<div dir="ltr">Not sure why it's even using SSL then. We should find a way to rip out that code and use SSL properly. This is very very bad IMO.</div><div class="gmail_extra"><br><div class="gmail_quote">On 6 May 2016 at 20:33, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Seems that SSL and HostnameVerified
disabled is needed just because of openshift. I wonder if we
should have separate version of quickstarts for openshift. Sent
separate mail about it to Bill DeCoste.<span class="HOEnZb"><font color="#888888"><br>
<br>
Marek</font></span><div><div class="h5"><br>
<br>
On 06/05/16 13:13, Stian Thorgersen wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">I've actually got more of an issue with the fact
that it disables SSL:
<div><br>
</div>
<div>
<div>SSLContext sslContext = new
SSLContextBuilder().loadTrustMaterial(null, new
TrustStrategy() {</div>
<div> public boolean isTrusted(X509Certificate[]
arg0, String arg1) throws CertificateException {</div>
<div> return true;</div>
<div> }</div>
<div> }).build();</div>
<div> b.setSslcontext( sslContext);</div>
<div> </div>
<div> // don't check Hostnames, either.</div>
<div> // -- use
SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if
you don't want to weaken</div>
<div> HostnameVerifier hostnameVerifier =
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 6 May 2016 at 11:24, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Right now,
we always create new instance of Apache HTTP Client per each<br>
request. Like in the quickstarts [1] or in the examples [2]
.<br>
<br>
This is anti-pattern and not very good usage of Apache HTTP
Client,<br>
which is supposed to be application-scoped object though. I
know the<br>
point is to have examples as easy as possible. However
shouldn't we<br>
avoid anti-patterns? Otherwise there might be possible risk
that people<br>
will inspire and use the same pattern in their production
apps :-)<br>
<br>
[1]<br>
<a href="https://github.com/keycloak/keycloak-examples/blob/master/app-jee/src/main/java/org/keycloak/quickstart/appjee/ServiceClient.java#L148" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak-examples/blob/master/app-jee/src/main/java/org/keycloak/quickstart/appjee/ServiceClient.java#L148</a><br>
[2]<br>
<a href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L67" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L67</a><br>
<br>
Marek<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>