Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to send https requests by java". Many people will encounter this dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

The code environment required for the backend to send http requests

Two jar packages, httpclient and httpcore, are required.

PS: it is best to have the same version of the two jar packages, and make sure that there is no local jar package with the same name, otherwise the jar package conflict may report an error like "java.lang.NoClassDefFoundError:org/apache/http/impl/client/HttpClients" that class cannot find! I encountered this kind of mistake, and finally deleted all the same jar package and kept only one copy (even if the jar didn't have build path in it, I had to delete it).

Https request ignores certificate sending

Https is more secure than http. The specific principles are as follows:

When the client communicates with the Web server in HTTPS mode, there are the following steps

(1) the user accesses the Web server with https's URL and requires a SSL connection with the Web server.

(2) after receiving the request from the client, the Web server will send a copy of the certificate information of the website (the certificate contains the public key) to the client.

(3) the browser on the client side and the Web server begin to negotiate the security level of the SSL connection, that is, the level of information encryption.

(4) the browser of the client establishes the session key according to the security level agreed by both parties, and then uses the public key of the website to encrypt the session key and transmit it to the website.

(5) the Web server uses its own private key to decrypt the session key.

(6) the Web server uses the session key to encrypt the communication with the client.

Therefore, a security certificate is required, and of course, the request can be made by ignoring the certificate through java code.

If you do not add a special solution to ignore the certificate in the code, the following exception will be thrown directly to report an error:

Javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

That is, to remind you to send a certificate before you can request a service normally.

The following code function can simply ignore the certificate:

/ / https request ignores certificate

SSLContextBuilder builder = new SSLContextBuilder ()

Builder.loadTrustMaterial (null, new TrustSelfSignedStrategy ())

SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory (builder.build (), NoopHostnameVerifier.INSTANCE)

Registry registry = RegistryBuilder.create ()

.register ("http", new PlainConnectionSocketFactory ())

.register ("https", sslConnectionSocketFactory)

.build ()

PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager (registry)

Cm.setMaxTotal (100)

CloseableHttpClient httpClient = HttpClients.custom ()

.setSSLSocketFactory (sslConnectionSocketFactory)

.setConnectionManager (cm)

.build ()

Note: the above httpClient is the wrapped http request instance object that ignores the certificate, which will be used to send the request directly.

Complete code

Try {

/ / https request ignores certificate

SSLContextBuilder builder = new SSLContextBuilder ()

Builder.loadTrustMaterial (null, new TrustSelfSignedStrategy ())

SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory (builder.build (), NoopHostnameVerifier.INSTANCE)

Registry registry = RegistryBuilder.create ()

.register ("http", new PlainConnectionSocketFactory ())

.register ("https", sslConnectionSocketFactory)

.build ()

PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager (registry)

Cm.setMaxTotal (100)

CloseableHttpClient httpClient = HttpClients.custom ()

.setSSLSocketFactory (sslConnectionSocketFactory)

.setConnectionManager (cm)

.build ()

/ / user information will be synchronized to a third-party system

String url= "https://xx.xx.xx.xx:1001/bomp/sync/execute";

/ / send post request

HttpPost method = new HttpPost (url)

/ / prepare json data transmission parameters

JSONObject paramIn = new JSONObject ()

ParamIn.put ("app_id", "B39900002")

ParamIn.put ("secret_key", "ea703f2a02ae48b5b269ab43607275fe")

/ / construct inner json objects

JSONArray account_list = new JSONArray ()

JSONObject account_list_obj = new JSONObject ()

Account_list_obj.put ("account", pojo.get ("loginId"))

Account_list_obj.put ("eip_account", "")

Account_list_obj.put ("name", pojo.get ("loginName"))

Account_list_obj.put ("phone", pojo.get ("mobile"))

Account_list_obj.put ("password", "")

Account_list_obj.put ("status", 1)

Account_list_obj.put ("roles", "")

Account_list.add (account_list_obj)

ParamIn.put ("account_list", account_list)

/ / deal with the problem of Chinese garbled code

StringEntity entity = new StringEntity (paramIn.toString (), "utf-8")

Entity.setContentEncoding ("UTF-8")

Entity.setContentType ("application/json")

Method.setEntity (entity)

/ / send request

HttpResponse result = httpClient.execute (method)

/ / the request ends and the result is returned

String resData = EntityUtils.toString (result.getEntity ())

System.out.println ("RENWOXING result:" + resData)

/ / get the j'son format of the returned result

JSONObject resJson = JSONObject.fromObject (resData)

} catch (UnsupportedEncodingException e) {

/ / TODO Auto-generated catch block

E.printStackTrace ()

} catch (org.apache.http.ParseException e) {

/ / TODO Auto-generated catch block

E.printStackTrace ()

} catch (IOException e) {

/ / TODO Auto-generated catch block

E.printStackTrace ()

} catch (Exception e) {

E.printStackTrace ()

}

That's all for "how java sends https requests". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.