From aea0c9bc0ada57460e8c6e4704a597c214648fe4 Mon Sep 17 00:00:00 2001 From: Ryan Schmitt Date: Fri, 23 Jan 2026 15:16:01 -0800 Subject: [PATCH] [HTTPCLIENT-2381] Respect system properties by default The practical effect of this change is that default JVM configuration for key stores (for mutual TLS) and proxy selection will be respected by default. This change has two goals. First, applications and libraries built on the client will work with proxies much more reliably, since their authors no longer need to opt in to a non-default setting in order for things like proxies to be configurable in the usual manner (i.e. without code changes). Second, this change, along with the change in 5.6 to make `BUILTIN` the default `HostnameVerificationPolicy`, makes the client's configuration philosophy fully consistent across all supported features. To wit: 1. HttpComponents _itself_ is always configured programmatically and does not directly read system properties to obtain config values. 2. For a given feature, the default behavior is to delegate to the JDK implementation. This implementation may support out-of-band configuration via system properties, static methods, the `java.security` file, system-wide OS configuration, etc. 3. This delegation behavior can be overridden by a programmatic config option, either to directly customize the JDK-supplied implementation or to supply an alternate implementation. This table shows what this philosophy looks like concretely across various features: | Feature | Default JDK behavior | Example JDK config property | Override strategy | | --------------------- | ---------------------------------------------- | --------------------------- | ------------------------------------------------------------------------------- | | Trust store | Load from OS | `javax.net.ssl.trustStore` | Set a `TrustManager[]` | | Key store | Load nothing | `javax.net.ssl.keyStore` | Set a `KeyManager[]` | | Hostname verification | Run `HostnameChecker` from `sun.security.util` | None | Set a `HostnameVerifier` and `HostnameVerificationPolicy` | | Proxy config | Use system properties or load from OS | `java.net.useSystemProxies` | Set a `ProxySelector` or `HttpRoutePlanner` | | Client cipher suites | Send all supported cipher suites | `java.security.properties` | Set an `SSLContext` | | IP family selection | Prefer IPv6 | `java.net.preferIPv4Stack` | Set a `DetachedSocketFactory` or `DnsResolver`, call `setUnixDomainSocket`, etc | | DNS resolution | Use built-in resolver | `networkaddress.cache.ttl` | Set a `DnsResolver` | See also the previous discussion at: https://github.com/apache/httpcomponents-client/pull/773 --- .../hc/client5/http/fluent/Executor.java | 4 -- .../hc/client5/http/sse/SseExecutor.java | 2 - .../http/sse/example/ClientSseExample.java | 2 - .../http/sse/example/ClientSseH2Example.java | 2 - .../http/sse/example/SsePerfClient.java | 2 - .../example/performance/SsePerfClient.java | 2 - .../http/impl/async/H2AsyncClientBuilder.java | 20 ++------ .../impl/async/HttpAsyncClientBuilder.java | 39 +++------------ .../http/impl/async/HttpAsyncClients.java | 13 +++-- .../http/impl/classic/HttpClientBuilder.java | 43 +++------------- .../http/impl/classic/HttpClients.java | 7 +-- ...ingHttpClientConnectionManagerBuilder.java | 34 ++----------- ...ngAsyncClientConnectionManagerBuilder.java | 39 ++------------- .../http/ssl/ClientTlsStrategyBuilder.java | 34 ++----------- .../http/ssl/ConscryptClientTlsStrategy.java | 9 +--- .../http/ssl/DefaultClientTlsStrategy.java | 13 ++--- .../http/ssl/SSLConnectionSocketFactory.java | 19 +++---- .../SSLConnectionSocketFactoryBuilder.java | 50 ++----------------- .../client5/http/examples/AsyncClientSNI.java | 2 +- .../http/examples/ClientConfiguration.java | 2 +- .../hc/client5/http/examples/ClientSNI.java | 2 +- .../examples/ClientSpkiPinningExample.java | 2 +- 22 files changed, 63 insertions(+), 279 deletions(-) diff --git