<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Seems that SSL and HostnameVerified
disabled is needed just because of openshift. I wonder if we
should have separate version of quickstarts for openshift. Sent
separate mail about it to Bill DeCoste.<br>
<br>
Marek<br>
<br>
On 06/05/16 13:13, Stian Thorgersen wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAc=aRdDJ5ZSN5S3hNVDaAzQRwBLO9PFMyjdBhrJutr=UA@mail.gmail.com"
type="cite">
<div dir="ltr">I've actually got more of an issue with the fact
that it disables SSL:
<div><br>
</div>
<div>
<div>SSLContext sslContext = new
SSLContextBuilder().loadTrustMaterial(null, new
TrustStrategy() {</div>
<div> public boolean isTrusted(X509Certificate[]
arg0, String arg1) throws CertificateException {</div>
<div> return true;</div>
<div> }</div>
<div> }).build();</div>
<div> b.setSslcontext( sslContext);</div>
<div> </div>
<div> // don't check Hostnames, either.</div>
<div> // -- use
SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if
you don't want to weaken</div>
<div> HostnameVerifier hostnameVerifier =
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 6 May 2016 at 11:24, Marek Posolda <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Right now,
we always create new instance of Apache HTTP Client per each<br>
request. Like in the quickstarts [1] or in the examples [2]
.<br>
<br>
This is anti-pattern and not very good usage of Apache HTTP
Client,<br>
which is supposed to be application-scoped object though. I
know the<br>
point is to have examples as easy as possible. However
shouldn't we<br>
avoid anti-patterns? Otherwise there might be possible risk
that people<br>
will inspire and use the same pattern in their production
apps :-)<br>
<br>
[1]<br>
<a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak-examples/blob/master/app-jee/src/main/java/org/keycloak/quickstart/appjee/ServiceClient.java#L148"
rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak-examples/blob/master/app-jee/src/main/java/org/keycloak/quickstart/appjee/ServiceClient.java#L148</a><br>
[2]<br>
<a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L67"
rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L67</a><br>
<br>
Marek<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>