Thanks for the pointer! It turned out to be surprisingly easy. The jersey
client can be configured to do the right thing out of the box! For future
reference:
jerseyClient:
tls:
keyStorePath: keystore.jks
keyStorePassword: notsecret
trustStorePath: truststore.jks
trustStorePassword: notsecret
Hard part was getting the keystore and truststore right. Dropwizard Rules!
Groeten,
Friso
Op vrijdag 16 juni 2017 05:28:55 UTC+2 schreef Steve Kradel:
>
> I haven't checked if Dropwizard Client yet makes this entirely painless or
> to what extent, but this should get you headed in the right direction:
>
>
> https://developer.okta.com/blog/2015/12/02/tls-client-authentication-for-services
>
> FWIW I've written a server-side Dropwizard authenticator for client TLS
> certs... the hard part is of course deciding how and when to allow the
> actual certs per-user.
>
> --Steve
>
> On Thursday, June 15, 2017 at 8:23:07 AM UTC-4, [email protected]
> wrote:
>>
>> Hi all,
>>
>> I'm using the Dropwizard Jersey client in my Dropwizard app. One of the
>> servers that I connect with expects mutual authentication, i.e. a known
>> certificate should be presented by the client. Is there a way to set this
>> up (if so how?).
>>
>> Groeten,
>>
>> Friso
>>
>
--
You received this message because you are subscribed to the Google Groups
"dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
