Here is some basic information about how to make a connection and to ignore the demo certificate warning. You only need to do eht custom hostname verifier if you want to avoid the demo certificate warning. In my case I have it configured so that in all test regions it does that and when we go to production it forces the certificate validation.
import weblogic.net.http.HttpsURLConnection; import weblogic.security.SSL.HostnameVerifier; import weblogic.security.SSL.TrustManager;
String target = "https://google.com";
URL url = new URL(target);
HttpsURLConnection httpConn = new HttpsURLConnection(url);
SSLContext context = SSLContext.getInstance("https"); context.setHostnameVerifier(new MyHostNameVerifier()); context.setTrustManager(new MyTrustManager()); httpConn.setSSLSocketFactory(context.getSocketFactory());
httpConn.setRequestProperty("Content-Length", String.valueOf(inputBytes.length)); httpConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); httpConn.setRequestMethod("POST"); httpConn.setRequestProperty("Connection", "Keep-Alive"); httpConn.setDoOutput(true); httpConn.setDoInput(true); httpConn.setUseCaches(false); OutputStream out = httpConn.getOutputStream(); out.write(inputBytes); out.close(); InputStreamReader isr = new InputStreamReader(httpConn.getInputStream()); BufferedReader in = new BufferedReader(isr); String inputLine = ""; StringBuffer inputBuffer = new StringBuffer(); while ((inputLine = in.readLine()) != null) { inputBuffer.append(inputLine); inputBuffer.append('\n'); } in.close();
// the following classes are used to trust all certificates:
class MyHostNameVerifier implements HostnameVerifier { public boolean verify(String arg0, SSLSession arg1) { // TODO Auto-generated method stub return true; } } class MyTrustManager implements TrustManager { public boolean certificateCallback( java.security.cert.X509Certificate[] arg0, int arg1) { // TODO Auto-generated method stub return true; } }
If you are using plain java you normally open the connection with url.openconnection. But inorder to use the Weblogic overloaded connection it is better to use HTTPSUrlConnection.open(url). This is only valid when you use the overloaded connection from weblogic.