Skip to main content
Namastecode
Namastecode

Configuring a Java Web Client for HTTPS Requests

WebClient HTTPS Spring
Profile picture
Author
Harpal Singh
Software Engineer
Table of Contents

1. Introduction

In this quick tutorial, we’ll set up a Spring WebClient for HTTPS requests.

Securing HTTP communication with encryption makes it difficult for attackers to tamper with user data. Nowadays, it is the default for most modern applications that integrate with other services.

In this guide, we’ll start with a certificate and key file verification, then move on to configure Spring WebClient.

2. Verifying Certificate and Key Files

First, we’ll verify that our certificate and key file have the same MD5. Doing so ensures that the certificate and key have not been modified.

We can use openssl to display the MD5 hash:

openssl x509 -noout -modulus -in yourCertificate.crt | openssl md5

Similarly, we can do the same for the key file:

openssl rsa -noout -modulus -in yourPrivateKey.key | openssl md5

Matching outputs from both commands confirm that your certificate and key are aligned.

We can test the certificate and key with a CURL:

curl -v --cert yourCertificate.crt --key yourPrivateKey.key https://yourEndpoint.com

Now, we can move on to convert the certificate and key to PKCS12 format.

3. Converting Certificate and Key to PKCS12 Format

To configure Spring WebClient, we need to convert the certificate PKCS12 format.

Again, let’s use openssl to get the PKCS12 formatted file:

openssl pkcs12 -export -in yourCertificate.crt -inkey yourPrivateKey.key -out certificate.p12

Running the command above will prompt us to create a password. Insert one of your choice and save it somewhere, as we’ll reuse it when configuring the SslContext for the WebClient.

Now, we have a certificate.p12 file that we can use to configure our application.

4. Configuring the SSLContext

Finally, we can create a SslContext that reads the file we created previously, along with the password we set.

We’ll use the SslContextBuilder to create the SslContext:

SslContext sslContext = SslContextBuilder.forClient().keyManager(
    new FileInputStream("pathToP12CertificateFile"),
    "password".toCharArray()).build();

Now, the sslContext can be used to create a WebClient bean that can make secure HTTPS calls:

@Bean
private WebClient getSecureWebClient() {
    HttpClient httpClient = HttpClient.create().secure(sslSpec -> sslSpec.sslContext(getSSLContext()));
    ClientHttpConnector clientHttpConnector = new ReactorClientHttpConnector(httpClient);
    return WebClient.builder()
            .clientConnector(clientHttpConnector)
            .build();
}

Using this WebClient to make secure HTTPS requests is as simple as injecting the WebClient bean into our service:

@Service
public class MyService {
    private final WebClient webClient;

    public MyService(WebClient webClient) {
        this.webClient = webClient;
    }

    public Mono<String> getSecureData() {
        return webClient.get()
                .uri("https://yourEndpoint.com")
                .retrieve()
                .bodyToMono(String.class);
    }
}

In fact, we don’t need to do anything special in our service to make secure HTTPS requests. The WebClient bean we created will handle everything for us.

5. Conclusion

In this tutorial, we converted a certificate and key file to PKCS12 format and configured a WebClient to make secure HTTPS requests. Finally, we showed how we can use the WebClient to make secure HTTPS requests in our service.

Related

How to Retry Using Restclient
Spring-Boot Restclient
Learn how to implement retryable calls using RestClient with the support of spring-retry. Handle temporary failures in making HTTP requests systematically.
Running PostgreSQL in Docker Container
DevOps Postgres Docker Database
Learn how to run PostgreSQL in a Docker container with this step-by-step tutorial. Leverage Docker for easy setup and portability of your PostgreSQL database.
Cookie Policy for NamasteCode