upgraded to Apache HTTP client 5.x

para-client/pom.xml

@@ -19,8 +19,13 @@
 		</dependency>
 
 		<dependency>
-			<groupId>org.apache.httpcomponents</groupId>
-			<artifactId>httpclient</artifactId>
+			<groupId>org.apache.httpcomponents.core5</groupId>
+			<artifactId>httpcore5</artifactId>
+			<version>${httpClientVer}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.httpcomponents.client5</groupId>
+			<artifactId>httpclient5</artifactId>
 			<version>${httpClientVer}</version>
 		</dependency>
 	</dependencies>

para-client/src/main/java/com/erudika/para/client/ParaClient.java

@@ -45,6 +45,7 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
 import javax.net.ssl.HostnameVerifier;
@@ -61,21 +62,24 @@
 import nl.altindag.ssl.SSLFactory;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpStatus;
-import org.apache.http.client.config.CookieSpecs;
-import org.apache.http.client.config.RequestConfig;
-import org.apache.http.client.methods.CloseableHttpResponse;
-import org.apache.http.client.methods.HttpDelete;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpPatch;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.methods.HttpPut;
-import org.apache.http.client.methods.HttpUriRequest;
-import org.apache.http.entity.ByteArrayEntity;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.util.EntityUtils;
+import org.apache.hc.client5.http.classic.methods.HttpDelete;
+import org.apache.hc.client5.http.classic.methods.HttpGet;
+import org.apache.hc.client5.http.classic.methods.HttpPatch;
+import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.classic.methods.HttpPut;
+import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
+import org.apache.hc.client5.http.config.RequestConfig;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
+import org.apache.hc.client5.http.io.HttpClientConnectionManager;
+import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
+import org.apache.hc.core5.http.ContentType;
+import org.apache.hc.core5.http.HttpEntity;
+import org.apache.hc.core5.http.HttpStatus;
+import org.apache.hc.core5.http.io.entity.ByteArrayEntity;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -140,14 +144,18 @@ public ParaClient(String accessKey, String secretKey) {
 		HostnameVerifier verifier = (sslFactory != null) ? sslFactory.getHostnameVerifier()
 				: HttpsURLConnection.getDefaultHostnameVerifier();
 
-		int timeout = 30 * 1000;
+		HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create().
+				setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create().
+						setHostnameVerifier(verifier).
+						setSslContext(sslContext).
+						build()).build();
+
+		int timeout = 30;
 		this.httpclient = HttpClientBuilder.create().
-				setSSLContext(sslContext).
-				setSSLHostnameVerifier(verifier).
+				setConnectionManager(cm).
 				setDefaultRequestConfig(RequestConfig.custom().
-						setConnectTimeout(timeout).
-						setConnectionRequestTimeout(timeout).
-						setCookieSpec(CookieSpecs.IGNORE_COOKIES).
+						setConnectTimeout(timeout, TimeUnit.SECONDS).
+						setConnectionRequestTimeout(timeout, TimeUnit.SECONDS).
 						build()).
 				build();
 	}
@@ -492,8 +500,8 @@ <T> T invokeSignedRequest(String accessKey, String secretKey,
 
 			try (CloseableHttpResponse resp = httpclient.execute(req)) {
 				HttpEntity respEntity = resp.getEntity();
-				int statusCode = resp.getStatusLine().getStatusCode();
-				String reason = resp.getStatusLine().getReasonPhrase();
+				int statusCode = resp.getCode();
+				String reason = resp.getReasonPhrase();
 				return readEntity(respEntity, returnType, statusCode, reason);
 			} catch (IOException ex) {
 				logger.error(null, ex);
@@ -543,19 +551,19 @@ private HttpUriRequest getHttpUriRequest(String uri, String method, byte[] jsonE
 			case "POST":
 				req = new HttpPost(uri);
 				if (jsonEntity != null) {
-					((HttpPost) req).setEntity(new ByteArrayEntity(jsonEntity));
+					((HttpPost) req).setEntity(new ByteArrayEntity(jsonEntity, ContentType.APPLICATION_JSON));
 				}
 				break;
 			case "PUT":
 				req = new HttpPut(uri);
 				if (jsonEntity != null) {
-					((HttpPut) req).setEntity(new ByteArrayEntity(jsonEntity));
+					((HttpPut) req).setEntity(new ByteArrayEntity(jsonEntity, ContentType.APPLICATION_JSON));
 				}
 				break;
 			case "PATCH":
 				req = new HttpPatch(uri);
 				if (jsonEntity != null) {
-					((HttpPatch) req).setEntity(new ByteArrayEntity(jsonEntity));
+					((HttpPatch) req).setEntity(new ByteArrayEntity(jsonEntity, ContentType.APPLICATION_JSON));
 				}
 				break;
 			case "DELETE":

