You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "KARR, DAVID" <dk...@att.com> on 2017/04/05 19:26:59 UTC
Verifying threadsafety of cached javax.ws.rs.client.Client
implementation with basic auth in CXF & 404 in docs
I'm likely going to be implementing a REST service call using ClientBuilder, and it will require basic auth. I'm intending to cache the Client object, if I can be sure it's thread-safe.
I'm having trouble getting a clear picture on some of these details from the main docs. I found the section about using ClientBuilder (http://cxf.apache.org/docs/jax-rs-client-api.html), but that doesn't mention auth. When I searched for "basic" on the same page, I found some references to doing this with a WebClient, but I'm not sure of the relevance of that. I also can't find a statement about thread-safety. I understand that Client is an interface, but CXF is providing an implementation, so I would assume it's possible to determine that.
I note that links to "JAXRSClientFactoryBean" on that page get a 404. I have a feeling that class is relevant to this. I also don't see this class in the standard Javadoc set.
Re: Verifying threadsafety of cached javax.ws.rs.client.Client
implementation with basic auth in CXF & 404 in docs
Posted by Sergey Beryozkin <sb...@gmail.com>.
Perhaps that was the test issue, as building the core module passed OK
for me
Sergey
On 06/04/17 00:25, KARR, DAVID wrote:
>> -----Original Message-----
>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>> Sent: Wednesday, April 05, 2017 3:23 PM
>> To: users@cxf.apache.org
>> Subject: Re: Verifying threadsafety of cached javax.ws.rs.client.Client
>> implementation with basic auth in CXF & 404 in docs
>>
>> Have a look here for example:
>>
>> https://urldefense.proofpoint.com/v2/url?u=https-
>> 3A__github.com_apache_cxf_blob_master_systests_jaxrs_src_test_java_org_a
>> pache_cxf_systest_jaxrs_security_JAXRS20HttpsBookTest.java&d=DwIC-
>> g&c=LFYZ-o9_HUMeMTSQicvjIg&r=OsTemSXEn-
>> xy2uk0vYF_EA&m=jXHUnYDffTkB5gI77BZ4Bz-M8XDgzxJ5e0_zbGUprVQ&s=jic-
>> f7Lz8SwVsNJ5kmSECWHdOeEn5PORJH4bNsbSDTY&e=
>>
>> there should be some examples available on the web too
>
> Yeah, there are some examples, but the ones I've found are somewhat random and variable. It was easy to find ones using basic auth. This looks like it will be fine.
>
> Note that while I was building the latest code on master, I was getting a failure in "org.apache.cxf.attachment.AttachmentDeserializerTest":
> ------------
> java.lang.AssertionError: expected:<2> but was:<1>
> at org.apache.cxf.attachment.AttachmentDeserializerTest.testCXF3383(AttachmentDeserializerTest.java:530)
> ------------
>
>> On 05/04/17 23:16, KARR, DAVID wrote:
>>>> -----Original Message-----
>>>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>>>> Sent: Wednesday, April 05, 2017 3:09 PM
>>>> To: users@cxf.apache.org
>>>> Subject: Re: Verifying threadsafety of cached
>>>> javax.ws.rs.client.Client implementation with basic auth in CXF & 404
>>>> in docs
>>>>
>>>> That should be thread safe too, I don't see why not...
>>>
>>> Ok, well, thanks for that, but the harder question is HOW to do client
>> certificate auth with ClientBuilder?
>>>
>>>> Sergey
>>>> On 05/04/17 23:07, KARR, DAVID wrote:
>>>>>> -----Original Message-----
>>>>>> From: KARR, DAVID
>>>>>> Sent: Wednesday, April 05, 2017 12:27 PM
>>>>>> To: users@cxf.apache.org
>>>>>> Subject: Verifying threadsafety of cached javax.ws.rs.client.Client
>>>>>> implementation with basic auth in CXF & 404 in docs
>>>>>>
>>>>>> I'm likely going to be implementing a REST service call using
>>>>>> ClientBuilder, and it will require basic auth. I'm intending to
>>>>>> cache the Client object, if I can be sure it's thread-safe.
>>>>>
>>>>> Slight correction: this is going to require 2-way cert auth, not
>>>>> basic
>>>> auth.
