我正在构建 Web 服务(使用 J2EE)以及一个 android 客户端。现在我面临选择哪种安全技术?并将其与我的 Rest 服务集成。 我爬了谷歌,建议是关于 Oauth2.0、使用 TLS 的基本身份验证、api 密钥。 在我使用 HttpClient 的 android 应用程序中,如果集成这些解决方案之一将需要对我的代码进行重大更改,我不会。在这个场合,任何人都可以让我很好地描述前两个,并建议最好的教程和例子......
【问题讨论】:
can anyone could make me a great description of the two first ones with suggestion of best tutorials with example ?Google 对此非常有用
标签: android security rest jakarta-ee oauth
public class DataLoader {
DefaultHttpClient sslClient;
private boolean silent;
public class CustomX509TrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
public class CustomSSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public CustomSSLSocketFactory(KeyStore truststore)
throws NoSuchAlgorithmException, KeyManagementException,
KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new CustomX509TrustManager();
sslContext.init(null, new TrustManager[] { tm }, null);
}
public CustomSSLSocketFactory(SSLContext context)
throws KeyManagementException, NoSuchAlgorithmException,
KeyStoreException, UnrecoverableKeyException {
super(null);
sslContext = context;
}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host,
port, autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
}
public HttpResponse execute(HttpUriRequest request) {
if (!(silent)) {
Log.i("Performing request", "Performing request");
for (Header header : request.getAllHeaders())
Log.i("Performing request",
"Performing request "
+ new StringBuilder()
.append("Request header: ")
.append(header.getName()).append(" - ")
.append(header.getValue()).toString());
}
HttpResponse response = null;
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { new CustomX509TrustManager() },
new SecureRandom());
HttpClient client = new DefaultHttpClient();
SSLSocketFactory ssf = new CustomSSLSocketFactory(ctx);
ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = client.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", ssf, 443));
sslClient = new DefaultHttpClient(ccm, client.getParams());
response = sslClient.execute(request);
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return response;
}
}
【讨论】: