users@jax-rs-spec.java.net

[jax-rs-spec users] [jsr339-experts] SSL and Authentication affect on client API

From: Bill Burke <bburke_at_redhat.com>
Date: Thu, 06 Dec 2012 17:45:34 -0500

Here's some thoughts on SSL. Was thinking we'd change/refactor/augment
the CLientFactory class, so it might look like this:

Client client = ClientFactory.factory()
                              .serverTruststore(KeyStore truststore)
                              .build();

Client client = ClientFactory.factory()
                              .serverTruststore(KeyStore truststore)
                              .clientKeyStore(KeyStore keystore)
                              .build();

You might want to have additional methods like
serverSSLTrustManager(X509TrustManager)


or options for other ways to set up SSL connections.

For non-cert authentication, I was thinking we could do it at the
WebTarget level:

WebTarget target = client.target("https://")
                          .authentication().basic("username", "password");

interface Authentication {
    WebTarget basic(String username, String password);
    WebTarget digest(String username, String password);
}

interface WebTarget {
    Authentication authentication();
...
}

Is that too limiting?


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com