Upgrade Apache HttpClient 4.5.13 -> 5.1.3 #35
Conversation
…()` now requires an unescaped query string, which is not compatible with tricky characters (e.g., "&" in a schema name).
labkey-adam
requested review from
labkey-susanh,
labkey-jeckels and
labkey-tchad
| api ("com.googlecode.json-simple:json-simple:${jsonSimpleVersion}") | ||
| { | ||
| // exclude this because it gets in the way of our own JSON object implementations from server/api | ||
| exclude group: "org.json", module:"json" | ||
| } | ||
| api "org.apache.httpcomponents.client5:httpclient5:${httpclient5Version}" | ||
| api "org.apache.httpcomponents.core5:httpcore5:${httpcore5Version}" |
There was a problem hiding this comment.
Just checking that these are actually api dependencies (that is, we expose some objects from these jar files in our interfaces). I assume so since they were before.
There was a problem hiding this comment.
Yes, unfortunately our wrappers expose a few native HttpClient/HttpCore classes. For example, our Connection.executeRequest() returns CloseableHttpResponse (from HttpClient) which implements ClassicHttpResponse (from HttpCore). I've made a few internal methods private in this PR to reduce the leakage, but we can't eliminate it without more work.
There was a problem hiding this comment.
Connection.stopImpersonating seems to be broken.
Biologics tests use it fairly broadly and it seems to be failing every time:
org.labkey.remoteapi.CommandException: Failed to stop impersonating
at app//org.labkey.remoteapi.Connection.stopImpersonate(Connection.java:403)
at app//org.labkey.test.util.TestUser.stopImpersonating(TestUser.java:123)
at app//org.labkey.test.tests.biologics.crossfolder.CrossFolderRegistryTest.testSubfolderUserCanEditSubfolderSequence(CrossFolderRegistryTest.java:584)
Yep, I noticed that. Not sure if it's returning a different status code now or what. |
I just ran it locally. It is getting a 200 response now. The normal "Stop Impersonating" button (which hits the same action), still returns a 302. |
Yes, I believe the button causes JavaScript to do a window.location.replace() to redirect. The server is now responding to the API call with that same HTML and 200. I haven't figured out why yet. |
Whatever is happening, it seems to be localized to the remote API. |
Just stepped through the client code and yes, that's exactly what's happening. Need to ask the HttpClient not to follow redirects or else accept 200 as success. |
| catch (URISyntaxException e) | ||
| { | ||
| throw new CommandException(e.getMessage()); | ||
| } |
There was a problem hiding this comment.
setParameters is declared as throwing URISyntaxException, why not just let this bubble up instead of wrapping in a CommandException?
Also, I would argue that Command._execute shouldn't wrap it in a CommandException either. Wrapping in an IllegalArgumentException seems more appropriate to me since the most likely cause of such an exception is somebody specifying bad query parameters or some such thing.
Although, I suppose, throwing unchecked exceptions from an API is probably bad practice.
There was a problem hiding this comment.
I was just following the existing pattern, which I agree is inconsistent. As I think I noted somewhere, I'm planning to merge the create URL and add parameters steps into a single method at some point. Will look at reconciling exception handling at that point. But I think this set of PRs is close enough and I need to move on...
…heck for success, not redirect.
|
@labkey-tchad as you may have seen, I just added a new |
| @@ -10,6 +10,6 @@ public class StopImpersonatingCommand extends PostCommand<CommandResponse> | |||
| { | |||
| public StopImpersonatingCommand() | |||
| { | |||
| super("login", "stopImpersonating.api"); | |||
| super("login", "stopImpersonatingApi.api"); | |||
There was a problem hiding this comment.
I'm not sure what advantage this has. It seems to just break backward compatibility.
|
Sorry for the delay... was distracted with moving yesterday. Thought is it's cleaner to have our libraries call API actions (more appropriate error and success handling, API-appropriate return values) and I wanted to avoid the pointless redirect. But I hear you on backward compatibility. New plan: I think I've figured out how to disable redirects for this specific Command and will revert to calling the non-API action. But I'll leave the API action in place (and fix the error case) so we can switch to it in the future, e.g., when it's been in the server for a couple years. |
|
...which of course means we're back to a 302 response from that Command :) |
I added |
…ards compatibility. Disable redirects just for this command. Connection.stopImpersonating()
Rationale
Latest
Related Pull Requests
SSLConnectionSocketFactorymust now be set on theConnectionManager, not on eachHttpClientBuilder.Command.addParameters()).setCustomQuery()now requires an unescaped query string, which is not compatible with tricky characters (e.g., "&" in a schema name).