Download the HttpClient libraries from the Apache Website, you can download the 'bin' package it includes all dependencies. Create a new Java project de.vogella.web.httpclient, and add them to the path of your Java project. We use the project for creating our tests. Java REST client example 1 This first example shows a combination of these Apache HttpClient classes used to get information from the Yahoo Weather API. That service actually returns information in an RSS format, but if you don't mind parsing that XML, it's an easy way to get weather updates.
Welcome to the Apache OpenJPA project¶Apache OpenJPA is a Java persistence project at The Apache Software Foundation that can be used as a stand-alone POJO persistence layer or integrated into any Java EE compliant container and many other lightweightframeworks, such as Tomcat and Spring. The 3.x releases targetting the JSR-338 Java Persistence 2.2 is the most current production ready release.It is fully backward compatible compatible to our JPA 2.1, 2.0 and 1.0 releases. The 2.x releases (2.4.3 is the latest) are a production ready, compliant implementation ofthe JSR-317 Java Persistence 2.0 specification, which is backwards compatible to the JPA 1.0 specificationand passes the Sun JPA 2.0 Technology Compatibility Kit. The 1.x releases (1.2.3 is the latest) are an implementation of the Java Persistence API (JPA) 1.0 part of the JSR-220 Enterprise Java Beans 3.0 specification. The development of this version is EOL.
Resources¶
Events and News¶The Apache OpenJPA community is proud to announce the release of OpenJPA 3.1.2! The Apache OpenJPA community is proud to announce the release of OpenJPA 2.4.3 and 3.0.0! The Apache OpenJPA community is proud to announce the release of OpenJPA 2.4.2! The Apache OpenJPA community started working on OpenJPA 3.0.0! |
1. Introduction
Apache HttpClient is a low-level, lightweight client-side HTTP library for communicating with HTTP servers. In this tutorial, we'll learn how to configure the supported Transport Layer Security (TLS) version(s) when using HttpClient. We'll begin with an overview of how TLS version negotiation works between a client and a server. Afterward, we'll look at three different ways of configuring the supported TLS versions when using HttpClient.
2. TLS Version Negotiation
TLS is an internet protocol that provides secure, trusted communication between two parties. It encapsulates application layer protocols like HTTP. The TLS protocol has been revised several times since it was first published in 1999. Therefore, it's important for the client and server to first agree on which version of TLS they will use when establishing a new connection. The TLS version is agreed on after the client and server exchange hello messages:
- The client sends a list of supported TLS versions.
- The server chooses one and includes the selected version in the response.
- The client and server continue the connection setup using the selected version.
It's important to correctly configure the supported TLS versions of a web client because of the risk of a downgrade attack. Note that in order to use the latest version of TLS (TLS 1.3), we must be using Java 11 or later.
3. Setting the TLS Version Statically
3.1. SSLConnectionSocketFactory
Let's use the HttpClientBuilder exposed by the HttpClients#custom builder method in order to customize our HTTPClient configuration. This builder pattern allows us to pass in our own SSLConnectionSocketFactory, which will be instantiated with the desired set of supported TLS versions:
The returned Httpclient object can now execute HTTP requests. By setting the supported protocols explicitly in the SSLConnectionSocketFactory constructor, the client will only support communication over TLS 1.2 or TLS 1.3. Note that in Apache HttpClient versions prior to 4.3, the class was called SSLSocketFactory.
3.2. Java Runtime Argument
Alternatively, we can configure the supported TLS versions using Java's https.protocols system property. This method prevents having to hard-code values into the application code. Instead, we'll configure the HttpClient to use the system properties when setting up connections. The HttpClient API provides two ways to do this. The first is via HttpClients#createSystem:
If more client configuration is required, we can use the builder method instead:
Both methods tell HttpClient to use system properties during connection configuration. This allows us to set the required TLS versions with a command-line argument during application runtime. For example:
4. Setting the TLS Version Dynamically
It's also possible to set the TLS version based on connection details such as hostname and port. We'll extend the SSLConnectionSocketFactory and override the prepareSocket method. The client calls the prepareSocket method before it initiates a new connection. This will let us decide which TLS protocols to use on a per-connection basis. It's also possible to enable support for older TLS versions, but only if the remote host has a specific subdomain:
In the example above, the prepareSocket method first gets the remote hostname that the SSLSocket will connect to. The hostname is then used to determine with TLS protocols to enable. Now, our HTTP Client will enforce TLS 1.3 on every request except if the destination hostname is of the form *.internal.example.com. With the ability to insert custom logic before the creation of a new SSLSocket, our application can now customize the TLS communication details.
5. Conclusion
Java Apache Http Download File
In this article, we looked at three different ways of configuring the supported TLS versions when using the Apache HttpClient library. We've seen how the TLS versions can be set for all connections, or on a per-connection basis. The code samples used in this article are available over on GitHub.
Apache Http Java Maven
I just announced the new Learn Spring Security course, including the full material focused on the new OAuth2 stack in Spring Security 5:
>> CHECK OUT THE COURSE