You are viewing a plain text version of this content. The canonical link for it is here.

Posted to httpclient-users@hc.apache.org by Ananth Vasudevan <an...@gmail.com> on 2012/01/17 05:01:42 UTC

Question about using SSL in HttpClient 4.1.2

Hi,

I'm migrating from HttpClient 3.x to HttpClient 4.1.2. I'm using http core
4.1.4.
The HttpClient 3.x code posts some data to a SSL enabled URL. We've to
support IPv6 literals and I'm trying to follow the samples and getting an
exception as below:
java.security.AccessControlException: access denied
(java.net.SocketPermission [fd07:2fa:6cff:2021:221:9bff:fe97:d061]:443
connect,resolve)

When I run it from eclipse as an application, it runs and gives the
response. But I'm trying to run it as an applet. The applet is signed using
a verisign
code signing certificate. Ay Pointers/Help is greatly appreciated.

Here's the code snippet:

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;

import org.apache.http.message.BasicNameValuePair;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.NameValuePair;

public class HttpClientUtil {

HttpClient httpClient;
private static final int HTTP_RESPONSE_TIMEOUT = 60*1000;
SSLContext context = null;

public void HttpClientUtil(){
doHttpPost();
}
 private String doHttpPost(){

TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    return null;
}
public void checkClientTrusted(
    java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
    java.security.cert.X509Certificate[] certs, String authType) {
}
    }
};

try {
context = SSLContext.getInstance("SSL");
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
}
try {
context.init(null, trustAllCerts, new java.security.SecureRandom());
} catch (KeyManagementException e1) {
e1.printStackTrace();
}
SSLSocketFactory sf = new SSLSocketFactory(context,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme https = new Scheme("https", 443, sf);

HttpParams httpParams = new BasicHttpParams();
HttpConnectionParams.setConnectionTimeout(httpParams,
HTTP_RESPONSE_TIMEOUT);
HttpConnectionParams.setSoTimeout(httpParams, HTTP_RESPONSE_TIMEOUT);

ClientConnectionManager ccm = new
ThreadSafeClientConnManager();//httpParams);
ccm.getSchemeRegistry().register(https);

httpClient = new DefaultHttpClient(ccm, httpParams);
HttpPost postMethod;
 ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1);
nameValuePairs.add(new BasicNameValuePair("username", "user"));
nameValuePairs.add(new BasicNameValuePair("password", "password"));
String host = "https://[fd07:2fa:6cff:2021:221:9bff:fe97:d061]";
 postMethod = new HttpPost(host);
try{
postMethod.setEntity(new UrlEncodedFormEntity(nameValuePairs));
}catch(UnsupportedEncodingException uex){
uex.printStackTrace();
}
StringBuffer responseStr = null;
try {
HttpResponse response = httpClient.execute(postMethod);
int statusCode = -1;
statusCode = response.getStatusLine().getStatusCode();
responseStr = new StringBuffer();

BufferedReader rd = new BufferedReader(new InputStreamReader(
response.getEntity().getContent()));
String line = "";
while ((line = rd.readLine()) != null) {
responseStr.append(line);
}

} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}catch(IllegalArgumentException iae){
iae.printStackTrace();
}

return new String(responseStr);
}
 public static void main(String a[]){
HttpClientUtil util = new HttpClientUtil();
String response = util.doHttpPost();
System.out.println(response);
 }

}

Best Regards,
Ananth Vasudevan

Re: Question about using SSL in HttpClient 4.1.2

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Mon, 2012-01-16 at 23:01 -0500, Ananth Vasudevan wrote:
> Hi,
> 
> I'm migrating from HttpClient 3.x to HttpClient 4.1.2. I'm using http core
> 4.1.4.
> The HttpClient 3.x code posts some data to a SSL enabled URL. We've to
> support IPv6 literals and I'm trying to follow the samples and getting an
> exception as below:
> java.security.AccessControlException: access denied
> (java.net.SocketPermission [fd07:2fa:6cff:2021:221:9bff:fe97:d061]:443
> connect,resolve)
> 

This is an access control problem which has nothing to do with
HttpClient. You just need to configure security context of your applet
correctly.

