[keycloak-dev] Reuse Apache HTTP client in the quickstarts and examples?

Stian Thorgersen sthorger at redhat.com
Sun May 8 23:55:53 EDT 2016 

Not sure why it's even using SSL then. We should find a way to rip out that
code and use SSL properly. This is very very bad IMO.

On 6 May 2016 at 20:33, Marek Posolda <mposolda at redhat.com> wrote:

> Seems that SSL and HostnameVerified disabled is needed just because of
> openshift. I wonder if we should have separate version of quickstarts for
> openshift. Sent separate mail about it to Bill DeCoste.
>
> Marek
>
>
> On 06/05/16 13:13, Stian Thorgersen wrote:
>
> I've actually got more of an issue with the fact that it disables SSL:
>
> SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null,
> new TrustStrategy() {
>             public boolean isTrusted(X509Certificate[] arg0, String arg1)
> throws CertificateException {
>                 return true;
>             }
>         }).build();
>         b.setSslcontext( sslContext);
>
>         // don't check Hostnames, either.
>         //      -- use
> SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want
> to weaken
>         HostnameVerifier hostnameVerifier =
> SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
>
> On 6 May 2016 at 11:24, Marek Posolda <mposolda at redhat.com> wrote:
>
>> Right now, we always create new instance of Apache HTTP Client per each
>> request. Like in the quickstarts [1] or in the examples [2] .
>>
>> This is anti-pattern and not very good usage of Apache HTTP Client,
>> which is supposed to be application-scoped object though. I know the
>> point is to have examples as easy as possible. However shouldn't we
>> avoid anti-patterns? Otherwise there might be possible risk that people
>> will inspire and use the same pattern in their production apps :-)
>>
>> [1]
>>
>> https://github.com/keycloak/keycloak-examples/blob/master/app-jee/src/main/java/org/keycloak/quickstart/appjee/ServiceClient.java#L148
>> [2]
>>
>> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L67
>>
>> Marek
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160509/a9d8a787/attachment-0001.html

More information about the keycloak-dev mailing list