Jozef Aerts

Forum Replies Created

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • in reply to: Authentication when using RESTful-WS with Jersey #23116

    Jozef Aerts
    Participant

    Thanks Tim,
    That is good to hear – so it must be something else.
    Reason is that I developed a good amount of other RESTful clients that work with https and where there is no problem.
    I could of course download the certificate and put it in the Java keystore, but that would make the application non-portable and hard to deploy for non-specialists.

    However, it works for me right now and I can start exploring these wonderful services!

    Many thanks for your support!

    Jozef

    in reply to: Authentication when using RESTful-WS with Jersey #23112

    Jozef Aerts
    Participant

    GOT IT!

    Can it be that the server certificate is a self-signed one? That could explain a lot of things!

    Essentially, the cause of the problems is that the server certificate is not trusted.
    A work-around (not for production!) is that a Client is generated that trusts all certificates, e.g. using the class “SslTrustAllRestClient” that can be found at: https://gist.github.com/alpegon/6ad3ab45dbcdb2dbb51ac1ac82b8995b
    For this class, you will need the following imports:
    import javax.net.ssl.*;
    import javax.ws.rs.client.*;
    import java.security.*;
    import java.security.cert.*;

    It is then used as follows (example using Jersey 2.6/2.7)

    // create a REST client that trusts all certificates (NOT for production!)
    SslTrustAllRestClient s = new SslTrustAllRestClient();
    Client client = s.createClient();
    // the base URI
    String BASE_URI = “https://fhir.loinc.org”;
    // Add authentication (LOINC username and password)
    HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic(userName, passWord);
    client.register(feature);

    // start a query
    // here, it corresponds to: <code class=”http copy hljs”><span class=”hljs-attribute”>https://fhir.loinc.org/CodeSystem/$lookup?system=http://loinc.org&code=1751-7</span&gt;

    String loincCode = “1751-7”
    webTarget = client.target(BASE_URI);
    webTarget = webTarget.path(“CodeSystem”).path(“$lookup”);
    webTarget = webTarget.queryParam(“system”, new String[] {“http://loinc.org”});
    webTarget = webTarget.queryParam(“code”, new String[] {loincCode});
    String answer = (String)webTarget.request(new String[]{MediaType.APPLICATION_XML}).get(String.class);

    IMPORTANT: in applications, always add a “MediaType” as the default is … HTML (i.e. the “website”) which of course doesn’t make sense in applications.

    If the server’s certificate is self-signed, please consider a real one, that would make everything much easier.
    Best regards
    Jozef Aerts, XML4Pharma (mail address easy to find if someone wants to get in contact … 🙂 )

    in reply to: Source code example? #23103

    Jozef Aerts
    Participant

    A short update: Tim pointed me to: https://stackoverflow.com/questions/9210514/unable-to-find-valid-certification-path-to-requested-target-error-even-after-c

    I was a bit puzzled as I do have other client applications that use RESTful web services that run over https with authentication (though over POST) and did run without problems in the past (MedLine-Plus, UMLS-NLM, …). I ran them again at home yesterday night and suddenly they did not run anymore, giving a similar error (handschake problem – these programs still use JAX-RS 1). At work however, where I am currently developing the new LOINC application, they run fine.
    So this contributed to further confusion.
    So, at the moment it looks like it has to do with whether and how certificates are stored in the JRE, how they did get there (I never explicitely added some manually),  and how they are maintained when a JRE update takes place.

    When I find a solution, I will surely make it available to the broad public. This LOINC service is so immensely important for the medical informatics world … In the mean time, if someone has created a Java client successfully, I am always glad to hear.

Viewing 3 posts - 1 through 3 (of 3 total)