[keycloak-dev] Reuse Apache HTTP client in the quickstarts and examples?

Marek Posolda mposolda at redhat.com
Fri May 6 14:33:42 EDT 2016 

Seems that SSL and HostnameVerified disabled is needed just because of 
openshift. I wonder if we should have separate version of quickstarts 
for openshift. Sent separate mail about it to Bill DeCoste.

Marek

On 06/05/16 13:13, Stian Thorgersen wrote:
> I've actually got more of an issue with the fact that it disables SSL:
>
> SSLContext sslContext = new 
> SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
>             public boolean isTrusted(X509Certificate[] arg0, String 
> arg1) throws CertificateException {
>                 return true;
>             }
>         }).build();
>         b.setSslcontext( sslContext);
>         // don't check Hostnames, either.
>         //      -- use 
> SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't 
> want to weaken
>         HostnameVerifier hostnameVerifier = 
> SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
>
> On 6 May 2016 at 11:24, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     Right now, we always create new instance of Apache HTTP Client per
>     each
>     request. Like in the quickstarts [1] or in the examples [2] .
>
>     This is anti-pattern and not very good usage of Apache HTTP Client,
>     which is supposed to be application-scoped object though. I know the
>     point is to have examples as easy as possible. However shouldn't we
>     avoid anti-patterns? Otherwise there might be possible risk that
>     people
>     will inspire and use the same pattern in their production apps :-)
>
>     [1]
>     https://github.com/keycloak/keycloak-examples/blob/master/app-jee/src/main/java/org/keycloak/quickstart/appjee/ServiceClient.java#L148
>     [2]
>     https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L67
>
>     Marek
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160506/0cb313a0/attachment.html

More information about the keycloak-dev mailing list