Java Reference
In-Depth Information
Verifying the Server
HTTPS isn't only about encrypting your network connection, it is also about establishing
trust. One aspect of this on the client side is verifying that the server you are talking to is the
actual server you want to talk to and not some middleman on the network that is spoofing it.
With most secure Internet servers, you do not have to worry about establishing trust because
the server's certificates are signed by a trusted authority like VeriSign, and your JAX-RS cli-
ent implementation will know how to verify certificates signed by these authorities.
In some cases, though, especially in test environments, you may be dealing with servers
whose certificates are self-signed or signed by an unknown authority. In this case, you must
obtain a truststore that contains the server certificates you trust and register them with the
Client API. The
ClientBuilder
has a method for this:
abstract
abstract class
class
ClientBuilder
ClientBuilder
{
public
public abstract
abstract
ClientBuilder
trustStore
(
final
final
KeyStore trustStore
);
}
How you initialize and populate the
KeyStore
is beyond the scope of this topic.
OAuth 2.0
OAuth 2.0 is an authentication protocol that allows an entity to gain access to a user's data in
news site like cnn.com. You're reading an interesting political editorial and want to voice
your opinion on the article in its comment section. To do this, though, you have to tell CNN
who you are and what your email address is. It gives you the option of logging in via your
Google or Facebook account. You are forwarded to Google and log in there. You grant CNN
permission to ask Google who you are and what your email address is, and then you are for-
warded back to cnn.com so that you can enter in your comment. Through this interaction
CNN is granted an access token, which it then uses to obtain information about you via a
seperate HTTP request.
Here's how it works:
1. The CNN website redirects your browser to Google's login page. This redirect sets a
special cnn.com session cookie that contains a randomly generated value. The redirect
URL contains
client_id
,
state
, and
redirect_uri
. The
client_id
is the Google
username CNN has registered with Google.com. The
state
parameter is the same
value that was set in the session cookie. The
redirect_uri
is a URL you want
Google to redirect the browser back to after authentication. A possible redirect URL