Re: [keycloak-dev] Reuse Apache HTTP client in the quickstarts and examples?

Friday, 6 May 2016

I've actually got more of an issue with the fact that it disables SSL:

SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new
TrustStrategy() {
            public boolean isTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
                return true;
            }
        }).build();
        b.setSslcontext( sslContext);

        // don't check Hostnames, either.
        //      -- use
SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want
to weaken
        HostnameVerifier hostnameVerifier =
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

On 6 May 2016 at 11:24, Marek Posolda <mposolda(a)redhat.com&gt; wrote:

...
 Right now, we always create new instance of Apache HTTP Client per
each
 request. Like in the quickstarts [1] or in the examples [2] .

 This is anti-pattern and not very good usage of Apache HTTP Client,
 which is supposed to be application-scoped object though. I know the
 point is to have examples as easy as possible. However shouldn't we
 avoid anti-patterns? Otherwise there might be possible risk that people
 will inspire and use the same pattern in their production apps :-)

 [1]

https://github.com/keycloak/keycloak-examples/blob/master/app-jee/src/mai...
 [2]

https://github.com/keycloak/keycloak/blob/master/examples/demo-template/c...

 Marek
 _______________________________________________
 keycloak-dev mailing list
 keycloak-dev(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-dev

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Re: [keycloak-dev] Reuse Apache HTTP client in the quickstarts and examples?