Use https to call a webservice
Question
I am currently working on a webservice that uses http! I have been asked to change (to use ) https instead to call this webservice!
I am using eclipse kepler and JBoss EAP6.1
I found in the internet that I have to create a keystore and edit the server.xml file. The thing is that i can't find the xml file in this JBOss version [ i have a standalone.xml file is it the same ? ] and for the generation of the keystore where do i have to do it ? Thank you for you ansewers! if I am on the wrong way, would you please re-direct me to right path ?
Thanks again !
3 answers
solution1
1 2016-03-15 11:13:20
Get the certificate of the HTTPS url. (You can do it by typing the URL in the browser and then extracting the certificate from the browser certificate installation location). After this add this certificate to the JRE of your application which is used by JBOSS server. Most probably this will be the JRE you have given in the system environment. You can google to get how to install certificate in the keystore. May be this will work.
solution2
0 2016-03-15 11:19:40
You're calling a remote webservice via https, right?
Ok, you could import the certificate of the remote service in the keystore (plenty of guides about that, look at this other question for an example)
OR
You can bypass the whole https certificate thing (launch this static method before the remote call):
/**
* Bypassing SSL certificate check
*
* @throws Exception
*/
public static void doTrustToCertificates() throws Exception {
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String urlHostName, SSLSession session) {
if (!urlHostName.equalsIgnoreCase(session.getPeerHost())) {
logger.warn("Warning: URL host '" + urlHostName + "' is different to SSLSession host '" + session.getPeerHost() + "'.");
}
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
solution3
0 2016-03-15 11:30:09
In addition to answer of @Rahul, you can import certificate (.cer) file using following command on command prompt for windows OS :
(Assuming you have set required Java paths)
keytool -importcert -file <path of certificate>\<YourCertificateName>.cer -keystore D:\java\jdk1.7.0_40\jre\lib\security\cacerts -alias <certificateAliasName> -storepass <Password>
usually default <password> is 'changeit'.
In case webservice is used for third party client then you can use HttpClient to interact. I am not sure what kind of operation you are performing with that webservice. I assume you want to send some xml to that URL. You can refer following code :
HttpPost httppost = new HttpPost(url);
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials(username, password));
CloseableHttpClient client = HttpClientBuilder.create().setDefaultCredentialsProvider(credentialsProvider).build();
StringEntity entity = null;
try {
entity = new StringEntity(xmlToSend);
} catch (UnsupportedEncodingException e) {
LOG.error("Unsupported Encoding ", e);
}
entity.setContentType("text/xml");
httppost.setEntity(entity);
try{
CloseableHttpResponse response = client.execute(httppost);
returnCode = response.getStatusLine().getStatusCode();
EntityUtils.consume(entity);
LOG.debug("HttpResponse :" + EntityUtils.toString(response.getEntity()));
}catch(IOException e){
LOG.error("Error occured while sending the xml");
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.