>>>>>
>>>>>> I'm having trouble getting a clear picture on some of these details
>>>>>> from the main docs. I found the section about using ClientBuilder
>>>>>> (https://urldefense.proofpoint.com/v2/url?u=http-
>>>>>> 3A__cxf.apache.org_docs_jax-2Drs-2Dclient-2Dapi.html&d=DwIFAg&c=LFY
>>>>>> Z-
>>>>>> o9_HUMeMTSQicvjIg&r=OsTemSXEn-
>>>>>> xy2uk0vYF_EA&m=yD0wxSnRASYOtn5y9X8bW4S5ob5E8WHX2C84AFt4ATQ&s=bIClm6
>>>>>> sf aNO KqAtPUKTW6E-mJyd8zEp3DdstKS98Hbg&e= ), but that doesn't
>>>>>> mention auth.
>>>>>> When I searched for "basic" on the same page, I found some
>>>>>> references to doing this with a WebClient, but I'm not sure of the
>>>>>> relevance of
>>>> that.
>>>>>> I also can't find a statement about thread-safety. I understand
>>>>>> that Client is an interface, but CXF is providing an
>>>>>> implementation, so I would assume it's possible to determine that.
>>>>>>
>>>>>> I note that links to "JAXRSClientFactoryBean" on that page get a
>> 404.
>>>>>> I have a feeling that class is relevant to this. I also don't see
>>>>>> this class in the standard Javadoc set.
>>>>
>>>>
>>>> --
>>>> Sergey Beryozkin
>>>>
>>>> Talend Community Coders
>>>> https://urldefense.proofpoint.com/v2/url?u=http-
>>>> 3A__coders.talend.com_&d=DwIC-g&c=LFYZ-o9_HUMeMTSQicvjIg&r=OsTemSXEn-
>>>> xy2uk0vYF_EA&m=QavMmIPqYG7WKowlS6MW2ICLH4yHKXk38iZAy2Wtv7Q&s=sLgiqB3V
>>>> 9Pc
>>>> 9DwSFG6HrSMOkPw5bajVaLhAwSXm245Q&e=
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
RE: Verifying threadsafety of cached javax.ws.rs.client.Client
implementation with basic auth in CXF & 404 in docs
Posted by "KARR, DAVID" <dk...@att.com>.
> -----Original Message-----
> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
> Sent: Wednesday, April 05, 2017 3:23 PM
> To: users@cxf.apache.org
> Subject: Re: Verifying threadsafety of cached javax.ws.rs.client.Client
> implementation with basic auth in CXF & 404 in docs
>
> Have a look here for example:
>
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__github.com_apache_cxf_blob_master_systests_jaxrs_src_test_java_org_a
> pache_cxf_systest_jaxrs_security_JAXRS20HttpsBookTest.java&d=DwIC-
> g&c=LFYZ-o9_HUMeMTSQicvjIg&r=OsTemSXEn-
> xy2uk0vYF_EA&m=jXHUnYDffTkB5gI77BZ4Bz-M8XDgzxJ5e0_zbGUprVQ&s=jic-
> f7Lz8SwVsNJ5kmSECWHdOeEn5PORJH4bNsbSDTY&e=
>
> there should be some examples available on the web too
Yeah, there are some examples, but the ones I've found are somewhat random and variable. It was easy to find ones using basic auth. This looks like it will be fine.
Note that while I was building the latest code on master, I was getting a failure in "org.apache.cxf.attachment.AttachmentDeserializerTest":
------------
java.lang.AssertionError: expected:<2> but was:<1>
at org.apache.cxf.attachment.AttachmentDeserializerTest.testCXF3383(AttachmentDeserializerTest.java:530)
------------
> On 05/04/17 23:16, KARR, DAVID wrote:
> >> -----Original Message-----
> >> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
> >> Sent: Wednesday, April 05, 2017 3:09 PM
> >> To: users@cxf.apache.org
> >> Subject: Re: Verifying threadsafety of cached
> >> javax.ws.rs.client.Client implementation with basic auth in CXF & 404
> >> in docs
> >>
> >> That should be thread safe too, I don't see why not...
> >
> > Ok, well, thanks for that, but the harder question is HOW to do client
> certificate auth with ClientBuilder?
> >
> >> Sergey
> >> On 05/04/17 23:07, KARR, DAVID wrote:
> >>>> -----Original Message-----
> >>>> From: KARR, DAVID
> >>>> Sent: Wednesday, April 05, 2017 12:27 PM
> >>>> To: users@cxf.apache.org
> >>>> Subject: Verifying threadsafety of cached javax.ws.rs.client.Client
> >>>> implementation with basic auth in CXF & 404 in docs
> >>>>
> >>>> I'm likely going to be implementing a REST service call using
> >>>> ClientBuilder, and it will require basic auth. I'm intending to
> >>>> cache the Client object, if I can be sure it's thread-safe.
