MicroProfile Rest Client provides a uniform way to configure SSL for the client.
By default, a MicroProfile Rest Client implementation uses the JVM trust store. MicroProfile Rest Client provides a way to specify a custom trust store.
For clients created programmatically, the trust store should be read to
a KeyStore
object and specified as follows:
KeyStore trustStore = readTrustStore();
RestClientBuilder.newBuilder()
.trustStore(trustStore)
For CDI injected clients, the trust store can be specified with MicroProfile Config properties:
-
myClient/mp-rest/trustStore
to set the trust store location. Can point to either a classpath resource (e.g.classpath:/client-truststore.jks
) or a file (e.g.file:/home/user/client-truststore.jks
) -
myClient/mp-rest/trustStorePassword
to set the password for the keystore -
myClient/mp-rest/trustStoreType
to set the type of the trust store. Defaults to "JKS"
A custom HostnameVerifier
can be used to determine if
an SSL connection that fails on a URL’s hostname and a server’s
identification hostname mismatch should be allowed.
To specify a hostname verifier for a programmatically created client, use:
RestClientBuilder.newBuilder()
.hostnameVerifier(verifier)
For CDI, the verifier can be specified by setting the
myClient/mp-rest/hostnameVerifier
MicroProfile Config property
to the class name of the verifier. The class must have a
public no-argument constructor.
Client key stores are useful for two-way SSL connections.
The programmatic API provides a keystore
method for specifying the client
key store. The method accepts a KeyStore
object.
For the CDI usage, the keystore can be specified with MicroProfile Config properties similar to the trust store properties:
-
myClient/mp-rest/keyStore
to set the key store location. Can point to either a classpath resource (e.g.classpath:/client-keystore.jks
) or a file (e.g.file:/home/user/client-keystore.jks
) -
myClient/mp-rest/keyStorePassword
to set the password for the keystore -
myClient/mp-rest/keyStoreType
to set the type of the key store. Defaults to "JKS"