Question

我的应用程序在BlueMix中运行，它必须通过SSL调用另一个应用程序。我想知道在哪里以及如何添加这些信息

> trustStoreType, trustStore and trustStorePassword

那么在bluemix中运行的应用程序可以使用它吗？当我从本地修改的服务器类路径进行测试时，我可以在运行客户端应用程序的bluemix liberty服务器中做类似的事情吗？或者有更好的方法吗？

Answer 1

如果您依赖Liberty服务器，则可以脱机自定义它并将其推送到Bluemix。。 https://www.ibm.com/developerworks/community/blogs/msardana/entry/developing_with_bluemix_customizing_the_liberty_build_pack_to_add_your_configurations?lang=en

Answer 2

您的网络服务在哪里运行？如果是内部部署，那么您必须使用Bluemix中提供的云集成代理来进行安全隧道并获取代理IP到您的onpremise Web服务。以下链接提供了相同的详细信息： https://www.ibm.com/developerworks/community/blogs/96960515-2ea1-4391-8170-b0515d08e4da/entry/cloud_to_on_premise_web_services_bluemix_cloud_integrators?lang=en

Answer 3

您应该能够在eclipse中编辑server.xml并设置类似

的内容

<server description="new server">


    <!-- Enable features -->
    <featureManager>
        <feature>websocket-1.0</feature>    
        <feature>localConnector-1.0</feature>
      <feature>jndi-1.0</feature>
        <feature>jsp-2.2</feature>
        <feature>jdbc-4.0</feature>
        <feature>ejbLite-3.1</feature>
        <feature>ssl-1.0</feature>
        <feature>jaxb-2.2</feature>
    </featureManager>

    <ssl clientAuthenticationSupported="true" id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore"/>

  <keyStore id="defaultKeyStore"location="${server.config.dir}/resources/security/keystore.jks" password="passw0rd" type="JKS"/>
  <keyStore id="defaultTrustStore" location="${server.config.dir}/resources/security/trustStore.jks" password="passw0rd" type="JKS"/>

  <ssl clientAuthenticationSupported="true" id="defaultSSLConfig" keyStoreRef="serverKeyStore" trustStoreRef="serverTrustStore"/> 
  <keyStore id="serverKeyStore" location="${server.config.dir}/resources/security/serverKey.jks" password="passw0rd" type="JKS"/> 
  <keyStore id="serverTrustStore" location="${server.config.dir}/resources/security/serverTrust.jks"> password="passw0rd" type="JKS"/> 

  <!-- customize SSL configuration -->

  <ssl id="customizeSSLConfig" keyStoreRef="clientKeyStore" trustStoreRef="clientTrustStore"/> 

  <keyStore id="clientKeyStore" location="${server.config.dir}/resources/security/clientKey.jks" password="passw0rd" type="JKS"/> 
  <keyStore id="clientTrustStore" location="${server.config.dir}/resources/security/clientTrust.jks" password="passw0rd" type="JKS"/>

    <!-- To access this server from a remote client add a host attribute to the following element, e.g. host="*" -->
    <httpEndpoint httpPort="8080" httpsPort="9443" id="defaultHttpEndpoint"/>

    <applicationMonitor updateTrigger="mbean"/>
</server>

最简单的方法是使用适用于eclipse的Bluemix插件并使用Websphere Libery Profile Server

Answer 4

尽管我认为所有人都是有效的选择，但我最后的表现却与众不同。这是最终为我工作的

public static HttpClient getCustomClient() throws GeneralSecurityException, IOException {

    KeyStore trustStore = KeyStore.getInstance("jks");
    // Load the truststore from the classpath using the password
    ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
    InputStream resourceAsStream = classLoader.getResourceAsStream("/clienttruststore");
    trustStore.load(resourceAsStream, "password".toCharArray());
    SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(trustStore).build();
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
    CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
    resourceAsStream.close();
    return httpclient;
}

 //get custom httpclient 
Unirest.setHttpClient(getCustomClient());
//send request... 
HttpResponse<String> response =
Unirest.get("https://xyz.abc.com/").asString();

基本打包的自定义信任存储与war，让应用程序使用它。我也会尝试其他选项，但是使用上一个选项，我的自定义服务器崩溃了，不确定是否是因为资源。

通过HTTPS调用安全RESTful Web服务当客户端处于bluemix时

4 个答案: