Seems that SSL and HostnameVerified disabled is needed just because of openshift. I wonder if we should have separate version of quickstarts for openshift. Sent separate mail about it to Bill DeCoste.
Marek
On 06/05/16 13:13, Stian Thorgersen wrote:
I've actually got more of an issue with the fact that it disables SSL:
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {return true;}}).build();b.setSslcontext( sslContext);// don't check Hostnames, either.// -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weakenHostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
On 6 May 2016 at 11:24, Marek Posolda <mposolda@redhat.com> wrote:
Right now, we always create new instance of Apache HTTP Client per each
request. Like in the quickstarts [1] or in the examples [2] .
This is anti-pattern and not very good usage of Apache HTTP Client,
which is supposed to be application-scoped object though. I know the
point is to have examples as easy as possible. However shouldn't we
avoid anti-patterns? Otherwise there might be possible risk that people
will inspire and use the same pattern in their production apps :-)
[1]
https://github.com/keycloak/keycloak-examples/blob/master/app-jee/src/main/java/org/keycloak/quickstart/appjee/ServiceClient.java#L148
[2]
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L67
Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev