feat: Migrate to HttpClient5 in OAuth2Service#1103
Conversation
| @Test | ||
| @DisplayName( "createHttpClient with non-certificate-based ClientIdentity should return default HTTP client" ) | ||
| void testCreateHttpClientWithNonCertificateBasedClientIdentity() |
There was a problem hiding this comment.
We could maybe remove some if these first tests of createHttpClient. But technically they all test different behaviours.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
...rc/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/HttpClient5OAuth2TokenService.java
Fixed
Show fixed
Hide fixed
...rc/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/HttpClient5OAuth2TokenService.java
Fixed
Show fixed
Hide fixed
...rc/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/HttpClient5OAuth2TokenService.java
Fixed
Show fixed
Hide fixed
...rc/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/HttpClient5OAuth2TokenService.java
Fixed
Show fixed
Hide fixed
...rc/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/HttpClient5OAuth2TokenService.java
Fixed
Show fixed
Hide fixed
.../com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2ServiceBindingDestinationLoaderTest.java
Outdated
Show resolved
Hide resolved
CharlesDuboisSAP
left a comment
CharlesDuboisSAP
left a comment
There was a problem hiding this comment.
Why not put your new HttpClient5OAuth2TokenService in the security library? They might have more tests to make sure it works.
The security library apparently is planning to release a similar feature in the future. Since it is not sure when this will be released and in what capacity (minor/major version release etc), it makes more sense to continue with our effort here. |
Unfortunately even if get it into their code-base, we couldn't directly use it. Because we would depend on a latest version, whereas our users may provide an older version of the security-library - that could result to dependency version mismatch and missing method runtime exceptions. We already made the painful mistake in the past, and we had discussions with users complaining that the SDK stopped working for them. Unfortunately there is no static code check that would check for such breaking changes. I guess library development is a little special in this regard. Technically we are required to check for every external API usage what's the minimum dependency version (major and minor). That hopefully explains why (we want to) put |
3 participants
Context
https://github.com/SAP/ai-sdk-java-backlog/issues/328
This PR migrates the
OAuth2Serviceto use HttpClient5 internally. In order to do this, the new classHttpClient5OAuth2TokenServiceis introduced (and tested) in place of the previously usedcom.sap.cloud.security.xsuaa.client.DefaultOAuth2TokenServicewhich relies on HttpClient4.Feature scope:
HttpClient5OAuth2TokenServiceHttpClient5OAuth2TokenServiceHttpClient5OAuth2TokenServiceDefinition of Done
Documentation updatedRelease notes updated