Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flexible HttpClient configuration for interactions with Fedora #113

Merged
merged 13 commits into from
May 15, 2017
Merged

Flexible HttpClient configuration for interactions with Fedora #113

merged 13 commits into from
May 15, 2017

Conversation

birkland
Copy link
Contributor

@birkland birkland commented May 3, 2017
edited
Loading

Allows the user to provide an HttpClient for interacting with Fedora, and provides for more flexible authn configuration of the default/provided HttpClient used by API-X for this purpose. This allows API-X to adapt to arbitrarily complex authn protocols that may protect Fedora (such as JWT)

  • In OSGi, API-X uses the highest ranked HttpClient published to the service registry for communication with Fedora.
  • API-X listens for added/removed HttpClients in the OSGi service registry, and immediately starts using HttpClients as soon as they are available.
  • Additional configuration properties are provided for using basic auth with the default HttpClient used by API-X.
  • The Fedora instance used in the ITs has been updated to require a username/passwd via basic auth

Resolves #112
Resolves #114

@birkland
Configure OSGi service reference name for HttpClient
1595442 
This provides a new configuration parameter for org.fcrepo.apix.jena.cfg:

The httpclient.osgi.jndi.service.name property can be used to specify the
service name in OSGi for HttpClient implementations.  This allows
the use of custom-configured HttpClient instances by the various API-X
registries when communicating with Fedora.
@birkland birkland mentioned this pull request May 3, 2017
Merged
ajs6f
ajs6f reviewed May 5, 2017
View reviewed changes
fcrepo-api-x-jena/src/main/java/org/fcrepo/apix/jena/impl/HttpClientFetcher.java Outdated
*/
public CloseableHttpClient getClient() throws Exception {

final Collection<ServiceReference<CloseableHttpClient>> refs = bundleContext.getServiceReferences(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After a lot of debugging, I finally realized that the reason I haven't gotten my PR to work against your PR is because I am publishing an HttpClient and you are expecting a CloseableHttpClient. What is the reason you are requiring a CloseableHttpClient (which is an impl class) instead of the interface...? Presumably, you are not actually closing the client...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, it's because CloseableHttpClient is the only way to get CloseableHttpResponses that can be used with try-with-resources. I think we'd have to resort to casting or factor out the try-with-resources in order to support plain ol' HttpClient. Casting in HttpClientFetcher might actually work. Thoughts?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My first thought is that this isn't our fault, this is a real flaw in the API. I hope they are fixing this for 5. Be that as it may, and given that the only actual impls of the interface that come with Commons itself are all CloseableHttpClients, I don't have a big problem with casting (accompanied by a TODO and even maybe a ticket to remind to do better when we can).

Alternatively, we can register, not the client, but the interceptor. IOW, you build your own client in API-X (presumably via one of the HttpClientBuilderFactory services that HTTP Commons registers for you) and draw any HttpRequestInterceptors or HttpResponsenterceptors registered under the right filters and pack them on.

Does either sound inherently more appealing? The latter is "cleaner", but really starts to tangle the Commons HTTP client API into our code.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, an API flaw (probably for the sake of backward compatibility with pre-java-7).

Of all those, I think casting is more appealing. I don't know enough about HttpClient to have a sense of whether interceptors would be sufficient.

OK, I'll push to the PR once it passes its local ITs

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, interceptors are sufficient-- that's what we are using on the CLAW-supplied client we are offering you to inject. That having been said, I have no prob with casting, since that means less work for me. :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After a few false starts getting OSGi wiring happy, I just updated the PR to use the casting approach. Now it looks for org.apache.http.client.HttpClient!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Building it now.

birkland added 8 commits May 5, 2017 13:00
@birkland
Use HttpClient interface in OSGi registry
ea9cdb3
@birkland
Use provided HttpClient in base registry
c3fc568 
Any provided HttpClient now is (a) accessible by an HttpClientFetcher, and
(b) is the basis of the default registry.
@birkland
Fix blueprint to inject the correct HttpClient
e769c99
@birkland
Use injected HttpClient instead of FcrepoClient
69cab8a
@birkland
Proxy HttpClient, listen for OSGi services
3e404f7 
Switch out current or default HttpClient for highest-ranked HttpClient in
OSGi service registry immediately when it becomes available
@birkland
Bump fcrepo, cargo versions
db3ecc2
@birkland
Use basicAuth in Fedora for ITs
b65da6b 
Also place an authenticated HttpClient in fcrepo-api-x-test and publish as
an OSGi service
@birkland
Use authenticated fcrepo camel component for index
fea5b57 
This doesn't quite work yet, so service indexing ITs are disabled
@birkland birkland changed the title Configure OSGi service reference name for HttpClient Flexible HttpClient configuration for interactions with Fedora May 11, 2017
@birkland
Copy link
Contributor Author

As noted in a comment on the CLAW issue, updates to the service indexing ITs are pending

@ajs6f ajs6f mentioned this pull request May 11, 2017
Merged
@birkland
Copy link
Contributor Author

@ajs6f @acoburn

Just FYI, I was able to get the camel http4 component to use a provided HttpClient by adding the param
?httpClient=#httpClient to an http4 endpoint URI, and having a bean with id of httpClient available in blueprint. It doesn't look like this is documented anywhere I could find, except via looking through the source code. It should work for using the JWT-enabled CLAW HttpClient in camel routes.

@ajs6f
Copy link
Contributor

ajs6f commented May 12, 2017

Tracking the question of httpClient here.

@emetsger emetsger merged commit 9fe9028 into fcrepo4-labs:master May 15, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajs6f ajs6f ajs6f left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@birkland @ajs6f @emetsger