para-server/pom.xml

@@ -224,11 +224,16 @@
 		<dependency>
 			<groupId>com.nimbusds</groupId>
 			<artifactId>nimbus-jose-jwt</artifactId>
-			<version>9.5</version>
+			<version>9.15.1</version>
 		</dependency>
 		<dependency>
-			<groupId>org.apache.httpcomponents</groupId>
-			<artifactId>httpclient</artifactId>
+			<groupId>org.apache.httpcomponents.core5</groupId>
+			<artifactId>httpcore5</artifactId>
+			<version>${httpClientVer}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.httpcomponents.client5</groupId>
+			<artifactId>httpclient5</artifactId>
 			<version>${httpClientVer}</version>
 		</dependency>
 

para-server/src/main/java/com/erudika/para/queue/River.java

@@ -35,17 +35,16 @@
 import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
+import javax.ws.rs.core.HttpHeaders;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.http.HttpHeaders;
-import org.apache.http.client.config.CookieSpecs;
-import org.apache.http.client.config.RequestConfig;
-import org.apache.http.client.methods.CloseableHttpResponse;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.NoConnectionReuseStrategy;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.config.RequestConfig;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
+import org.apache.hc.core5.http.io.entity.StringEntity;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -64,14 +63,11 @@ public abstract class River implements Runnable {
 	private static ConcurrentHashMap<String, Integer> pendingIds;
 
 	static {
-		int timeout = 10 * 1000;
+		int timeout = 10;
 		HTTP = HttpClientBuilder.create().
-				setConnectionReuseStrategy(new NoConnectionReuseStrategy()).
 				setDefaultRequestConfig(RequestConfig.custom().
-						setConnectTimeout(timeout).
-						setConnectionRequestTimeout(timeout).
-						setCookieSpec(CookieSpecs.STANDARD).
-						setSocketTimeout(timeout).
+						setConnectTimeout(timeout, TimeUnit.SECONDS).
+						setConnectionRequestTimeout(timeout, TimeUnit.SECONDS).
 						build()).
 				build();
 	}
@@ -196,17 +192,17 @@ protected int processWebhookPayload(String appid, String id, Map<String, Object>
 			postToTarget.setHeader("X-Para-Event", (String) parsed.get("event"));
 			if (urlEncoded) {
 				postToTarget.setEntity(new StringEntity("payload=".
-						concat(Utils.urlEncode((String) parsed.get("payload"))), "UTF-8"));
+						concat(Utils.urlEncode((String) parsed.get("payload")))));
 			} else {
-				postToTarget.setEntity(new StringEntity((String) parsed.get("payload"), "UTF-8"));
+				postToTarget.setEntity(new StringEntity((String) parsed.get("payload")));
 			}
 			boolean ok = false;
 			String status = "";
 			try (CloseableHttpResponse resp1 = HTTP.execute(postToTarget)) {
-				if (resp1 != null && Math.abs(resp1.getStatusLine().getStatusCode() - 200) > 10) {
-					status = resp1.getStatusLine().getReasonPhrase();
+				if (resp1 != null && Math.abs(resp1.getCode() - 200) > 10) {
+					status = resp1.getReasonPhrase();
 					logger.info("Webhook {} delivery failed! {} responded with code {} {} instead of 2xx.", id,
-							targetUrl, resp1.getStatusLine().getStatusCode(), resp1.getStatusLine().getReasonPhrase());
+							targetUrl, resp1.getCode(), resp1.getReasonPhrase());
 				} else {
 					logger.debug("Webhook {} delivered to {} successfully.", id, targetUrl);
 					ok = true;

para-server/src/main/java/com/erudika/para/security/filters/AmazonAuthFilter.java

