timothyclifford February 2016

Spring Boot AsyncRestTemplate SSLSocketFactory

Deploying a Spring Boot application in WebSphere. Due to their SSL configuration, we need to explicitly specify the SSLSocketFactory to ensure the application uses the WebSphere certificates and not the default Java key/trust stores.

Doing this via the RestTemplate is straightforward:

protected RestTemplate getRestTemplate() {

    SSLSocketFactory sslSocketFactory = new SSLSocketFactory(
        (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
        SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
    );

    SchemeRegistry registry = new SchemeRegistry();
    registry.register(new Scheme(HTTP_SCHEME, HTTP_PORT, PlainSocketFactory.getSocketFactory()));
    registry.register(new Scheme(HTTPS_SCHEME, HTTPS_PORT, sslSocketFactory));

    BasicClientConnectionManager connectionManager = new BasicClientConnectionManager(registry);
    DefaultHttpClient httpClient = new DefaultHttpClient(connectionManager);
    ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);

    return new RestTemplate(requestFactory);
}

However with the AsyncRestTemplate, I am unable to find how to set the SSLSocketFactory:

protected AsyncRestTemplate getAsyncRestTemplate() throws IOReactorException, NoSuchAlgorithmException {

    SSLIOSessionStrategy strategy = new SSLIOSessionStrategy(
        SSLContext.getDefault(),
        SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
    );

    Registry<SchemeIOSessionStrategy> registry = RegistryBuilder.<SchemeIOSessionStrategy>create()
        .register(HTTP_SCHEME, NoopIOSessionStrategy.INSTANCE)
        .register(HTTPS_SCHEME, strategy)
        .build();

    PoolingNHttpClientConnectionManager connManager = new PoolingNHttpClientConnectionManager(
        new DefaultConnectingIOReactor(),
        registry
    );

    CloseableHttpAsyncClient httpClient = HttpAsyncClientBuilder
        .create        

Answers


oleg February 2016

You cant. javax.net.SocketFactory is incompatible with NIO based i/o models. There is no way around using SSLContext for non-blocking SSL.

Post Status

Asked in February 2016
Viewed 3,117 times
Voted 7
Answered 1 times

Search




Leave an answer