> >>>
> >>> Slight correction: this is going to require 2-way cert auth, not
> >>> basic
> >> auth.
> >>>
> >>>> I'm having trouble getting a clear picture on some of these details
> >>>> from the main docs. I found the section about using ClientBuilder
> >>>> (https://urldefense.proofpoint.com/v2/url?u=http-
> >>>> 3A__cxf.apache.org_docs_jax-2Drs-2Dclient-2Dapi.html&d=DwIFAg&c=LFY
> >>>> Z-
> >>>> o9_HUMeMTSQicvjIg&r=OsTemSXEn-
> >>>> xy2uk0vYF_EA&m=yD0wxSnRASYOtn5y9X8bW4S5ob5E8WHX2C84AFt4ATQ&s=bIClm6
> >>>> sf aNO KqAtPUKTW6E-mJyd8zEp3DdstKS98Hbg&e= ), but that doesn't
> >>>> mention auth.
> >>>> When I searched for "basic" on the same page, I found some
> >>>> references to doing this with a WebClient, but I'm not sure of the
> >>>> relevance of
> >> that.
> >>>> I also can't find a statement about thread-safety. I understand
> >>>> that Client is an interface, but CXF is providing an
> >>>> implementation, so I would assume it's possible to determine that.
> >>>>
> >>>> I note that links to "JAXRSClientFactoryBean" on that page get a
> 404.
> >>>> I have a feeling that class is relevant to this. I also don't see
> >>>> this class in the standard Javadoc set.
> >>
> >>
> >> --
> >> Sergey Beryozkin
> >>
> >> Talend Community Coders
> >> https://urldefense.proofpoint.com/v2/url?u=http-
> >> 3A__coders.talend.com_&d=DwIC-g&c=LFYZ-o9_HUMeMTSQicvjIg&r=OsTemSXEn-
> >> xy2uk0vYF_EA&m=QavMmIPqYG7WKowlS6MW2ICLH4yHKXk38iZAy2Wtv7Q&s=sLgiqB3V
> >> 9Pc
> >> 9DwSFG6HrSMOkPw5bajVaLhAwSXm245Q&e=
Re: Verifying threadsafety of cached javax.ws.rs.client.Client
implementation with basic auth in CXF & 404 in docs
Posted by Sergey Beryozkin <sb...@gmail.com>.
Have a look here for example:
https://github.com/apache/cxf/blob/master/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java
there should be some examples available on the web too
Sergey
On 05/04/17 23:16, KARR, DAVID wrote:
>> -----Original Message-----
>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>> Sent: Wednesday, April 05, 2017 3:09 PM
>> To: users@cxf.apache.org
>> Subject: Re: Verifying threadsafety of cached javax.ws.rs.client.Client
>> implementation with basic auth in CXF & 404 in docs
>>
>> That should be thread safe too, I don't see why not...
>
> Ok, well, thanks for that, but the harder question is HOW to do client certificate auth with ClientBuilder?
>
>> Sergey
>> On 05/04/17 23:07, KARR, DAVID wrote:
>>>> -----Original Message-----
>>>> From: KARR, DAVID
>>>> Sent: Wednesday, April 05, 2017 12:27 PM
>>>> To: users@cxf.apache.org
>>>> Subject: Verifying threadsafety of cached javax.ws.rs.client.Client
>>>> implementation with basic auth in CXF & 404 in docs
>>>>
>>>> I'm likely going to be implementing a REST service call using
>>>> ClientBuilder, and it will require basic auth. I'm intending to
>>>> cache the Client object, if I can be sure it's thread-safe.
>>>
>>> Slight correction: this is going to require 2-way cert auth, not basic
>> auth.
>>>
>>>> I'm having trouble getting a clear picture on some of these details
>>>> from the main docs. I found the section about using ClientBuilder
>>>> (https://urldefense.proofpoint.com/v2/url?u=http-
>>>> 3A__cxf.apache.org_docs_jax-2Drs-2Dclient-2Dapi.html&d=DwIFAg&c=LFYZ-
>>>> o9_HUMeMTSQicvjIg&r=OsTemSXEn-
>>>> xy2uk0vYF_EA&m=yD0wxSnRASYOtn5y9X8bW4S5ob5E8WHX2C84AFt4ATQ&s=bIClm6sf
>>>> aNO KqAtPUKTW6E-mJyd8zEp3DdstKS98Hbg&e= ), but that doesn't mention
>>>> auth.
