CODEWITHSUNDEEP
javaspringsslapache-httpclient-4.xresttemplate
timothyclifford
timothyclifford

Reputation: 6969

Spring Boot AsyncRestTemplate SSLSocketFactory

Deploying a Spring Boot application in WebSphere. Due to their SSL configuration, we need to explicitly specify the SSLSocketFactory to ensure the application uses the WebSphere certificates and not the default Java key/trust stores.

Doing this via the RestTemplate is straightforward:

protected RestTemplate getRestTemplate() {

    SSLSocketFactory sslSocketFactory = new SSLSocketFactory(
        (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
        SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
    );

    SchemeRegistry registry = new SchemeRegistry();
    registry.register(new Scheme(HTTP_SCHEME, HTTP_PORT, PlainSocketFactory.getSocketFactory()));
    registry.register(new Scheme(HTTPS_SCHEME, HTTPS_PORT, sslSocketFactory));

    BasicClientConnectionManager connectionManager = new BasicClientConnectionManager(registry);
    DefaultHttpClient httpClient = new DefaultHttpClient(connectionManager);
    ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);

    return new RestTemplate(requestFactory);
}

However with the AsyncRestTemplate, I am unable to find how to set the SSLSocketFactory:

protected AsyncRestTemplate getAsyncRestTemplate() throws IOReactorException, NoSuchAlgorithmException {

    SSLIOSessionStrategy strategy = new SSLIOSessionStrategy(
        SSLContext.getDefault(),
        SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
    );

    Registry<SchemeIOSessionStrategy> registry = RegistryBuilder.<SchemeIOSessionStrategy>create()
        .register(HTTP_SCHEME, NoopIOSessionStrategy.INSTANCE)
        .register(HTTPS_SCHEME, strategy)
        .build();

    PoolingNHttpClientConnectionManager connManager = new PoolingNHttpClientConnectionManager(
        new DefaultConnectingIOReactor(),
        registry
    );

    CloseableHttpAsyncClient httpClient = HttpAsyncClientBuilder
        .create()
        .setConnectionManager(connManager)
        .build();

    AsyncClientHttpRequestFactory requestFactory = new HttpComponentsAsyncClientHttpRequestFactory(httpClient);

    return new AsyncRestTemplate(requestFactory);
}

In essence, I need to call:

(javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault()

Which triggers WebSphere to override SSL connection handling.

Any ideas on what I'm missing are greatly appreciated - thanks.

Upvotes: 3

Views: 2476

Answers (1)

ok2c
ok2c

Reputation: 27593

You cant. javax.net.SocketFactory is incompatible with NIO based i/o models. There is no way around using SSLContext for non-blocking SSL.

Upvotes: 4

Related Questions