Authentication when using RESTful-WS with Jersey

Home Forums LOINC FHIR Terminology Server Authentication when using RESTful-WS with Jersey

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #23100
    Jozef Aerts
    Participant

    Ok – I already got somewhat further, using JAX-RS 2.1 and Jersey 2.7:
    My Java code is:

    webTarget = client.target(BASE_URI);
    webTarget = webTarget.path(“CodeSystem”).path(“$lookup”);
    webTarget = webTarget.queryParam(“system”, “http://loinc.org”);
    webTarget = webTarget.queryParam(“code”, loincCode);
    webTarget = webTarget.property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_BASIC_USERNAME, userName)
    .property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_BASIC_PASSWORD, passWord);
    String answer = webTarget.request(MediaType.APPLICATION_JSON).get(String.class);

    giving the exception:
    Exception in thread “main” javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
    PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
    unable to find valid certification path to requested target

    indicating that the authentication somehow doesn’t get trough.

    So, essentially: how should I pass username and password to the request?

    Many thanks in advance,
    Jozef

     

    #23102
    Tim Briscoe
    Keymaster

    Hi Jozef,

    I’m not a Java developer but I did find this potential solution:

    https://stackoverflow.com/questions/9210514/unable-to-find-valid-certification-path-to-requested-target-error-even-after-c

    Please let me know if this remedies your situation.

    #23112
    Jozef Aerts
    Participant

    GOT IT!

    Can it be that the server certificate is a self-signed one? That could explain a lot of things!

    Essentially, the cause of the problems is that the server certificate is not trusted.
    A work-around (not for production!) is that a Client is generated that trusts all certificates, e.g. using the class “SslTrustAllRestClient” that can be found at: https://gist.github.com/alpegon/6ad3ab45dbcdb2dbb51ac1ac82b8995b
    For this class, you will need the following imports:
    import javax.net.ssl.*;
    import javax.ws.rs.client.*;
    import java.security.*;
    import java.security.cert.*;

    It is then used as follows (example using Jersey 2.6/2.7)

    // create a REST client that trusts all certificates (NOT for production!)
    SslTrustAllRestClient s = new SslTrustAllRestClient();
    Client client = s.createClient();
    // the base URI
    String BASE_URI = “https://fhir.loinc.org”;
    // Add authentication (LOINC username and password)
    HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic(userName, passWord);
    client.register(feature);

    // start a query
    // here, it corresponds to: <code class=”http copy hljs”><span class=”hljs-attribute”>https://fhir.loinc.org/CodeSystem/$lookup?system=http://loinc.org&code=1751-7</span&gt;

    String loincCode = “1751-7”
    webTarget = client.target(BASE_URI);
    webTarget = webTarget.path(“CodeSystem”).path(“$lookup”);
    webTarget = webTarget.queryParam(“system”, new String[] {“http://loinc.org&#8221;});
    webTarget = webTarget.queryParam(“code”, new String[] {loincCode});
    String answer = (String)webTarget.request(new String[]{MediaType.APPLICATION_XML}).get(String.class);

    IMPORTANT: in applications, always add a “MediaType” as the default is … HTML (i.e. the “website”) which of course doesn’t make sense in applications.

    If the server’s certificate is self-signed, please consider a real one, that would make everything much easier.
    Best regards
    Jozef Aerts, XML4Pharma (mail address easy to find if someone wants to get in contact … 🙂 )

    #23114
    Tim Briscoe
    Keymaster

    @Jozef – No, the certificate for fhir.loinc.org is signed by Let’s Encrypt.

    https://www.ssllabs.com/ssltest/analyze.html?d=fhir.loinc.org&hideResults=on

    • This reply was modified 1 year, 1 month ago by Tim Briscoe.
    #23116
    Jozef Aerts
    Participant

    Thanks Tim,
    That is good to hear – so it must be something else.
    Reason is that I developed a good amount of other RESTful clients that work with https and where there is no problem.
    I could of course download the certificate and put it in the Java keystore, but that would make the application non-portable and hard to deploy for non-specialists.

    However, it works for me right now and I can start exploring these wonderful services!

    Many thanks for your support!

    Jozef

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.