EAP: create rest client with elytron client-ssl-context

Posted on

EAP: create rest client with elytron client-ssl-context

I know, how to build a ResteasyClient with own SSL context.

  builder.sslContext(mySSLcontext);

It works fine, e.g from standalone client and/or arquillain tests.
I build the SSL context programmatically, loading truststore etc.

I have a EAR+War (ProjekctA) offering a Rest Service using web.xml:


  <login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>ICSCRest</realm-name>
  </login-config>

and jboss-web.xml

  <jboss-web>
    <server-instance>default-server</server-instance>      
    <virtual-host>default-host</virtual-host>
    <security-domain>ICSDRest</security-domain>
  </jboss-web>

The EAP is configured with Elytron, offering the security domain (ICSDRest).
Works fine. Access to the Rest service is now secured by the SSL layer.
I also have configured EAP to have a client-ssl-context (see below LDAP).

  <client-ssl-contexts>
    <client-ssl-context name="ICLdapSslContext" trust-manager="ICTrustManager"/>
  </client-ssl-contexts>

A second EAR+War (ProjectB) should use the Rest service from ProjectA. So ProjectB is a Rest client.

To instanciate the ResteasyClient in ProjectB, I must set the sslContext too (I guess).
I want pick a client-ssl-context from Elytron, if possible.
Is there a way?

Why I want to pick from Elytron?

ProjectA is also dealing with LDAP via ldaps. So ProjectA is a client for LDAP server.
I have configured EAP as a LDAP client like

  <dir-contexts>
    <dir-context name="ICLdap" url="<some url>" principal="<query>" ssl-context="ICLdapSslContext">
    <credential-reference clear-text="<some password>"/>
    </dir-context>
  </dir-contexts>

So I hope, I can get is a similar way the sslContext from EAP/Elytron.
The idea is to get from Elytron the SSL context and set like


  builder.sslContext(mySSLcontext)

or create the ReasteasyClient within the context.

Any hints for a EAP beginner.
Thanks in advance.

it

Responses