REST webservice call for HTTPS link - 400 Bad Request error

Question

Using SOAP UI, I am able to successfully invoke the REST GET call with basic authentication

GET https://app.test.com/testing/rest/authentication-point/authentication HTTP/1.1
Accept-Encoding: gzip,deflate
Authorization: Basic aPOjYVclOmIzABFhZjVpJES=
Host: app.test.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

I received response code as 200.

Similar request, When I tried to invoke via java client, it is giving 400 status code.

CredentialsProvider credsProvider = new BasicCredentialsProvider();
    credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("User", "Password"));
final HttpClientContext context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);

HttpClient client = HttpClientBuilder.create().build();
HttpResponse response = null;

response = client.execute(
                new HttpGet("https://app.test.com/testing/rest/authentication-point/authentication"),
                context);

int statusCode = response.getStatusLine().getStatusCode();

This code worked properly when the host was HTTP. Recently a VIP is added and made as HTTPS, after which it is not working. Please suggest a fix for this.

Maybe this can help you. https://stackoverflow.com/questions/2308774/httpget-with-https-sslpeerunverifiedexception — McValls, Sep 07 '18 at 23:16

score 0 · Answer 1 · answered Sep 08 '18 at 00:08

You need to use ssl with http client:

    TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
SSLSocketFactory sf = new SSLSocketFactory(
  acceptingTrustStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 8443, sf));
ClientConnectionManager ccm = new PoolingClientConnectionManager(registry);

CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("User", "Password"));
final HttpClientContext context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);

DefaultHttpClient httpClient = new DefaultHttpClient(ccm);

HttpGet getMethod = new HttpGet(new HttpGet("https://app.test.com/testing/rest/authentication-point/authentication"),context);

HttpResponse response = httpClient.execute(getMethod);

int statusCode = response.getStatusLine().getStatusCode();

score 0 · Accepted Answer · answered Sep 11 '18 at 18:29

After trying out so many options, below code worked for me.

HttpHost targetHost = new HttpHost("app.test.com", 443, "https");
AuthCache authCache = new BasicAuthCache();
authCache.put(targetHost, new BasicScheme());

CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("User", "Password"));

final HttpClientContext context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);
context.setAuthCache(authCache);

HttpClient client = HttpClientBuilder.create().build();
HttpResponse response = null;

response = client.execute(
            new HttpGet("https://app.test.com/testing/rest/authentication-point/authentication"),
            context);

After defining a HTTP host with scheme as https, and setting them to context using AuthCache, the call went through successfully.

REST webservice call for HTTPS link - 400 Bad Request error

2 Answers2