@@ -30,21 +30,20 @@
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.HttpHeaders;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpHeaders;
-import org.apache.http.client.config.CookieSpecs;
-import org.apache.http.client.config.RequestConfig;
-import org.apache.http.client.methods.CloseableHttpResponse;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.NoConnectionReuseStrategy;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.util.EntityUtils;
+import org.apache.hc.client5.http.classic.methods.HttpGet;
+import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.config.RequestConfig;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
+import org.apache.hc.core5.http.HttpEntity;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
+import org.apache.hc.core5.http.io.entity.StringEntity;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
@@ -74,14 +73,11 @@ public class AmazonAuthFilter extends AbstractAuthenticationProcessingFilter {
 	public AmazonAuthFilter(final String defaultFilterProcessesUrl) {
 		super(defaultFilterProcessesUrl);
 		this.jreader = ParaObjectUtils.getJsonReader(Map.class);
-		int timeout = 30 * 1000;
+		int timeout = 30;
 		this.httpclient = HttpClientBuilder.create().
-				setConnectionReuseStrategy(new NoConnectionReuseStrategy()).
 				setDefaultRequestConfig(RequestConfig.custom().
-						setConnectTimeout(timeout).
-						setConnectionRequestTimeout(timeout).
-						setCookieSpec(CookieSpecs.STANDARD).
-						setSocketTimeout(timeout).
+						setConnectTimeout(timeout, TimeUnit.SECONDS).
+						setConnectionRequestTimeout(timeout, TimeUnit.SECONDS).
 						build()).
 				build();
 	}
@@ -111,20 +107,20 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
 				HttpPost tokenPost = new HttpPost(TOKEN_URL);
 				tokenPost.setHeader(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded");
 				tokenPost.setHeader(HttpHeaders.ACCEPT, "application/json");
-				tokenPost.setEntity(new StringEntity(entity, "UTF-8"));
+				tokenPost.setEntity(new StringEntity(entity));
 				try (CloseableHttpResponse resp1 = httpclient.execute(tokenPost)) {
 					if (resp1 != null && resp1.getEntity() != null) {
 						Map<String, Object> token = jreader.readValue(resp1.getEntity().getContent());
 						if (token != null && token.containsKey("access_token")) {
 							userAuth = getOrCreateUser(app, (String) token.get("access_token"));
 						} else {
 							logger.info("Authentication request failed with status '" +
-									resp1.getStatusLine().getReasonPhrase() + "' - " + token);
+									resp1.getReasonPhrase() + "' - " + token);
 						}
 						EntityUtils.consumeQuietly(resp1.getEntity());
 					} else {
 						logger.info("Authentication request failed with status '"
-								+ (resp1 != null ? resp1.getStatusLine().getReasonPhrase() : "null")
+								+ (resp1 != null ? resp1.getReasonPhrase() : "null")
 								+ "' and empty response body.");
 					}
 				}

para-server/src/main/java/com/erudika/para/security/filters/FacebookAuthFilter.java

@@ -30,19 +30,18 @@
 import com.fasterxml.jackson.databind.ObjectReader;
 import java.io.IOException;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.HttpHeaders;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpHeaders;
-import org.apache.http.client.config.CookieSpecs;
-import org.apache.http.client.config.RequestConfig;
-import org.apache.http.client.methods.CloseableHttpResponse;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.impl.NoConnectionReuseStrategy;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.util.EntityUtils;
+import org.apache.hc.client5.http.classic.methods.HttpGet;
+import org.apache.hc.client5.http.config.RequestConfig;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
+import org.apache.hc.core5.http.HttpEntity;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
@@ -71,14 +70,11 @@ public class FacebookAuthFilter extends AbstractAuthenticationProcessingFilter {
 	public FacebookAuthFilter(String defaultFilterProcessesUrl) {
 		super(defaultFilterProcessesUrl);
 		this.jreader = ParaObjectUtils.getJsonReader(Map.class);
-		int timeout = 30 * 1000;
+		int timeout = 30;
 		this.httpclient = HttpClientBuilder.create().
-				setConnectionReuseStrategy(new NoConnectionReuseStrategy()).
 				setDefaultRequestConfig(RequestConfig.custom().
-						setConnectTimeout(timeout).
-						setConnectionRequestTimeout(timeout).
-						setCookieSpec(CookieSpecs.STANDARD).
-						setSocketTimeout(timeout).
+						setConnectTimeout(timeout, TimeUnit.SECONDS).
+						setConnectionRequestTimeout(timeout, TimeUnit.SECONDS).
 						build()).
 				build();
 	}
@@ -113,7 +109,7 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
 						userAuth = getOrCreateUser(app, accessToken);
 					} else {
 						logger.info("Authentication request failed with status '"
-								+ resp1.getStatusLine().getReasonPhrase() + "' - " + token);
+								+ resp1.getReasonPhrase() + "' - " + token);
 					}
 				} catch (Exception e) {
 					logger.warn("Facebook auth request failed: GET " + url, e);