Build a Java application
Prerequisites
This tutorial assumes that:
- YugabyteDB is up and running. If you are new to YugabyteDB, you can download, install, and have YugabyteDB up and running within five minutes by following the steps in Quick start.
- Set up SSL/TLS depending on the platform you choose to create your local cluster. To set up a cluster in Minikube with SSL/TLS, see SSL certificates for a cluster in Kubernetes.
- Java Development Kit (JDK) 1.8 or later is installed. JDK installers for Linux and macOS can be downloaded from OpenJDK, AdoptOpenJDK, or Azul Systems.
- Apache Maven 3.3 or later is installed.
- OpenSSL 1.1.1 or later is installed.
SSL certificates for a cluster in Kubernetes (Optional)
-
Create a minikube cluster by adding
tls.enabled=trueto the command line described in Quick start.$ kubectl create namespace yb-demo $ helm install yb-demo yugabytedb/yugabyte \ --set resource.master.requests.cpu=0.5,resource.master.requests.memory=0.5Gi,\ resource.tserver.requests.cpu=0.5,resource.tserver.requests.memory=0.5Gi,\ replicas.master=1,replicas.tserver=1,tls.enabled=true --namespace yb-demo -
Verify that SSL is enabled using
ysqlsh.$ ysqlshysqlsh (11.2-YB-2.9.0.0-b0) SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) Type "help" for help. -
Check for the key and certificate files in yb-tserver.
$ kubectl exec -n yb-demo -it yb-tserver-0 -- bash [root@yb-tserver-0 cores]# ls -al /root/.yugabytedb/total 4 drwxrwxrwt 3 root root 140 Oct 22 06:04 . dr-xr-x--- 1 root root 4096 Oct 22 06:19 .. drwxr-xr-x 2 root root 100 Oct 22 06:04 ..2021_10_22_06_04_46.596961191 lrwxrwxrwx 1 root root 31 Oct 22 06:04 ..data -> ..2021_10_22_06_04_46.596961191 lrwxrwxrwx 1 root root 15 Oct 22 06:04 root.crt -> ..data/root.crt lrwxrwxrwx 1 root root 21 Oct 22 06:04 yugabytedb.crt -> ..data/yugabytedb.crt lrwxrwxrwx 1 root root 21 Oct 22 06:04 yugabytedb.key -> ..data/yugabytedb.key -
Download these files to your system and proceed to step 2 under Set up SSL certificates.
% mkdir YBClusterCerts; cd YBClusterCerts % kubectl exec -n "yb-demo" "yb-tserver-0" -- tar -C "/root/.yugabytedb" -cf - . |tar xf - Defaulted container "yb-tserver" out of: yb-tserver, yb-cleanup % ls root.crt yugabytedb.crt yugabytedb.key
Set up SSL certificates for Java applications
To build a Java application that connects to YugabyteDB over an SSL connection, you need the root certificate (ca.crt), and node certificate (yugabytedb.crt) and key (yugabytedb.key) files. If you have not generated these files, follow the instructions in Create server certificates.
-
Download the certificate (
yugabytedb.crt,yugabytedb.key, andca.crt) files (see Copy configuration files to the nodes). -
If you do not have access to the system
cacertsJava truststore you can create your own truststore.$ keytool -keystore ybtruststore -alias ybtruststore -import -file ca.crtEnter a password when you're prompted to enter one for your keystore.
-
Export the truststore. In the following command, replace
<YOURSTOREPASS>with the password you used for your keystore creation.$ keytool -exportcert -keystore ybtruststore -alias ybtruststore -storepass <YOURSTOREPASS> -file ybtruststore.crt -
Convert and export to PEM format with
ybtruststore.pem.$ openssl x509 -inform der -in ybtruststore.crt -out ybtruststore.pem -
Verify the
yugabytedb.crtclient certificate withybtruststore.$ openssl verify -CAfile ybtruststore.pem -purpose sslclient yugabytedb.crt -
Convert the client certificate to DER format.
$ openssl x509 –in yugabytedb.crt -out yugabytedb.crt.der -outform der -
Convert the client key to pk8 format.
$ openssl pkcs8 -topk8 -inform PEM -in yugabytedb.key -outform DER -nocrypt -out yugabytedb.key.pk8
Create and configure the Java project
-
Create a project called "MySample".
$ mvn archetype:generate \ -DgroupId=com.yugabyte \ -DartifactId=MySample \ -DarchetypeArtifactId=maven-archetype-quickstart \ -DinteractiveMode=false $ cd MySample -
Open the
pom.xmlfile in a text editor. -
Add the following below the
<url>element if you're using Java 8.<properties> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> </properties>If you're using Java 11, it should be:
<properties> <maven.compiler.source>11</maven.compiler.source> <maven.compiler.target>11</maven.compiler.target> </properties> -
Add the following within the
<dependencies>element.<dependency> <groupId>org.postgresql</groupId> <artifactId>postgresql</artifactId> <version>42.2.14</version> </dependency>Your
pom.xmlfile should now be similar to the following:<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.yugabyte</groupId> <artifactId>MySample</artifactId> <packaging>jar</packaging> <version>1.0-SNAPSHOT</version> <name>MySample</name> <url>http://maven.apache.org</url> <properties> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> </properties> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> <dependency> <groupId>org.postgresql</groupId> <artifactId>postgresql</artifactId> <version>42.2.14</version> </dependency> </dependencies> </project> -
Save and close
pom.xml. -
Create an ssl resource directory.
$ mkdir -p src/main/resources/ssl -
Copy the
yugabytedb.crt.derandyugabytedb.key.pk8certificates into thessldirectory created in the previous step.
Create the sample Java application with TLS connection
-
Copy the following Java code to a new file named
src/main/java/com/yugabyte/HelloSqlSslApp.java:package com.yugabyte; import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; public class HelloSqlSslApp { public static void main(String[] args) throws ClassNotFoundException, SQLException { Class.forName("org.postgresql.Driver"); Connection conn = DriverManager.getConnection("jdbc:postgresql://localhost:5433/yugabyte?ssl=true&sslmode=require&sslcert=src/main/resources/ssl/yugabytedb.crt.der&sslkey=src/main/resources/ssl/yugabytedb.key.pk8", "yugabyte", "yugabyte"); Statement stmt = conn.createStatement(); try { System.out.println("Connected to the PostgreSQL server successfully."); stmt.execute("DROP TABLE IF EXISTS employee"); stmt.execute("CREATE TABLE IF NOT EXISTS employee" + " (id int primary key, name varchar, age int, language text)"); System.out.println("Created table employee"); String insertStr = "INSERT INTO employee VALUES (1, 'John', 35, 'Java')"; stmt.execute(insertStr); System.out.println("EXEC: " + insertStr); ResultSet rs = stmt.executeQuery("select * from employee"); while (rs.next()) { System.out.println(String.format("Query returned: name = %s, age = %s, language = %s", rs.getString(2), rs.getString(3), rs.getString(4))); } } catch (SQLException e) { System.err.println(e.getMessage()); } } } -
Build the project.
$ mvn clean install -
Run your new program.
$ mvn -q package exec:java -DskipTests -Dexec.mainClass=com.yugabyte.HelloSqlSslAppYou should see the following output:
Connected to the PostgreSQL server successfully. Created table employee Inserted data: INSERT INTO employee (id, name, age, language) VALUES (1, 'John', 35, 'Java'); Query returned: name=John, age=35, language: Java