I have a web service using Jersey API on both server side and
client side, the service is running on glassfishv3+jdk1.5. My web
service worked well without https, now I want to secure the
communication between client and server.
I have tried the https example from
http://blogs.sun.com/jluehe/
entry/how_to_downshift_from_https, and it worked. It was a simple
REST web service.
I followed the examples in the forum but still can not get it
running. My web.xml configuration is like follows:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN" "
http://java.sun.com/dtd/web-app_2_3.dtd"><!--
http://java.sun.com/dtd/web-app_2_3.dtd-->
<web-app>
<display-name>Archetype Created Web Application</display-name>
<servlet>
<servlet-name>CheroServer</servlet-name>
<servlet-
class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-
class>
<init-param>
<param-
name>com.sun.jersey.config.property.resourceConfigClass</param-name>
<param-
value>com.sun.jersey.api.core.PackagesResourceConfig</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.property.packages</
param-name>
<param-value>org.chero.server.resources</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected resource</web-resource-name>
<url-pattern>/jobs</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected resource2</web-resource-name>
<url-pattern>/jobs/*</url-pattern>
<http-method>GET</http-method>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
and to create the client:
ClientConfig config = new DefaultClientConfig();
HostnameVerifier hv = new HostnameVerifier() {
//_at_Override
public boolean verify(String hostname, SSLSession
session) {
System.out.println("Warning: URL Host: " + hostname
+ " vs. " + session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
try { // Create a trust manager that does not validate
certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{new
X509TrustManager() {
public void checkClientTrusted
(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted
(java.security.cert.X509Certificate[] certs, String authType) {
}
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
}
};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new
java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory
(sc.getSocketFactory());
} catch (Exception ex) {
throw new RuntimeException(ex);
}
final String BASE_URI = "
https://localhost:8181/cheroServer";
Client c = Client.create(config);
......
ClientResponse response = service.path("/jobs").
type("multipart/mixed").post
(ClientResponse.class, multiPart);
Now when I type :
http://localhost:8080/cheroServer/jobs in the web browser, it would
redirect to :
https://localhost:8181/cheroServer/jobs, but there is nothing but an
error on the page:
The requested resource () is not available.
I would really appreciate if someone can give me help.
Regards.
Odin.