MicroProfile Rest Client provides a uniform way to configure SSL for the client.
By default, a MicroProfile Rest Client implementation uses the JVM trust store. MicroProfile Rest Client provides a way to specify a custom trust store.
For clients created programmatically, the trust store should be read to
a KeyStore object and specified as follows:
KeyStore trustStore = readTrustStore();
RestClientBuilder.newBuilder()
.trustStore(trustStore)For CDI injected clients, the trust store can be specified with MicroProfile Config properties:
-
myClient/mp-rest/trustStoreto set the trust store location. Can point to either a classpath resource (e.g.classpath:/client-truststore.jks) or a file (e.g.file:/home/user/client-truststore.jks) -
myClient/mp-rest/trustStorePasswordto set the password for the keystore -
myClient/mp-rest/trustStoreTypeto set the type of the trust store. Defaults to "JKS"
A custom HostnameVerifier can be used to determine if
an SSL connection that fails on a URL’s hostname and a server’s
identification hostname mismatch should be allowed.
To specify a hostname verifier for a programmatically created client, use:
RestClientBuilder.newBuilder()
.hostnameVerifier(verifier)For CDI, the verifier can be specified by setting the
myClient/mp-rest/hostnameVerifier MicroProfile Config property
to the class name of the verifier. The class must have a
public no-argument constructor.
Client key stores are useful for two-way SSL connections.
The programmatic API provides a keystore method for specifying the client
key store. The method accepts a KeyStore object.
For the CDI usage, the keystore can be specified with MicroProfile Config properties similar to the trust store properties:
-
myClient/mp-rest/keyStoreto set the key store location. Can point to either a classpath resource (e.g.classpath:/client-keystore.jks) or a file (e.g.file:/home/user/client-keystore.jks) -
myClient/mp-rest/keyStorePasswordto set the password for the keystore -
myClient/mp-rest/keyStoreTypeto set the type of the key store. Defaults to "JKS"