Seems that SSL and HostnameVerified disabled is needed just because of openshift. I wonder if we should have separate version of quickstarts for openshift. Sent separate mail about it to Bill DeCoste.

Marek

On 06/05/16 13:13, Stian Thorgersen wrote:
I've actually got more of an issue with the fact that it disables SSL:

SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
            public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
                return true;
            }
        }).build();
        b.setSslcontext( sslContext);
     
        // don't check Hostnames, either.
        //      -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken
        HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

On 6 May 2016 at 11:24, Marek Posolda <mposolda@redhat.com> wrote:
Right now, we always create new instance of Apache HTTP Client per each
request. Like in the quickstarts [1] or in the examples [2] .

This is anti-pattern and not very good usage of Apache HTTP Client,
which is supposed to be application-scoped object though. I know the
point is to have examples as easy as possible. However shouldn't we
avoid anti-patterns? Otherwise there might be possible risk that people
will inspire and use the same pattern in their production apps :-)

[1]
https://github.com/keycloak/keycloak-examples/blob/master/app-jee/src/main/java/org/keycloak/quickstart/appjee/ServiceClient.java#L148
[2]
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L67

Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev