the truststore with the Keystore Explorer.
(The truststore should be under<JRE-HOME>/lib/security/cacerts
, The default password should be "changeit" or "changeme")Drag and drop the ".crt" file into the opened truststore in the Keystore Explorer
Click "import" and Save the truststore
Now your JRE installation is ready to consume the webservice.
Option 2 Using Keystore Explorer and a separate Truststore
Copy your default truststore into your project. The path of the default truststroe is:
<JRE-HOME>/lib/security/cacerts
Open the copied truststore with the Keystore Explorer.
(The default password should be "changeit" or "changeme")Drag and drop the ".crt" file into the opened truststore in the Keystore Explorer
Start your programm with the following VM-Arguments:
-Djavax.net.ssl.trustStore [path-to-copied-truststore]
-Djavax.net.ssl.trustStorePassword [truststore password]
Option 3 Using 2 Truststores (Default + Separate Truststore)
If you want to use the default truststore and a separate one for the Website refer to this post https://stackoverflow.com/a/24561444/1638059
How do I use an SSL client certificate with jersey client in java
I found the solution. I just need to add certificate to the java KeyStore This helped me
How to make Jersey ignore ssl certificate error?
Please note that trusting all certificates is extremely risky. Be careful when doing it.
The following piece of code is not much different from the one shown in yukuan's answer. However, the following solution uses only the JAX-RS Client API. In theory, it should work with other JAX-RS implementations too:
TrustManager[] trustManager = new X509TrustManager[] { new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManager, null);
Client client = ClientBuilder.newBuilder().sslContext(sslContext).build();
Note 1: At the time of writing, the standard solution described above won't work with RESTEasy. RESTEasy delegates HTTP calls to HttpClient
from the Apache HttpComponents project. To trust all certificates with RESTEasy, the HttpClient
must be customized. For more details, have a look at this answer.
Note 2: You may find https://badssl.com
a useful resource to test clients against bad SSL configs.
Jersey error to connect to service using https on Java 6
If I understand correctly, you get the SSLException
in your client application which runs under Java 6. In this client you are trying to access a service hosted on Wildfly 9, which is using Java 7 or higher. This means the server is using a different security mechanism. I stumbled upon the same earlier and as you can see there is no conclusion to that post either.
And it makes sense if you think about it, why make it possible for the developer to create services which are using outdated and unsafe security mechanisms?
Eventually we decided to go with a JDK update. You could also attempt to host JBoss 4 under JDK7. For example here you could find some interesting writings on the topic.
Ignore self-signed ssl cert using Jersey Client
After some searching and trawling through some old stackoverflow questions I've found a solution in a previously asked SO question:
- Question: Java client certificates over HTTPS/SSL
- Answer Java client certificates over HTTPS/SSL
Here's the code that I ended up using.
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager(){
public X509Certificate[] getAcceptedIssuers(){return null;}
public void checkClientTrusted(X509Certificate[] certs, String authType){}
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
;
}
Related Topics
Eclipse Will Not Open Due to Environment Variables
How to Use Readline() Method in Java
In Which Language Are the Java Compiler and Jvm Written
Chat Client Emoticons Window Java
How to Change Java Version Used by Tomcat
The Matching Wildcard Is Strict, But No Declaration Can Be Found for Element 'Context:Component-Scan
Found Shared References to a Collection Org.Hibernate.Hibernateexception
Java Naming Convention with Acronyms
"Unmappable Character for Encoding Utf-8" Error
How to Get Method Parameter Names in Java 8 Using Reflection
How to Convert a Binary String to a Base 10 Integer in Java
"Noclassdeffounderror: Could Not Initialize Class" Error
Why Should One Use Objects.Requirenonnull()
How to Serialize Only the Id of a Child with Jackson
Error: Java_Home Is Not Defined Correctly Executing Maven
What Is Java_Home? How Does the Jvm Find the Javac Path Stored in Java_Home