[英]Client certificate on outboud connection
On my application I need to access a bunch of REST webservices using Client Authentication. 在我的应用程序上,我需要使用客户端身份验证访问一堆REST Web服务。 I'm using RestEasy's implementation of JAX-RS Client (which is actually using Apache HttpComponents under the hood). 我正在使用RestEasy的JAX-RS Client实现(实际上是在后台使用Apache HttpComponents)。
First I try to load the KeyStore : 首先,我尝试加载KeyStore :
private static KeyStore keyStore;
static {
try {
String keyStoreProperty = System.getProperty("javax.net.ssl.keyStore");
String keyStorePasswordProperty = System.getProperty("javax.net.ssl.keyStorePassword");
if (keyStoreProperty != null && keyStorePasswordProperty != null) {
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream keyStoreData = new FileInputStream(keyStoreProperty)) {
keyStore.load(keyStoreData, keyStorePasswordProperty.toCharArray());
}
}
} catch (IOException | NoSuchAlgorithmException | CertificateException | KeyStoreException e) {
//logging
}
}
Next I use the previously loaded KeyStore to build the javax.ws.rs.client.Client : 接下来,我使用先前加载的KeyStore来构建javax.ws.rs.client.Client :
Client client;
if (keyStore != null) {
client = ClientBuilder.newBuilder()
.keyStore(keyStore, System.getProperty("javax.net.ssl.keyStorePassword")).build();
} else {
//logging
}
However, this code doesn't seems to be the right way to do things. 但是,这段代码似乎并不是正确的处理方式。
I would like to know if it's possible to configure the keyStore on JBoss/WildFly and let it apply it on outbound connections, ideally based on URL patterns. 我想知道是否有可能在JBoss / WildFly上配置keyStore并将其应用于出站连接,最好基于URL模式。
WildFly does not have that. WildFly没有。
Regarding your code when configuring 2-way SSL you need also trustStore configured. 关于在配置2向SSL时的代码,还需要配置trustStore。 To make client trust to server you are connecting. 为了使客户端信任服务器,您正在连接。 Or alternatively use ssl context instead of keyStore trustStore pair [1]. 或者,也可以使用ssl上下文代替keyStore trustStore对[1]。
[1] https://docs.oracle.com/javaee/7/api/javax/ws/rs/client/ClientBuilder.html [1] https://docs.oracle.com/javaee/7/api/javax/ws/rs/client/ClientBuilder.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.