>>>> When I searched for "basic" on the same page, I found some references
>>>> to doing this with a WebClient, but I'm not sure of the relevance of
>> that.
>>>> I also can't find a statement about thread-safety. I understand that
>>>> Client is an interface, but CXF is providing an implementation, so I
>>>> would assume it's possible to determine that.
>>>>
>>>> I note that links to "JAXRSClientFactoryBean" on that page get a 404.
>>>> I have a feeling that class is relevant to this. I also don't see
>>>> this class in the standard Javadoc set.
>>
>>
>> --
>> Sergey Beryozkin
>>
>> Talend Community Coders
>> https://urldefense.proofpoint.com/v2/url?u=http-
>> 3A__coders.talend.com_&d=DwIC-g&c=LFYZ-o9_HUMeMTSQicvjIg&r=OsTemSXEn-
>> xy2uk0vYF_EA&m=QavMmIPqYG7WKowlS6MW2ICLH4yHKXk38iZAy2Wtv7Q&s=sLgiqB3V9Pc
>> 9DwSFG6HrSMOkPw5bajVaLhAwSXm245Q&e=
RE: Verifying threadsafety of cached javax.ws.rs.client.Client
implementation with basic auth in CXF & 404 in docs
Posted by "KARR, DAVID" <dk...@att.com>.
> -----Original Message-----
> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
> Sent: Wednesday, April 05, 2017 3:09 PM
> To: users@cxf.apache.org
> Subject: Re: Verifying threadsafety of cached javax.ws.rs.client.Client
> implementation with basic auth in CXF & 404 in docs
>
> That should be thread safe too, I don't see why not...
Ok, well, thanks for that, but the harder question is HOW to do client certificate auth with ClientBuilder?
> Sergey
> On 05/04/17 23:07, KARR, DAVID wrote:
> >> -----Original Message-----
> >> From: KARR, DAVID
> >> Sent: Wednesday, April 05, 2017 12:27 PM
> >> To: users@cxf.apache.org
> >> Subject: Verifying threadsafety of cached javax.ws.rs.client.Client
> >> implementation with basic auth in CXF & 404 in docs
> >>
> >> I'm likely going to be implementing a REST service call using
> >> ClientBuilder, and it will require basic auth. I'm intending to
> >> cache the Client object, if I can be sure it's thread-safe.
> >
> > Slight correction: this is going to require 2-way cert auth, not basic
> auth.
> >
> >> I'm having trouble getting a clear picture on some of these details
> >> from the main docs. I found the section about using ClientBuilder
> >> (https://urldefense.proofpoint.com/v2/url?u=http-
> >> 3A__cxf.apache.org_docs_jax-2Drs-2Dclient-2Dapi.html&d=DwIFAg&c=LFYZ-
> >> o9_HUMeMTSQicvjIg&r=OsTemSXEn-
> >> xy2uk0vYF_EA&m=yD0wxSnRASYOtn5y9X8bW4S5ob5E8WHX2C84AFt4ATQ&s=bIClm6sf
> >> aNO KqAtPUKTW6E-mJyd8zEp3DdstKS98Hbg&e= ), but that doesn't mention
> >> auth.
> >> When I searched for "basic" on the same page, I found some references
> >> to doing this with a WebClient, but I'm not sure of the relevance of
> that.
> >> I also can't find a statement about thread-safety. I understand that
> >> Client is an interface, but CXF is providing an implementation, so I
> >> would assume it's possible to determine that.
> >>
> >> I note that links to "JAXRSClientFactoryBean" on that page get a 404.
> >> I have a feeling that class is relevant to this. I also don't see
> >> this class in the standard Javadoc set.
>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__coders.talend.com_&d=DwIC-g&c=LFYZ-o9_HUMeMTSQicvjIg&r=OsTemSXEn-
> xy2uk0vYF_EA&m=QavMmIPqYG7WKowlS6MW2ICLH4yHKXk38iZAy2Wtv7Q&s=sLgiqB3V9Pc
> 9DwSFG6HrSMOkPw5bajVaLhAwSXm245Q&e=
Re: Verifying threadsafety of cached javax.ws.rs.client.Client
implementation with basic auth in CXF & 404 in docs
Posted by Sergey Beryozkin <sb...@gmail.com>.
That should be thread safe too, I don't see why not...