Oleg


> When I run it from eclipse as an application, it runs and gives the
> response. But I'm trying to run it as an applet. The applet is signed using
> a verisign
> code signing certificate. Ay Pointers/Help is greatly appreciated.
> 
> Here's the code snippet:
> 
> import java.io.BufferedReader;
> import java.io.IOException;
> import java.io.InputStreamReader;
> import java.io.UnsupportedEncodingException;
> import java.security.KeyManagementException;
> import java.security.NoSuchAlgorithmException;
> import java.util.ArrayList;
> 
> import javax.net.ssl.SSLContext;
> import javax.net.ssl.TrustManager;
> import javax.net.ssl.X509TrustManager;
> 
> import org.apache.http.client.ClientProtocolException;
> import org.apache.http.client.HttpClient;
> import org.apache.http.HttpResponse;
> import org.apache.http.client.methods.HttpPost;
> import org.apache.http.impl.client.DefaultHttpClient;
> import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
> 
> import org.apache.http.message.BasicNameValuePair;
> import org.apache.http.params.BasicHttpParams;
> import org.apache.http.params.HttpConnectionParams;
> import org.apache.http.params.HttpParams;
> import org.apache.http.client.entity.UrlEncodedFormEntity;
> import org.apache.http.conn.ClientConnectionManager;
> import org.apache.http.conn.scheme.Scheme;
> import org.apache.http.conn.ssl.SSLSocketFactory;
> import org.apache.http.NameValuePair;
> 
> public class HttpClientUtil {
> 
> HttpClient httpClient;
> private static final int HTTP_RESPONSE_TIMEOUT = 60*1000;
> SSLContext context = null;
> 
> public void HttpClientUtil(){
> doHttpPost();
> }
>  private String doHttpPost(){
> 
> TrustManager[] trustAllCerts = new TrustManager[]{
>     new X509TrustManager() {
> public java.security.cert.X509Certificate[] getAcceptedIssuers() {
>     return null;
> }
> public void checkClientTrusted(
>     java.security.cert.X509Certificate[] certs, String authType) {
> }
> public void checkServerTrusted(
>     java.security.cert.X509Certificate[] certs, String authType) {
> }
>     }
> };
> 
> try {
> context = SSLContext.getInstance("SSL");
> } catch (NoSuchAlgorithmException e1) {
> e1.printStackTrace();
> }
> try {
> context.init(null, trustAllCerts, new java.security.SecureRandom());
> } catch (KeyManagementException e1) {
> e1.printStackTrace();
> }
> SSLSocketFactory sf = new SSLSocketFactory(context,
> SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
> Scheme https = new Scheme("https", 443, sf);
> 
> HttpParams httpParams = new BasicHttpParams();
> HttpConnectionParams.setConnectionTimeout(httpParams,
> HTTP_RESPONSE_TIMEOUT);
> HttpConnectionParams.setSoTimeout(httpParams, HTTP_RESPONSE_TIMEOUT);
> 
> ClientConnectionManager ccm = new
> ThreadSafeClientConnManager();//httpParams);
> ccm.getSchemeRegistry().register(https);
> 
> httpClient = new DefaultHttpClient(ccm, httpParams);
> HttpPost postMethod;
>  ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1);
> nameValuePairs.add(new BasicNameValuePair("username", "user"));
> nameValuePairs.add(new BasicNameValuePair("password", "password"));
> String host = "https://[fd07:2fa:6cff:2021:221:9bff:fe97:d061]";
>  postMethod = new HttpPost(host);
> try{
> postMethod.setEntity(new UrlEncodedFormEntity(nameValuePairs));
> }catch(UnsupportedEncodingException uex){
> uex.printStackTrace();
> }
> StringBuffer responseStr = null;
> try {
> HttpResponse response = httpClient.execute(postMethod);
> int statusCode = -1;
> statusCode = response.getStatusLine().getStatusCode();
> responseStr = new StringBuffer();
> 
> BufferedReader rd = new BufferedReader(new InputStreamReader(
> response.getEntity().getContent()));
> String line = "";
> while ((line = rd.readLine()) != null) {
> responseStr.append(line);
> }
> 
> } catch (ClientProtocolException e) {
> e.printStackTrace();
> } catch (IOException e) {
> e.printStackTrace();
> }catch(IllegalArgumentException iae){
> iae.printStackTrace();
> }
> 
> return new String(responseStr);
> }
>  public static void main(String a[]){
> HttpClientUtil util = new HttpClientUtil();
> String response = util.doHttpPost();
> System.out.println(response);
>  }
> 
> }
> 
> Best Regards,
> Ananth Vasudevan



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org