Set SSL and timeout to WS call in Spring (HttpsUrlConnectionMessageSender, HttpsUrlConnectionMessageSender)

Question

I am trying to set timeout and SSL (https) for WS call:

PS: No need to mark this as duplicated, the only similar question has never been answered.

I tried HttpsUrlConnectionMessageSender that adds support for (self-signed) HTTPS certificates but it does support timeout.
when I switch to HttpComponentsMessageSender that supports timeout (Connection and read timeouts) it does support SSL.

I want to combile timeout and ssl to when calling WS:

    webServiceTemplate.setDefaultUri(uri);
    response = webServiceTemplate.marshalSendAndReceive(inputs, new SoapHandler(createCredentials(), soapAction));

score 1 · Answer 1 · answered Jul 24 '17 at 10:20

Finally, did it using HttpComponentsMessageSender. Here is my code:

HttpComponentsMessageSender messageSender = new HttpComponentsMessageSender();
HttpClient httpClient = HttpClientFactory.getHttpsClient(sslUtils, timeout);
messageSender.setHttpClient(httpClient);
webServiceTemplate.setMessageSender(messageSender);

I also created a new factory class HttpClientFactory that sets the SSL and timeout:

import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;

import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.protocol.HTTP;
import org.apache.http.protocol.HttpContext;

public class HttpClientFactory {

    private static CloseableHttpClient client;

    private HttpClientFactory() {
    }

    public static HttpClient getHttpsClient(SslUtils sslUtils, int timeout) throws Exception {

        if (client != null) {
            return client;
        }

        SSLContext sslcontext = getSSLContext(sslUtils);
        SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslcontext, new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });
        HttpClientBuilder httpClientBuilder = HttpClients.custom();
        httpClientBuilder.addInterceptorFirst(new ContentLengthHeaderRemover());
        RequestConfig config = RequestConfig.custom()
                                    .setConnectTimeout(timeout)
                                    .setConnectionRequestTimeout(timeout)
                                    .setSocketTimeout(timeout)
                                    .build();

        return httpClientBuilder.setSSLSocketFactory(factory)
                    .setDefaultRequestConfig(config)
                    .build();
    }

    private static class ContentLengthHeaderRemover implements HttpRequestInterceptor {
        @Override
        public void process(HttpRequest request, HttpContext context) throws HttpException, IOException {
            request.removeHeaders(HTTP.CONTENT_LEN);
        }
    }

    public static void releaseInstance() {
        client = null;
    }

    private static SSLContext getSSLContext(SslUtils sslUtils) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException {

        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(sslUtils.getKeystore().getInputStream(), sslUtils.getKeyPwd().toCharArray());
        sslUtils.getKeystore().getInputStream().close();

        KeyStore ts = KeyStore.getInstance("JKS");
        ts.load(sslUtils.getTrustStore().getInputStream(), sslUtils.getTrustPwd().toCharArray());
        sslUtils.getTrustStore().getInputStream().close();

        SSLContextBuilder sslContextBuilder = SSLContexts.custom();
        try {
            sslContextBuilder = SSLContexts.custom().loadKeyMaterial(ks, ssl.getKeyPwd().toCharArray());
        } catch (UnrecoverableKeyException e) {
            e.printStack();
        }
        sslContextBuilder.loadTrustMaterial(ts, new TrustSelfSignedStrategy());
        return sslContextBuilder.build();
    }
}

For information the SslUtils is just a bean class that holds the keystore and truststore informations' :

public class SslUtils {

    private Resource keystore;
    private String keyPwd;
    private Resource trustStore;
    private String trustPwd;

    // Getters and Setters
}

This works for me and let me use both SSL and timeout at the same. I hope this will help others.

Thanks bro! You have save me a whole lot of pain :) – João Rebelo Mar 25 '21 at 16:33 — João Rebelo, Mar 25 '21 at 16:33

score 0 · Answer 2 · answered Jul 19 '22 at 11:42

In a case of HTTPS protocol with basic authentication, you may not need a certificate, you can set the encoded username:password into the header of the request

package com.james.medici.app.ws;

import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.oxm.jaxb.Jaxb2Marshaller;
import org.springframework.ws.client.core.WebServiceTemplate;
import org.springframework.ws.transport.http.HttpUrlConnectionMessageSender;

import java.io.IOException;
import java.net.HttpURLConnection;
import java.util.Base64;

@Slf4j
@Configuration
public class SoapClientConfiguration {

    @Value("${james.medici.url}")
    private String defaultUri;

    @Value("${james.medici.username}")
    private String userName;

    @Value("${james.medici.passcode}")
    private String userPassword;
        
    public static final String SEPARATOR = ":";
    public static final String AUTHORIZATION = "Authorization";
    public static final String BASIC = "Basic ";

    class CustomHttpUrlConnectionMessageSender extends HttpUrlConnectionMessageSender {
        @Override
        protected void prepareConnection(HttpURLConnection connection) throws IOException {
            Base64.Encoder enc = Base64.getEncoder();
            String userpassword = StringUtils.joinWith(SEPARATOR, userName, userPassword);
            String encodedAuthorization = enc.encodeToString(userpassword.getBytes());
            connection.setRequestProperty(AUTHORIZATION, BASIC + encodedAuthorization);
            super.prepareConnection(connection);
        }
    }

    @Bean
    public Jaxb2Marshaller marshaller() {
        Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
        marshaller.setContextPath("com.james.medici.app.ws.model");
        return marshaller;
    }

    @Bean
    public WebServiceTemplate webServiceTemplate() {
        log.info(defaultUri);
        WebServiceTemplate webServiceTemplate = new WebServiceTemplate();
        webServiceTemplate.setMarshaller(marshaller());
        webServiceTemplate.setUnmarshaller(marshaller());
        webServiceTemplate.setDefaultUri(defaultUri);
        webServiceTemplate.setMessageSender(new CustomHttpUrlConnectionMessageSender());
        return webServiceTemplate;
    } 
}

Set SSL and timeout to WS call in Spring (HttpsUrlConnectionMessageSender, HttpsUrlConnectionMessageSender)

2 Answers2