Sergey
On 05/04/17 23:07, KARR, DAVID wrote:
>> -----Original Message-----
>> From: KARR, DAVID
>> Sent: Wednesday, April 05, 2017 12:27 PM
>> To: users@cxf.apache.org
>> Subject: Verifying threadsafety of cached javax.ws.rs.client.Client
>> implementation with basic auth in CXF & 404 in docs
>>
>> I'm likely going to be implementing a REST service call using
>> ClientBuilder, and it will require basic auth. I'm intending to cache
>> the Client object, if I can be sure it's thread-safe.
>
> Slight correction: this is going to require 2-way cert auth, not basic auth.
>
>> I'm having trouble getting a clear picture on some of these details from
>> the main docs. I found the section about using ClientBuilder
>> (https://urldefense.proofpoint.com/v2/url?u=http-
>> 3A__cxf.apache.org_docs_jax-2Drs-2Dclient-2Dapi.html&d=DwIFAg&c=LFYZ-
>> o9_HUMeMTSQicvjIg&r=OsTemSXEn-
>> xy2uk0vYF_EA&m=yD0wxSnRASYOtn5y9X8bW4S5ob5E8WHX2C84AFt4ATQ&s=bIClm6sfaNO
>> KqAtPUKTW6E-mJyd8zEp3DdstKS98Hbg&e= ), but that doesn't mention auth.
>> When I searched for "basic" on the same page, I found some references to
>> doing this with a WebClient, but I'm not sure of the relevance of that.
>> I also can't find a statement about thread-safety. I understand that
>> Client is an interface, but CXF is providing an implementation, so I
>> would assume it's possible to determine that.
>>
>> I note that links to "JAXRSClientFactoryBean" on that page get a 404. I
>> have a feeling that class is relevant to this. I also don't see this
>> class in the standard Javadoc set.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
RE: Verifying threadsafety of cached javax.ws.rs.client.Client
implementation with basic auth in CXF & 404 in docs
Posted by "KARR, DAVID" <dk...@att.com>.
> -----Original Message-----
> From: KARR, DAVID
> Sent: Wednesday, April 05, 2017 12:27 PM
> To: users@cxf.apache.org
> Subject: Verifying threadsafety of cached javax.ws.rs.client.Client
> implementation with basic auth in CXF & 404 in docs
>
> I'm likely going to be implementing a REST service call using
> ClientBuilder, and it will require basic auth. I'm intending to cache
> the Client object, if I can be sure it's thread-safe.
Slight correction: this is going to require 2-way cert auth, not basic auth.
> I'm having trouble getting a clear picture on some of these details from
> the main docs. I found the section about using ClientBuilder
> (https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__cxf.apache.org_docs_jax-2Drs-2Dclient-2Dapi.html&d=DwIFAg&c=LFYZ-
> o9_HUMeMTSQicvjIg&r=OsTemSXEn-
> xy2uk0vYF_EA&m=yD0wxSnRASYOtn5y9X8bW4S5ob5E8WHX2C84AFt4ATQ&s=bIClm6sfaNO
> KqAtPUKTW6E-mJyd8zEp3DdstKS98Hbg&e= ), but that doesn't mention auth.
> When I searched for "basic" on the same page, I found some references to
> doing this with a WebClient, but I'm not sure of the relevance of that.
> I also can't find a statement about thread-safety. I understand that
> Client is an interface, but CXF is providing an implementation, so I
> would assume it's possible to determine that.
>
> I note that links to "JAXRSClientFactoryBean" on that page get a 404. I
> have a feeling that class is relevant to this. I also don't see this
> class in the standard Javadoc set.
Re: Verifying threadsafety of cached javax.ws.rs.client.Client
implementation with basic auth in CXF & 404 in docs
Posted by Sergey Beryozkin <sb...@gmail.com>.
With 2.0 Client API, as far as Basic auth is concerned, one can either
set a WebTarget header or use a filter, I believe in both cases it is
thread safe
Sergey
On 05/04/17 20:26, KARR, DAVID wrote:
> I'm likely going to be implementing a REST service call using ClientBuilder, and it will require basic auth. I'm intending to cache the Client object, if I can be sure it's thread-safe.
>
> I'm having trouble getting a clear picture on some of these details from the main docs. I found the section about using ClientBuilder (http://cxf.apache.org/docs/jax-rs-client-api.html), but that doesn't mention auth. When I searched for "basic" on the same page, I found some references to doing this with a WebClient, but I'm not sure of the relevance of that. I also can't find a statement about thread-safety. I understand that Client is an interface, but CXF is providing an implementation, so I would assume it's possible to determine that.
>
> I note that links to "JAXRSClientFactoryBean" on that page get a 404. I have a feeling that class is relevant to this. I also don't see this class in the standard Javadoc set.
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/