December 3, 2013

Play 2.x WS API and self signed certificates

5  comments

The play web service API provides an easy way to use your play application as an http client. Usually you should use Play’s asynchronous mechanisms to use the web service response. But sometime you just want to wait for the web service responce (in a job). You can do this with the following method:

public static String call(String url, String contentType) {
    String result = null;
    try {
        F.Promise< WS.Response> wsPromise = WS.url(url).setContentType(contentType).get();
        result = wsPromise.get(THIRTY_SECONDS).getBody();
    } catch (Exception e){
        log.error("Error in webservice call to: " + url);
    }
    return result;
}

When the web service you want to call uses self signed certificates you will run into an exception:

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

To allow self-signed ssl certificates you just have to add the following to your application.conf.

# this is needed for self signed certificates
ws.acceptAnyCertificate=true

When you unit test your web service call make sure your test runs inside a FakeApplication.


Tags

application.conf, certificates, Play Framework, rest, SSLEngine problem, SSLHandshakeException, webservice


You may also like

Leave a Reply

Your email address will not be published. Required fields are marked

Information about Data protection

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Please edit this post and let people know that Play 2.3 will let them configure trust stores far more easily. Please don’t disable certificate verification, even in testing, because far too often it gets out into production environments.

    I’m adding as much documentation as I can to make it clear what to do:

    http://www.playframework.com/documentation/2.3-SNAPSHOT/KeyStores

    And I’ve written about the implementation behind the scenes here (warning, it gets technical):

    http://tersesystems.com/2014/01/13/fixing-the-most-dangerous-code-in-the-world/

  2. Hi Will,

    thank you so much for your comment.

    I will write another article and update these when my applications are updated to play 2.3 and I worked trough your great article.

    Jens

  3. Hi Jens,

    I’ve written an activator template that shows how to use Play 2.3 and WS with certificates:

    https://github.com/typesafehub/activator-play-tls-example

    It comes with scripts which will generate the X.509 certificates needed to set up your server and client — you just need to change the hostname from example.com, and you’re done. There is also documentation on the scripts here:

    http://www.playframework.com/documentation/2.3.x/CertificateGeneration

    I’ve also added documentation to show how to mix WS to see certificates from public and private servers:

    http://www.playframework.com/documentation/2.3.x/ExampleSSLConfig

    ws.ssl {
    trustManager = {
    stores = [
    { path: ${store.directory}/exampletrust.jks } # Added trust store
    { path: ${java.home}/lib/security/cacerts } # Fallback to default JSSE trust store
    ]
    }
    }

    If you download the activator template and experiment with it, I think you’ll find TLS and X.509 certificates get much easier to work with.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}