[keycloak-dev] Sharing HttpClient in backchannelLogout

Stian Thorgersen stian at redhat.com
Mon Apr 27 01:06:45 EDT 2015


We should do it proper and add a HttpClient SPI/provider. That way we can also allow configuring what truststore it uses.

----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Friday, 24 April, 2015 7:20:01 PM
> Subject: [keycloak-dev] Sharing HttpClient in backchannelLogout
> 
> Looks that both OIDCLoginProtocol.backchannelLogout and
> SamlProtocol.backchannelLogout always create new instance of Apache
> HttpClient used just during single invocation. I suspect this is not
> very good for performance as HTTP connections pool needs to be always
> created again and again? We're doing it even if client doesn't have
> adminUrl (no sending of HTTP request is even needed).
> 
> I wonder if we should share single instance of HttpClient (or
> ApacheHttpClient4Executor) per LoginProtocolFactory? Or even better, if
> we convert AuthenticationManager to the SPI (which is planned AFAIK) and
> pass the executor from there?
> 
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list