With Http(s)URLConnection
The support for security, specifically HTTP authentication and/or cookie management with Http(s)URLConnection
is limited due to constraints in the API. There are currently no specific features or properties on the Client
class that can be set to support HTTP authentication. However, since the client API, by default, utilizes HttpURLConnection
or HttpsURLConnection
, it is possible to configure system-wide security settings (which is obviously not sufficient for multiple client configurations).
For HTTP authentication the java.net.Authenticator
can be extended and statically registered. Refer to the Http authentication document for more details. For cookie management the java.net.CookieHandler
can be extended and statically registered. Refer to the Cookie Management document for more details.
To utilize HTTP with SSL it is necessary to utilize the “https” scheme. For certificate-based authentication see the class HTTPSProperties for how to set javax.net.ssl.HostnameVerifier
and javax.net.ssl.SSLContext
.
With Apache HTTP client
The support for HTTP authentication and cookies is much better with the Apache HTTP client than with HttpURLConnection
. See the Java documentation for the package com.sun.jersey.client.apache, ApacheHttpClientState and ApacheHttpClientConfig for more details.