How to use SSL with Jersey 2.x and Apache Connection manager

Question

I would like to use connection pooling with my Jersey 2.x rest clients. I have the following code:

ClientConfig clientConfig = new ClientConfig();
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager();
connectionManager.setMaxTotal(100);
connectionManager.setDefaultMaxPerRoute(20);
clientConfig.property(ApacheClientProperties.CONNECTION_MANAGER, connectionManager);

clientConfig.connectorProvider(new ApacheConnectorProvider());  

Client client = ClientBuilder.newBuilder()
    .withConfig(clientConfig)
    .sslContext(SslConfigurator.getDefaultContext())
    .build();

But this does not work for sites that require a client certificate. If I don't use the PoolingHttpClientConnectionManager (i.e. comment it out like this:)

//clientConfig.property(ApacheClientProperties.CONNECTION_MANAGER, connectionManager);

Then the client certificate is sent.

How can I setup the PoolingHttpClientConnectionManager to use javax.net.ssl... properties?

score 2 · Accepted Answer · answered Jun 17 '15 at 09:26

2

Use SSL socket factory configured with system properties

Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", SSLConnectionSocketFactory.getSystemSocketFactory())
        .build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);

answered Jun 17 '15 at 09:26

ok2c

26,450
5
63
71

Thanks for your help. This did work, although I find it quite counter-intuitive that Jersey ignores the `sslcontext` in this case. It would be nice if I didn't have to deal with registering stuff like this. – user1585916 Jun 17 '15 at 16:25

score 0 · Answer 2 · answered Oct 19 '15 at 13:51

The example above works if you use the default SSL context. If you have a custom SSL context, such as :

    SslConfigurator sslConfig = SslConfigurator.newInstance()
    .trustStoreFile(...).trustStorePassword(...)
    .keyStoreFile(...).keyStorePassword(...).keyPassword(...);
SSLContext sslContext = sslConfig.createSSLContext();

then give it to the PoolingHttpClientConnectionManager as such :

    Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
    .register("http", PlainConnectionSocketFactory.getSocketFactory())
    .register("https", new SSLConnectionSocketFactory(sslContext))
    .build();
    PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);

The call to ClientBuilder.sslContext() is no longer necessary.

How to use SSL with Jersey 2.x and Apache Connection manager

2 Answers2