jersey.api.client.ClientHandlerException

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

jersey.api.client.ClientHandlerException

Amy Yang (amyyang)
Hi,
 
I am trying to test a GET from a Jersey Server.  I got "jersey.api.client.ClientHandlerException" at the line in red below.  Could you please point me to any link or doc that can help me resolve this issue.
 
 
 public String getRequest (String uri){
    DefaultApacheHttpClientConfig config = new DefaultApacheHttpClientConfig();
    config.getState().setCredentials(null, null, -1, "Administrator", "abc123");
    ApacheHttpClient client = ApacheHttpClient.create(config);
    WebResource webResource = client.resource(uri);
    String response = (String)webResource.get(String.class);   
    return response;
 }
 
 

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at com.sun.jersey.client.apache.ApacheHttpClientHandler.handle(ApacheHttpClientHandler.java:264)

at com.sun.jersey.api.client.Client.handle(Client.java:569)

at com.sun.jersey.api.client.WebResource.handle(WebResource.java:556)

at com.sun.jersey.api.client.WebResource.get(WebResource.java:179)

at com.cisco.cucms.cupm.rest.client.webServices.RESTfulServicesEngine.getRequest(RESTfulServicesEngine.java:58)

at com.cisco.cucms.cupm.rest.client.test.RESTfulClientTest.test(RESTfulClientTest.java:34)

Thanks,
Amy
Reply | Threaded
Open this post in threaded view
|

Re: jersey.api.client.ClientHandlerException

Jason Winnebeck-2
This looks like to me a Java SSL problem. I don't know if it is any different
with the Apache HTTP client, but for the "native" JRE SSL you need to have the
server with a certificate signed by a certificate in the keystore. Java comes
with most of the popular CAs you would expect (Verisign, Thawte, etc.). But if
you have a self-signed certificate or a cert signed by a CA not in the Java
JRE you will need to manually add it to the keystore. I think there's a way to
set up some class that can verify the key directly (instead of letting Java do
it automatically), but I don't know how to do it offhand. The rest you should
be able to find out by searching.

Jason

On 6/30/2010 3:15 PM, Amy Yang (amyyang) wrote:
> Hi,
> I am trying to test a GET from a Jersey Server.
> _com.sun.jersey.api.client.ClientHandlerException_:
> _javax.net.ssl.SSLHandshakeException_:
> _sun.security.validator.ValidatorException_: PKIX path building failed:
> _sun.security.provider.certpath.SunCertPathBuilderException_: unable to
> find valid certification path to requested target

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: jersey.api.client.ClientHandlerException

Paul Sandoz
Administrator

On Jun 30, 2010, at 11:18 PM, Jason Winnebeck wrote:

> This looks like to me a Java SSL problem. I don't know if it is any  
> different with the Apache HTTP client, but for the "native" JRE SSL  
> you need to have the server with a certificate signed by a  
> certificate in the keystore. Java comes with most of the popular CAs  
> you would expect (Verisign, Thawte, etc.). But if you have a self-
> signed certificate or a cert signed by a CA not in the Java JRE you  
> will need to manually add it to the keystore. I think there's a way  
> to set up some class that can verify the key directly (instead of  
> letting Java do it automatically), but I don't know how to do it  
> offhand. The rest you should be able to find out by searching.
>

Also here is a sample using the default client support with SSL and  
Grizzly:

http://download.java.net/maven/2/com/sun/jersey/samples/https-clientserver-grizzly/1.3/https-clientserver-grizzly-1.3-project.zip

Take a close look at the unit test that sets up the client.

The ApacheHTTPClient may have a different approach to setting up the  
SSL certs.

Paul.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: jersey.api.client.ClientHandlerException

satishrana01@live.com
In reply to this post by Jason Winnebeck-2
use following code

private static TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
        }

        public void checkClientTrusted(
                        java.security.cert.X509Certificate[] certs, String authType) {
        }

        public void checkServerTrusted(
                        java.security.cert.X509Certificate[] certs, String authType) {
        }
} };

SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
       
this will resolve your SSL exception