Authentication when using RESTful-WS with Jersey

Legacy loinc-fhir-ts
1

Ok - I already got somewhat further, using JAX-RS 2.1 and Jersey 2.7:
My Java code is:

webTarget = client.target(BASE_URI);
webTarget = webTarget.path(“CodeSystem”).path(“$lookup”);
webTarget = webTarget.queryParam(“system”, “http://loinc.org”);
webTarget = webTarget.queryParam(“code”, loincCode);
webTarget = webTarget.property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_BASIC_USERNAME, userName)
.property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_BASIC_PASSWORD, passWord);
String answer = webTarget.request(MediaType.APPLICATION_JSON).get(String.class);

giving the exception:
Exception in thread “main” javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

indicating that the authentication somehow doesn’t get trough.

So, essentially: how should I pass username and password to the request?

Many thanks in advance,
Jozef

 

2

Hi Jozef,

I’m not a Java developer but I did find this potential solution:

https://stackoverflow.com/questions/9210514/unable-to-find-valid-certification-path-to-requested-target-error-even-after-c

Please let me know if this remedies your situation.

3

GOT IT!

Can it be that the server certificate is a self-signed one? That could explain a lot of things!

Essentially, the cause of the problems is that the server certificate is not trusted.
A work-around (not for production!) is that a Client is generated that trusts all certificates, e.g. using the class “SslTrustAllRestClient” that can be found at: https://gist.github.com/alpegon/6ad3ab45dbcdb2dbb51ac1ac82b8995b
For this class, you will need the following imports:
import javax.net.ssl.;
import javax.ws.rs.client.;
import java.security.;
import java.security.cert.;

It is then used as follows (example using Jersey 2.6/2.7)

// create a REST client that trusts all certificates (NOT for production!)
SslTrustAllRestClient s = new SslTrustAllRestClient();
Client client = s.createClient();
// the base URI
String BASE_URI = “https://fhir.loinc.org”;
// Add authentication (LOINC username and password)
HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic(userName, passWord);
client.register(feature);

// start a query
// here, it corresponds to: <code class=“http copy hljs”><span class=“hljs-attribute”>https://fhir.loinc.org/CodeSystem/$lookup?system=http://loinc.org&amp;code=1751-7&lt;/span&gt;

String loincCode = “1751-7”
webTarget = client.target(BASE_URI);
webTarget = webTarget.path(“CodeSystem”).path(“$lookup”);
webTarget = webTarget.queryParam(“system”, new String[] {“http://loinc.org”});
webTarget = webTarget.queryParam(“code”, new String[] {loincCode});
String answer = (String)webTarget.request(new String[]{MediaType.APPLICATION_XML}).get(String.class);

IMPORTANT: in applications, always add a “MediaType” as the default is … HTML (i.e. the “website”) which of course doesn’t make sense in applications.

If the server’s certificate is self-signed, please consider a real one, that would make everything much easier.
Best regards
Jozef Aerts, XML4Pharma (mail address easy to find if someone wants to get in contact … :slight_smile: )

4

@Jozef - No, the certificate for fhir.loinc.org is signed by Let’s Encrypt.

https://www.ssllabs.com/ssltest/analyze.html?d=fhir.loinc.org&hideResults=on

5

Thanks Tim,
That is good to hear - so it must be something else.
Reason is that I developed a good amount of other RESTful clients that work with https and where there is no problem.
I could of course download the certificate and put it in the Java keystore, but that would make the application non-portable and hard to deploy for non-specialists.

However, it works for me right now and I can start exploring these wonderful services!

Many thanks for your support!

Jozef