HTTPS (SSL) REST API Client with Jersey 2.x


Recently I was trying to build JAX-RS 2.0 client with Jersey implementation for HTTPS REST API call. I observed that, there has been some change in the way SSL Context and hostverifier is set to client with Jersey 2.x.

 There are many posts around talking about setting up HTTPSProperties to Client Config and setting client config to JAX-RS Client. One good example is hereBut most of these examples are applicable to older version (1.x) of Jersey.

 I spent some time to figure it out how it is been done in Jersey 2.x. Thanks to Jersey Migration Guide to help me out.

 Below is code snippet for how client is build in Jersey 2.x for HTTPS call. Please note that the TrustManager implementation demonstrated trusts all certs which should be OK only for testing purpose.


public Client getRESTClient() {

  TrustManager[] trustMgr= new TrustManager[] { new X509TrustManager() {
   public X509Certificate[] getAcceptedIssuers() {
    return null;
   }

   public void checkClientTrusted1(X509Certificate[] certs,
     String authType) {
   }

   public void checkServerTrusted1(X509Certificate[] certs,
     String authType) {
   }

   @Override
   public void checkClientTrusted(X509Certificate[] arg0, String arg1)
     throws CertificateException {
    // TODO Auto-generated method stub

   }

   @Override
   public void checkServerTrusted(X509Certificate[] arg0, String arg1)
     throws CertificateException {
    // TODO Auto-generated method stub

   }
  } };

  SSLContext context = SSLContext.getInstance("TLS");
  context.init(null, trustMgr, null);
  

  Client client = ClientBuilder.newBuilder().sslContext(context)
    .hostnameVerifier(new HostnameVerifier() {

     @Override
     public boolean verify(String arg0, SSLSession arg1) {
      // TODO Auto-generated method stub
      return true;
     }
    }).build();

  return client;

 }


Instead of setting sslCotext  and hostNameVerfier in HTTPSProperties as in Jersey 1.x they are not set over ClientBuilder calling appropriate methods as in above code.

Hope above tip helps to someone looking to develope REST Client for HTTPS calls.

Posted by
Labels: , , ,

2 comments:

  1. ShivOm Pandey27 April 2018 at 09:35

    This comment has been removed by the author.

    ReplyDelete
  2. GOPAL21 October 2021 at 21:39

    4. You have provided an nice article thank you very much for this one. And I hope this will be useful for many people and I am waiting for your next post keep on updating these kinds of Knowledge able things
    Click here for more info

    ReplyDelete

Subscribe to: Post Comments (Atom)