users@jersey.java.net

[Jersey] Re: Client - Server SSL communication, 400 Bad Request

From: John Yeary <johnyeary_at_gmail.com>
Date: Tue, 13 Mar 2012 08:44:57 -0400

Hello JL,

That could be the response from server which does not understand the SSL
request. Did you add an SSL context to your client application. Like
something below.

John

ClientConfig config = new DefaultClientConfig(); // SSL configuration

config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new
HTTPSProperties(getHostnameVerifier(), getSSLContext()));

 private SSLContext getSSLContext() {
        javax.net.ssl.TrustManager x509 = new
javax.net.ssl.X509TrustManager() {

            @Override
            public void
checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
            }

            @Override
            public void
checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
            }

            @Override
            public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
                return null;
            }
        };
        SSLContext ctx = null;
        try {
            ctx = SSLContext.getInstance("SSL");
            ctx.init(null, new javax.net.ssl.TrustManager[]{x509}, null);
        } catch (java.security.GeneralSecurityException ex) {
        }
        return ctx;
    }
____________________________

John Yeary
____________________________
*NetBeans Dream Team*
*President Greenville Java Users Group
Java Users Groups Community Leader
Java Enterprise Community Leader*

____________________________

<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary>
  <http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
  <http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
  <http://netbeans.org/people/84414-jyeary>

"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt



On Tue, Mar 13, 2012 at 6:15 AM, Jean-Louis FERRER <
ferrer.jeanlouis_at_gmail.com> wrote:

> Hey,
>
> The situation is as follows:
>
> I wish to create a Client that connects to a server (using SSL), and send
> some request (mainly GET ones). The server part isn't mine, I cannot have
> access to it other than through requests.
>
> Whatever request I send to the server (and I am sure these requests do
> work, because I can run them on Chrome, Firefox, IE and get the right
> result as XML/plain text), I get a 400 Bad Request error as follows:
>
> GET https://server/.../service returned a response status of 400 Bad
> Request
> at com.sun.jersey.api.client.WebResource.handle(WebResource.java:686)
> at
> com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
> at
> com.sun.jersey.api.client.WebResource$Builder.method(WebResource.java:621)
> at
> package.Localhost$ManagerManagerIdService.getAsApplicationXml(Localhost.java:2146)
> at package.Test.main(Test.java:29)
>
> Now I wonder, since I know that the request is working, I guess it could
> come from the SSL implementation I have found and adapted (tried various
> ones, found on the internet or here). Shouldn't it be sending a 403
> Forbidden error in case of authentification problem ? If it is not an
> authentification problem, then I'm just clueless as to where does this
> problem come from ...
>
> The Localhost.java file (and some others) were generated using the
> wadl2java tool.
>
> Let me know if you want to have a look at the implementation of the Client.
>
> Cheers,
> JL
>