[keycloak-dev] Sharing HttpClient in backchannelLogout

Marek Posolda mposolda at redhat.com
Mon Apr 27 03:29:40 EDT 2015

I agree that SPI will be even better. Will allow us to configure also 
all other stuff like connection pooling etc. Created 


On 27.4.2015 07:06, Stian Thorgersen wrote:
> We should do it proper and add a HttpClient SPI/provider. That way we can also allow configuring what truststore it uses.
> ----- Original Message -----
>> From: "Marek Posolda" <mposolda at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Friday, 24 April, 2015 7:20:01 PM
>> Subject: [keycloak-dev] Sharing HttpClient in backchannelLogout
>> Looks that both OIDCLoginProtocol.backchannelLogout and
>> SamlProtocol.backchannelLogout always create new instance of Apache
>> HttpClient used just during single invocation. I suspect this is not
>> very good for performance as HTTP connections pool needs to be always
>> created again and again? We're doing it even if client doesn't have
>> adminUrl (no sending of HTTP request is even needed).
>> I wonder if we should share single instance of HttpClient (or
>> ApacheHttpClient4Executor) per LoginProtocolFactory? Or even better, if
>> we convert AuthenticationManager to the SPI (which is planned AFAIK) and
>> pass the executor from there?
>> Marek
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list