Jersey(1.19.1) - Client API, Security with Http(s)URLConnection

With Http(s)URLConnection

The support for security, specifically HTTP authentication and/or cookie management with

Http(s)URLConnection

is limited due to constraints in the API. There are currently no specific features or properties on the

Client

class that can be set to support HTTP authentication. However, since the client API, by default, utilizes

HttpURLConnection

or

HttpsURLConnection

, it is possible to configure system-wide security settings (which is obviously not sufficient for multiple client configurations).

For HTTP authentication the

java.net.Authenticator

can be extended and statically registered. Refer to the Http authentication document for more details. For cookie management the

java.net.CookieHandler

can be extended and statically registered. Refer to the Cookie Management document for more details.

To utilize HTTP with SSL it is necessary to utilize the “https” scheme. For certificate-based authentication see the class HTTPSProperties for how to set

javax.net.ssl.HostnameVerifier

and

javax.net.ssl.SSLContext

.

With Apache HTTP client

The support for HTTP authentication and cookies is much better with the Apache HTTP client than with

HttpURLConnection

. See the Java documentation for the package com.sun.jersey.client.apache, ApacheHttpClientState and ApacheHttpClientConfig for more details.