Apache Rest Client

Posted on  by admin
  1. Apache Camel Rest Client Example
  2. Apache Cxf Rest Client

Introduction

The tutorial, REST over HTTPS with client certificate authentication, will show you how we can use client certificate to handshake with server along with basic authentication for consuming the service. Even you can use header authentication along with client certificate to make more secure. I will create Spring Boot application on Spring REST API and build the application using both maven and gradle build tools.

I will show here both server side code and client side code using Spring Boot framework so that server expects client to establish communication through certificate authentication. Here to consume the service you will be given client certificate (extention might be .crt or .der or .p12 or anything else), password for this certificate and username/password for basic authentication (in case if you need also header authentication).

The certificate we are going to use is generated by ourselves using the Java’s built-in tool utility called keytool.

The RestClient is the entry point for all rest service operations. The RestClient is used to create instances of Resource classes that are used to make the actual invocations to the service. The client can be initialized with a user supplied configuration to specify custom Provider classes, in addition to other configuration options.

Obviously if your client is Java then using ActiveMQ’s JMS API is the fastest and most efficient way to work with the message broker; however, if you are not using Java or prefer the simplicity of HTTP then it should be fairly efficient, especially if your HTTP client supports keep-alive sockets and pipeline processing. Combining Apache Kafka and the Rest client. By Clement Escoffier. Another week, another interesting question. This week, someone asks me about combining Kafka and the Rest Client. That is a recurring subject, and most of the time, the goal is to achieve the following process. This tutorial show you how to use Apache HttpClient to create a RESTful Java client to perform “GET” requests to REST service.

Prerequisites

Eclipse 2019-12, At least Java 8, Gradle 6.1.1, Maven 3.6.3, Spring Boot 2.2.4

We are going to create two separate Spring Boot applications, one is REST Server (server application) and another one is REST Client (client application).

Apache Rest Client

REST Server

This the server project using Spring Boot framework which will expose REST API endpoint on http/https port and this endpoint will be called from the client application.

Create Project

Apache Rest Client

First step is to create a project in Eclipse. The name of the project is spring-rest-https-server.

If you are creating a gradle based project then you can use the below build.gradle script.

If you are creating maven based project then you can use the below pom.xml file.

REST Controller

We will create a Spring REST Controller class that will expose an endpoint on http/https port. This endpoint returns the temperature after conversion into farenheit from celsius or vice versa.

The enum and DTO class which were used in the above Spring REST controller class are given below.

Main Class

We need a class having main method with @SpringBootApplication annotation to deploy the application into embedded Tomcat server.

REST Client

This the client project using Spring Boot framework which will call the REST API endpoint on http/https port.

Create Project

Here also the first step is to create a project in Eclipse. The name of the project is spring-rest-https-server.

If you are creating a gradle based project then you can use the below build.gradle script. We have excluded the Tomcat server from the starter-web dependency as we don’t need to start the server to call the REST service using Spring RestTemplate API.

If you are creating maven based project then you can use the below pom.xml file.

REST Template

As we said that we will use Spring RestTemplate to invoke the REST service to get the desired result. Therefore we are going to create a client class with the below source code.

RestTemplate Config

As we have used RestTemplate in our above client class, so we need to configure the RestTemplate as a bean.

Note that we have the same enum and DTO class in our client application.

Main Class

We need a class having main method with @SpringBootApplication annotation to run our application.

In this client application we are running the application as a standalone or non web application. Therefore we implement the interface CommandLineRunner.

Testing the Application

Make sure you run the server application followed by client application.

On client application console you will get the below output:

Server Certificate

So far so good… We were able to run our applications over http protocol. So the data passed over the network was not secured. Therefore I am going to tell you how to use https protocol (SSL connection) and authenticate using client certificate for establishing communication between server and client applications.

Related Posts:

Now to make our applications runnable on https protocol using certificate, we need certificate. We will generate our own SSL certificate using Java’s built-in keytool utility. In other cases you will get such certificate from certificate authority.

If you have already setup environment variable for Java then you may be able to generate from any path location or you may navigate to the jdk bin directory from cmd prompt and execute the following command. Please note that password must be at least six characters long in length.

When you type the above command you will be asked few questions and you may answer them similar to as shown in the below image:

So you have successfully generated a keystore called certificate.jks with a newly generated certificate in it with certificate alias selfsigned and password changeit and validity for this certificate is 360 days.

Note your certificate is generated under the directory as you are executing the command currently on a directory in the cmd line tool.

Check the generated certificate using the following command:

You will find similar to the below image:

Then we use this certificate in our server application by declaring the followings in the application.properties file in src/main/resources directory.

Now you see we have updated default port from 8080 to 8443 to use https instead of http protocol.

Please make sure you have put the certificate.jks file under classpath src/main/resources directory.

Testing the Application

Now run the server application.

Apache Camel Rest Client Example

Next replace the line in class TempConverterRestClient in client application.

by

Now run the client application, you will get error similar to below (full stack trace removed):

Client Certificate

Now we will create client certificate to handshake with server application.

Let’s create separate certificate for client. Here we will access the service from Java code, so we will create client certificate for Java client.

If you access the service from other clients as well, then create certificate for each client you are accessing from.

Use the following command in cmd prompt in order to generate client certificate for Java client:

So when prompt for several questions then give the same answers you had give while generating the server certificate.

Apache Cxf Rest Client

Now we need to extract the certificate from truststore for Java client because we need to import this certificate for remote authentication using the following command:

So the certificate file javaclient.crt gets generated.

Now we have to add the above generated certificate to keystore in order to establish the handshake between client and server.

Once prompted for Trust this certificate? [no]: . Type yes.

Now check the truststore should have javaclient certificate using below command:

So you will see output something similar to the below image:

Configure Server Application (REST Server)

Now we need to configure also javaclient truststore at server side so that server knows who is trying to establish connection among themselves.

So put the generated truststore.jks in the classpath directory src/main/resources.

So the whole application.properties file looks similar to below:

It is mandatory to set the server.ssl.client-auth=need in order to make the client authentication mandatory.

So now you neither be able to view nor be able to connect to service from anywhere except Java client.

Configure Client Application (REST Client)

Next put the generated javaclient.jks (remember you generated this file during generating truststore) file under classpath directory src/main/resources. Put also the certificate.jks file (generated at the server side code) under classpath directory src/main/resources directory.

We need Apache httpclient library to produce the socket factory for establishing the TLS/SSL connection. Now we will update the RestTemplate bean to have a supplier of request factory instance.

Therefore first make an entry to the build.gradle or pom.xml file:

or

Next we need to update the RestTemplate bean as given below:

Testing the Application

Finally run the server application followed by client application. Eventually you will get the same output over https protocol as you got over http protocol.

That’s all. Hope you got an idea how to authenticate client application using certificate.

Source Code

Thanks for reading.