File: README.html

package info (click to toggle)
jersey1 1.19.3-8
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 22,944 kB
  • sloc: java: 158,166; xml: 31,914; jsp: 330; python: 42; sh: 17; makefile: 8
file content (136 lines) | stat: -rw-r--r-- 7,065 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!--

    DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

    Copyright (c) 2010-2011 Oracle and/or its affiliates. All rights reserved.

    The contents of this file are subject to the terms of either the GNU
    General Public License Version 2 only ("GPL") or the Common Development
    and Distribution License("CDDL") (collectively, the "License").  You
    may not use this file except in compliance with the License.  You can
    obtain a copy of the License at
    http://glassfish.java.net/public/CDDL+GPL_1_1.html
    or packager/legal/LICENSE.txt.  See the License for the specific
    language governing permissions and limitations under the License.

    When distributing the software, include this License Header Notice in each
    file and include the License file at packager/legal/LICENSE.txt.

    GPL Classpath Exception:
    Oracle designates this particular file as subject to the "Classpath"
    exception as provided by Oracle in the GPL Version 2 section of the License
    file that accompanied this code.

    Modifications:
    If applicable, add the following below the License Header, with the fields
    enclosed by brackets [] replaced by your own identifying information:
    "Portions Copyright [year] [name of copyright owner]"

    Contributor(s):
    If you wish your version of this file to be governed by only the CDDL or
    only the GPL Version 2, indicate your decision by adding "[Contributor]
    elects to include this software in this distribution under the [CDDL or GPL
    Version 2] license."  If you don't indicate a single choice of license, a
    recipient has the option to distribute your version of this file under
    either the CDDL, the GPL Version 2 or to extend the choice of license to
    its licensees as provided above.  However, if you add GPL Version 2 code
    and therefore, elected the GPL Version 2 license, then the option applies
    only if the new code is made subject to such option by the copyright
    holder.

-->
<html><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><title>HTTPS Client/Server Example - Grizzly</title></head>


    <body style="width: 50em">
        <h1>HTTPS Client/Server Example - Grizzly</h1>

        <p>This example demonstrates how to develop RESTful HTTPS Server using
            Grizzly and how to implement HTTPS Client using Jersey with server authentication.</p>

        <h2>Contents</h2>
        <h3>Server side</h3>

        <p>This example consists of just one resource - RootResource, which is
            basically copy of HelloWorld Resource from corresponding sample with little
            improvement.</p>

        <p>Other classes are used to start Grizzly embedded server and set up its
            authentication and authorization mechanism and keystore and truststore.
        </p>

        <h3>Client side</h3>
        <p>Client side is implemented as a test case, see class <b>com.sun.jersey.samples.https_grizzly.MainTest</b>,
            and its method <code>testSSLWithAuth</code> (others are just tests for invalid authorization).
            First thing you have to do if you want to communicate with service via
            https is set up <b>SSLContext</b> which is basically providing keystore and
            truststore. Keystore is used for storing own keys and truststore is used for storing certificates to
            which you have decided to trust. For more informations see <a href="#JSSERefGuide">[1]</a>.</p>
        <p>To set <b>SSLContext</b> on Jersey client you have to create instance of <b>com.sun.jersey.client.urlconnection.HTTPSProperties</b>
            and set it as a property to the client instance:

        <pre>    HTTPSProperties prop = new HTTPSProperties(null, context);

    DefaultClientConfig dcc = new DefaultClientConfig();
    dcc.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, prop);

    Client c = Client.create(dcc);</pre>


<h3>Certificates setup</h3>
<p><b>These steps are not required to run this example. Pregenerated keystore and
truststore files are already present. Password used was "asdfgh".</b></p>
<p>We needed set up few things to get this example working:
<ul>
    <li>generate client and server keys</li>
    <li>generate client and server certificates</li>
    <li>import certificates to corresponding truststores</li>
</ul>
Client certificate is needed too because we're going to use server-side
certificate authentication as well (yes, after this HTTP Basic authentication
seems to be kind of redundant but there are some usecases where you might
want to use them both).

<p>
    Generate client key and store it into keystore:<br />
<pre>keytool -genkey -keystore ./keystore_client -alias clientKey -dname "CN=Client, OU=Jersey, O=Oracle, L=Prague, ST=Czech Republic, C=CZ"</pre>
Generate client certificate (this will generate self-signed certificate; if you have certification authority and want generate certificate request, use keytool -certreq):<br />
<pre>keytool -export -alias clientKey -rfc -keystore ./keystore_client > ./client.cert</pre>
Import client certificate to servers truststore:<br />
<pre>keytool -import -alias clientCert -file ./client.cert -keystore ./truststore_server</pre>

These steps are similar for server side:
<pre>keytool -genkey -keystore ./keystore_server -alias serverKey -dname "CN=localhost, OU=Jersey, O=Oracle, L=Prague, ST=Czech Republic, C=CZ"
keytool -export -alias serverKey -rfc -keystore ./keystore_server > ./server.cert
keytool -import -alias serverCert -file ./server.cert -keystore ./truststore_client</pre>


<h2>Running the Example</h2>
<p>Run the example as follows:</p>
<p> test
<blockquote><code>mvn test</code></blockquote></p>
<p> run 
<blockquote><code>mvn compile exec:java</code></blockquote></p>
<p>From a web browser, visit:<br />
    <b style="color: red">This won't work! *</b>
<blockquote><code><a href="https://localhost:4463/">https://localhost:4463/</a></code></blockquote>
<b style="color: red">[*]</b> Your web browser needs have and use generated
client keys. Or you have to disable server side client
authentication - set NeedClientAuth to false: <b>new SSLEngineConfigurator(sslContext).setClientMode(false).setNeedClientAuth(<span style="color:red">false</span>)</b>
in <i>Server.java</i>. Then ignore any security warning (self-signed certificates
    aren't trusted in general) and login with username "user" and password "password".
    Text "JERSEY HTTPS EXAMPLE" should appear.
    
    <p>Mozila Firefox and Internet Explorer don't allow users to
    display any content provided on behalf of any self-signed certificate so you have to use some other
    browser which allows this (for example Safari or Opera).</p>


<h2>References</h2>

<a name="JSSERefGuide"/>[1] <a href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html">http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html</a>



</body></html>