Re: [keycloak-dev] Reuse Apache HTTP client in the quickstarts and examples?

I've actually got more of an issue with the fact that it disables SSL: SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { return true; } }).build(); b.setSslcontext( sslContext); // don't check Hostnames, either. // -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; On 6 May 2016 at 11:24, Marek Posolda <mposolda(a)redhat.com <mailto:mposolda@redhat.com>> wrote: Right now, we always create new instance of Apache HTTP Client per each request. Like in the quickstarts [1] or in the examples [2] . This is anti-pattern and not very good usage of Apache HTTP Client, which is supposed to be application-scoped object though. I know the point is to have examples as easy as possible. However shouldn't we avoid anti-patterns? Otherwise there might be possible risk that people will inspire and use the same pattern in their production apps :-) [1] https://github.com/keycloak/keycloak-examples/blob/master/app-jee/src/mai... [2] https://github.com/keycloak/keycloak/blob/master/examples/demo-template/c... Marek _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-dev