作者:chszs,转载需注明。
作者博客主页:http://blog.csdn.net/chszs
在我们的开发环境中,我们为应用程序配置了自签名的SSL证书,很显然,我们不会为开发服务器花证书的钱。所以,我们就面临着“如何调用带不可信SSL证书的REST Web服务”这样的问题。
我使用Jersey REST客户端调用REST Web服务,代码示意如下:
作者chszs,转载需注明。博客主页:http://blog.csdn.net/chszs
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {}
public void checkServerTrusted(X509Certificate[] certs, String authType) {}
}
};
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
ClientConfig config = new DefaultClientConfig();
config.getProperties().put(
HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
new HTTPSProperties(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
},
context)
);
Client client = Client.create(config);
client.setFollowRedirects(true);
WebResource resource = client.resource("https://myserver/myws");
resource.accept(MediaType.APPLICATION_JSON_TYPE);
String result = resource.post(String.class);