-
Notifications
You must be signed in to change notification settings - Fork 74
JAX RS Client examples
This page provides several examples of configuring the JAX-RS Client used by the SCIM 2 SDK's ScimService class. All examples assume that Jersey is being used.
The JAX-RS client uses HttpUrlConnection as its default transport mechanism, but others can be used. To configure Apache HttpClient as the underlying HTTP transport library, configure the JAX-RS client with an ApacheConnectorProvider.
// Required dependency: org.glassfish.jersey.connectors:jersey-apache-connector
String baseUri = "https://example.com/scim/v2";
ApacheConnectorProvider connectorProvider = new ApacheConnectorProvider();
HttpClientConnectionManager clientConnectionManager =
new PoolingHttpClientConnectionManager();
ClientConfig config = new ClientConfig()
.connectorProvider(connectorProvider)
.property(ApacheClientProperties.CONNECTION_MANAGER, clientConnectionManager);
Client client = ClientBuilder.newClient(config);
WebTarget target = client.target(baseUri);
ScimService scimService = new ScimService(target);When using the default client transport, configure basic auth using an HttpAuthenticationFeature.
String baseUri = "https://example.com/scim/v2";
HttpAuthenticationFeature basicAuthFeature =
HttpAuthenticationFeature.basicBuilder()
.credentials(username, password)
.build();
ClientConfig config = new ClientConfig();
config.register(basicAuthFeature);
Client client = ClientBuilder.newClient(config);
WebTarget target = client.target(baseUri);
ScimService scimService = new ScimService(target);To configure the Apache HttpClient transport to use basic auth, provide a CredentialsProvider to the client configuration.
// Required dependency: org.glassfish.jersey.connectors:jersey-apache-connector
String baseUri = "https://example.com/scim/v2";
ApacheConnectorProvider connectorProvider = new ApacheConnectorProvider();
HttpClientConnectionManager clientConnectionManager =
new PoolingHttpClientConnectionManager();
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
Credentials credentials = new UsernamePasswordCredentials(username, password);
credentialsProvider.setCredentials(AuthScope.ANY, credentials);
ClientConfig config = new ClientConfig()
.connectorProvider(connectorProvider)
.property(ApacheClientProperties.CREDENTIALS_PROVIDER, credentialsProvider)
.property(ApacheClientProperties.PREEMPTIVE_BASIC_AUTHENTICATION, true)
.property(ApacheClientProperties.CONNECTION_MANAGER, connectionManager);
Client client = ClientBuilder.newClient(config);
WebTarget target = client.target(new URI(baseUri));
ScimService scimService = new ScimService(target);For both the default client transport and Apache HttpClient, bearer token authentication is configured using the OAuth2ClientSupport class.
NOTE: These examples require the oauth2-client dependency. When using this library, be sure to exclude the jersey-media-json-binding dependency, as this can result in JSON-B parsing exceptions even though the SCIM SDK does not use JSON-B.
<dependency>
<groupId>org.glassfish.jersey.security</groupId>
<artifactId>oauth2-client</artifactId>
<version>${jersey.version}</version>
<scope>provided</scope>
<exclusions>
<exclusion>
<groupId>org.glassfish.jersey.media</groupId>
<artifactId>jersey-media-json-binding</artifactId>
</exclusion>
</exclusions>
</dependency>// Required dependency: org.glassfish.jersey.security:oauth2-client
String baseUri = "https://example.com/scim/v2";
String bearerToken = "…";
Client client =
ClientBuilder.newClient()
.register(OAuth2ClientSupport.feature(bearerToken));
WebTarget target = client.target(baseUri);
ScimService scimService = new ScimService(target);// Required dependency: org.glassfish.jersey.security:oauth2-client
// Required dependency: org.glassfish.jersey.connectors:jersey-apache-connector
String baseUri = "https://example.com/scim/v2";
String bearerToken = "…";
ClientConfig config = new ClientConfig()
.connectorProvider(new ApacheConnectorProvider());
Client client =
ClientBuilder.newClient(config)
.register(OAuth2ClientSupport.feature(bearerToken));
WebTarget target = client.target(baseUri);
ScimService scimService = new ScimService(target);Test servers are often configured with self-signed certificates. It can be useful in these cases to disable HTTPS certificate and hostname validation.
This practice removes most security benefits of using HTTPS and should not be used when working with any production or production-like environment.
When using the default client transport, you can configure the client to trust any HTTP certificate by configuring the client to use an SSLContext with a TrustManager that accepts all certificates. To accept any hostname, configure the client with a permissive HostnameVerifier.
String baseUri = "https://example.com/scim/v2";
SSLContext sslcontext = SSLContext.getInstance("TLS");
TrustManager[] trustManagers = new TrustManager[]
{
new X509TrustManager()
{
@Override
public void checkClientTrusted(X509Certificate[] certs, String s)
{
// Do nothing
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String s)
{
// Do nothing
}
@Override
public X509Certificate[] getAcceptedIssuers()
{
return new X509Certificate[0];
}
}
};
sslcontext.init(null, trustManagers, new SecureRandom());
Client client = ClientBuilder.newBuilder()
.withConfig(config)
.hostnameVerifier(new HostnameVerifier()
{
@Override
public boolean verify(String s, SSLSession sslSession)
{
return true;
}
})
.sslContext(sslContext)
.build();
WebTarget target = client.target(new URI(baseUri));
ScimService scimService = new ScimService(target);
return new ScimService(target);Strict HTTPS validation is disabled with Apache HttpClient by configuring the HttpClientConnectionManager.
// Required dependency: org.glassfish.jersey.connectors:jersey-apache-connector
String baseUri = "https://example.com/scim/v2";
SSLContext sslContext = new SSLContextBuilder()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.build();
SSLConnectionSocketFactory trustSelfSigned =
new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
final Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder.<ConnectionSocketFactory> create()
.register("https", trustSelfSigned)
.build();
HttpClientConnectionManager connectionManager =
new PoolingHttpClientConnectionManager(socketFactoryRegistry);
ClientConfig config = new ClientConfig()
.connectorProvider(new ApacheConnectorProvider())
.property(ApacheClientProperties.CONNECTION_MANAGER, connectionManager);
Client client = ClientBuilder.newClient(config);
WebTarget target = client.target(baseUri);
ScimService scimService = new ScimService(target);The JAX-RS client can be configured to automatically modify outgoing requests using a ClientRequestFilter. The following example shows how to add a "location" query parameter to each request.
String baseUri = "https://example.com/scim/v2";
ClientConfig config = new ClientConfig();
config.register(
new ClientRequestFilter()
{
public void filter(ClientRequestContext requestContext)
throws IOException
{
URI uri = requestContext.getUri();
UriBuilder uriBuilder =
UriBuilder.fromUri(uri)
.queryParam("location", "us-east");
requestContext.setUri(uriBuilder.build());
}
}
);
Client client = ClientBuilder.newClient(config);
WebTarget target = client.target(baseUri);
ScimService scimService = new ScimService(target);