Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: use SDK http client instead of a separate http-client dependency #16897

Merged
merged 7 commits into from
Jun 8, 2023
Merged

chore: use SDK http client instead of a separate http-client dependency #16897

merged 7 commits into from
Jun 8, 2023

Conversation

mstahv
Copy link
Member

@mstahv mstahv commented May 26, 2023
edited by mcollovati
Loading

Less dependencies that might cause conflicts in user projects

Fixes #14538

Type of change

  • Bugfix
  • Feature

Checklist

  • I have read the contribution guide: https://vaadin.com/docs/latest/guide/contributing/overview/
  • I have added a description following the guideline.
  • The issue is created in the corresponding repository and I have referenced it.
  • I have added tests to ensure my change is effective and works as intended.
  • New and existing tests are passing locally with my change.
  • I have performed self-review and corrected misspellings.

Additional for Feature type of change

  • Enhancement / new feature was discussed in a corresponding GitHub issue and Acceptance Criteria were created.

@mstahv mstahv marked this pull request as draft May 26, 2023 14:47
@mstahv
Copy link
Member Author

mstahv commented May 26, 2023

Looks like vaadin-dev-server is expecting to have the http-client dependency via vaadin-server still. That should also be converted to use the JDK version...

@mstahv mstahv marked this pull request as ready for review May 26, 2023 15:55
@github-actions
Copy link

github-actions bot commented May 26, 2023
edited
Loading

Test Results

   992 files  ±  0     992 suites  ±0   1h 26m 42s ⏱️ + 4m 26s
6 299 tests ±  0  6 258 ✔️ ±  0  41 💤 ±0  0 ±0 
6 549 runs  +13  6 501 ✔️ +13  48 💤 ±0  0 ±0 

Results for commit 2c5f45a. ± Comparison against base commit fe1a378.

♻️ This comment has been updated with latest results.

@mshabarov mshabarov added the Contribution PRs coming from the community or external to the team label May 29, 2023
@mshabarov mshabarov requested a review from mcollovati May 29, 2023 11:04
mcollovati
mcollovati requested changes Jun 5, 2023
View reviewed changes
Copy link
Collaborator

@mcollovati mcollovati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor changes.
The hard-coded timeout settings are a bit opinionated.
It would be good to make them configurable.
Maybe trying to get the value from system properties, otherwise fallback to default?

@mstahv
Copy link
Member Author

mstahv commented Jun 5, 2023

@mcollovati timeouts were opinionated indeed, copied from some tutorial 😂 I removed them now, going with defaults would be fine I guess? Or were those configurable in the past 🤔

@mcollovati
Copy link
Collaborator

I was thinking they were configurable through system properties, as the client builder had useSystemProperties() setting.
But it seems like there are no properties for the timeouts in httpclient.
So removing them from the PR could be fine.

@mstahv
Copy link
Member Author

mstahv commented Jun 5, 2023

👌 That was done in 9becd05

@mcollovati
Copy link
Collaborator

I'm testing with proxy authentication, but the download fails.
I'll have to verify if it is something on my proxy config, but I'm getting an HTTP 407 error (Proxy Authentication Required) and the authenticator getPasswordAuthentication() is never invoked.

@Artur-
Copy link
Member

Artur- commented Jun 5, 2023

Please add some proxy tests to the project :)

@mcollovati
Copy link
Collaborator

It seems like that basic authentication for https proxy has been deactivated since Java 8u111 (https://www.oracle.com/java/technologies/javase/8u111-relnotes.html)

Setting the -Djdk.http.auth.tunneling.disabledSchemes="" system properties makes the authentication work.
Another suggested workaround is to set the Proxy-Authorization header in the request.
It would be useful to investigate how Apache HTTP client handles authentication, as the current DefaultFileDownloader implementation works fine with the basic auth.

@mcollovati
Copy link
Collaborator

And this could be interesting to set up tests with proxy: https://github.com/pan-dora/jdk11-httpclient-tests/blob/master/httpclient/src/test/java/net/httpclient/ProxyAuthTest.java

@knoobie
Copy link
Contributor

knoobie commented Jun 5, 2023

Another suggested workaround is to set the Proxy-Authorization header in the request.

keep in mind this old security fix :) apache/httpcomponents-client@a572756

@mstahv
Copy link
Member Author

mstahv commented Jun 5, 2023

Would be great if we'd know if and how developers use proxies 😬 Building extensive integration tests for this is probably not worth the investement but some smaller smoke test would be great.

@knoobie
Copy link
Contributor

knoobie commented Jun 5, 2023

Couldn't you guys try to get some information about proxy usage based on your usage statistics features? Those could be added til 24.1 and you have those information hopefully in the next months before this hits the road with 24.2/3

@mcollovati
Copy link
Collaborator

I propose not adding custom code for handling proxy authentication, but instead updating the documentation at https://vaadin.com/docs/latest/configuration/development-mode/node-js#proxy-settings-for-downloading-the-front-end-toolchain to suggest setting the -Djdk.http.auth.tunneling.disabledSchemes if needed

mcollovati
mcollovati previously approved these changes Jun 6, 2023
View reviewed changes
@mcollovati mcollovati mentioned this pull request Jun 6, 2023
Closed
@mcollovati
Copy link
Collaborator

Created vaadin/docs#2475 and #16966

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jun 6, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@mcollovati mcollovati changed the title Use SDK http client instead of a separate http-client dependency chore: use SDK http client instead of a separate http-client dependency Jun 7, 2023
@mcollovati mcollovati merged commit 5a8225e into main Jun 8, 2023
@mcollovati mcollovati deleted the feature/drop-httpclient-dependency branch June 8, 2023 11:06
@platosha
Copy link
Contributor

Would it be feasible to backport this to 24.1? Hilla native compilation is broken by httpclient dependency that brings commons-logging, this would help.

vaadin-bot pushed a commit that referenced this pull request Sep 19, 2023
@mstahv @vaadin-bot
chore: use SDK http client instead of a separate http-client dependen…
3b9be58 
…cy (#16897)

Closes #14538
vaadin-bot added a commit that referenced this pull request Sep 19, 2023
@vaadin-bot @mstahv
chore: use SDK http client instead of a separate http-client dependen…
377cf93 
…cy (#16897) (#17656)

Closes #14538

Co-authored-by: Matti Tahvonen <[email protected]>
@knoobie knoobie mentioned this pull request Oct 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcollovati mcollovati mcollovati approved these changes

Assignees
No one assigned
Labels
cherry-picked-24.1 Contribution PRs coming from the community or external to the team target/24.1 +0.0.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Explore removal of Apache's httpclient dependency from flow-server
7 participants
@mstahv @mcollovati @Artur- @knoobie @platosha @vaadin-bot @mshabarov