a/httpclient5-fluent/src/main/java/org/apache/hc/client5/http/fluent/Executor.java b/httpclient5-fluent/src/main/java/org/apache/hc/client5/http/fluent/Executor.java index 7527ae7070..a1adb84a92 100644 --- a/httpclient5-fluent/src/main/java/org/apache/hc/client5/http/fluent/Executor.java +++ b/httpclient5-fluent/src/main/java/org/apache/hc/client5/http/fluent/Executor.java @@ -77,14 +77,12 @@ static CloseableHttpClient GET_CLASSIC_CLIENT() { if (CLIENT == null) { CLIENT = HttpClientBuilder.create() .setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create() - .useSystemProperties() .setMaxConnPerRoute(100) .setMaxConnTotal(200) .setDefaultConnectionConfig(ConnectionConfig.custom() .setValidateAfterInactivity(TimeValue.ofSeconds(10)) .build()) .build()) - .useSystemProperties() .evictExpiredConnections() .evictIdleConnections(TimeValue.ofMinutes(1)) .build(); @@ -105,7 +103,6 @@ static CloseableHttpClient GET_ASYNC_CLIENT() { if (ASYNC_CLIENT == null) { ASYNC_CLIENT = new ClassicToAsyncAdaptor(HttpAsyncClientBuilder.create() .setConnectionManager(PoolingAsyncClientConnectionManagerBuilder.create() - .useSystemProperties() .setMaxConnPerRoute(100) .setMaxConnTotal(200) .setMessageMultiplexing(true) @@ -113,7 +110,6 @@ static CloseableHttpClient GET_ASYNC_CLIENT() { .setValidateAfterInactivity(TimeValue.ofSeconds(10)) .build()) .build()) - .useSystemProperties() .evictExpiredConnections() .evictIdleConnections(TimeValue.ofMinutes(1)) .build(), Timeout.ofMinutes(5)); diff --git a/httpclient5-sse/src/main/java/org/apache/hc/client5/http/sse/SseExecutor.java b/httpclient5-sse/src/main/java/org/apache/hc/client5/http/sse/SseExecutor.java index c9d92dc470..77c018ecd8 100644 --- a/httpclient5-sse/src/main/java/org/apache/hc/client5/http/sse/SseExecutor.java +++ b/httpclient5-sse/src/main/java/org/apache/hc/client5/http/sse/SseExecutor.java @@ -103,12 +103,10 @@ static CloseableHttpAsyncClient getSharedClient() { if (c == null) { c = HttpAsyncClientBuilder.create() .setConnectionManager(PoolingAsyncClientConnectionManagerBuilder.create() - .useSystemProperties() .setMaxConnPerRoute(100) .setMaxConnTotal(200) .setMessageMultiplexing(true) .build()) - .useSystemProperties() .evictExpiredConnections() .evictIdleConnections(TimeValue.ofMinutes(1)) .build(); diff --git a/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/ClientSseExample.java b/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/ClientSseExample.java index 249511bc0f..be75924e54 100644 --- a/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/ClientSseExample.java +++ b/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/ClientSseExample.java @@ -67,7 +67,6 @@ public static void main(final String[] args) throws Exception { final PoolingAsyncClientConnectionManager connMgr = PoolingAsyncClientConnectionManagerBuilder.create() - .useSystemProperties() .setMessageMultiplexing(true) // HTTP/2 stream multiplexing .setMaxConnPerRoute(32) .setMaxConnTotal(256) @@ -84,7 +83,6 @@ public static void main(final String[] args) throws Exception { .setPushEnabled(false) .setMaxConcurrentStreams(256) .build()) - .useSystemProperties() .evictExpiredConnections() .evictIdleConnections(TimeValue.ofMinutes(1)) .build(); diff --git a/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/ClientSseH2Example.java b/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/ClientSseH2Example.java index f76edac86a..6971e998cf 100644 --- a/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/ClientSseH2Example.java +++ b/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/ClientSseH2Example.java @@ -145,7 +145,6 @@ public static void main(final String[] args) throws Exception { final PoolingAsyncClientConnectionManager connMgr = PoolingAsyncClientConnectionManagerBuilder.create() - .useSystemProperties() .setMessageMultiplexing(true) .setMaxConnPerRoute(1) .setMaxConnTotal(4) @@ -161,7 +160,6 @@ public static void main(final String[] args) throws Exception { .setPushEnabled(false) .setMaxConcurrentStreams(Math.max(64, streamCount * 8)) .build()) - .useSystemProperties() .evictExpiredConnections() .evictIdleConnections(TimeValue.ofMinutes(1)) .build(); diff --git a/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/SsePerfClient.java b/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/SsePerfClient.java index ff5c8642df..54ec3140c5 100644 --- a/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/SsePerfClient.java +++ b/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/SsePerfClient.java @@ -107,7 +107,6 @@ public static void main(final String[] args) throws Exception { final PoolingAsyncClientConnectionManager connMgr = PoolingAsyncClientConnectionManagerBuilder.create() - .useSystemProperties() .setMessageMultiplexing(true) .setMaxConnPerRoute(16) .setMaxConnTotal(16) @@ -123,7 +122,6 @@ public static void main(final String[] args) throws Exception { .setPushEnabled(false) .setMaxConcurrentStreams(Math.max(64, streams * 4)) .build()) - .useSystemProperties() .evictExpiredConnections() .evictIdleConnections(TimeValue.ofMinutes(1)) .build(); diff --git a/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/performance/SsePerfClient.java b/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/performance/SsePerfClient.java index 983aaee251..38249f8451 100644 --- a/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/performance/SsePerfClient.java +++ b/httpclient5-sse/src/test/java/org/apache/hc/client5/http/sse/example/performance/SsePerfClient.java @@ -90,7 +90,6 @@ public static void main(final String[] args) throws Exception { final PoolingAsyncClientConnectionManager connMgr = PoolingAsyncClientConnectionManagerBuilder.create() - .useSystemProperties() .setMessageMultiplexing(true) // enable H2 multiplexing if negotiated .setMaxConnPerRoute(Math.max(64, connections)) .setMaxConnTotal(Math.max(128, connections)) @@ -107,7 +106,6 @@ public static void main(final String[] args) throws Exception { .setPushEnabled(false) .setMaxConcurrentStreams(512) .build()) - .useSystemProperties() .evictExpiredConnections() .evictIdleConnections(TimeValue.ofMinutes(1)) .build(); diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/H2AsyncClientBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/H2AsyncClientBuilder.java index d280997901..74648da764 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/H2AsyncClientBuilder.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/H2AsyncClientBuilder.java @@ -55,7 +55,6 @@ import org.apache.hc.client5.http.impl.DefaultHttpRequestRetryStrategy; import org.apache.hc.client5.http.impl.DefaultRedirectStrategy; import org.apache.hc.client5.http.impl.DefaultSchemePortResolver; -import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; import org.apache.hc.client5.http.impl.auth.BasicSchemeFactory; import org.apache.hc.client5.http.impl.auth.BearerSchemeFactory; import org.apache.hc.client5.http.impl.auth.DigestSchemeFactory; @@ -201,7 +200,6 @@ private ExecInterceptorEntry( private boolean evictIdleConnections; private TimeValue maxIdleTime; - private boolean systemProperties; private boolean automaticRetriesDisabled; private boolean redirectHandlingDisabled; private boolean cookieManagementDisabled; @@ -669,13 +667,13 @@ public final H2AsyncClientBuilder setDefaultConnectionConfig(final ConnectionCon } /** - * Use system properties when creating and configuring default - * implementations. + * Ignored. * + * @deprecated This method is now redundant and calls to it can be removed. * @return this instance. */ + @Deprecated public final H2AsyncClientBuilder useSystemProperties() { - this.systemProperties = true; return this; } @@ -964,20 +962,12 @@ public CloseableHttpAsyncClient build() { CredentialsProvider credentialsProviderCopy = this.credentialsProvider; if (credentialsProviderCopy == null) { - if (systemProperties) { - credentialsProviderCopy = new SystemDefaultCredentialsProvider(); - } else { - credentialsProviderCopy = new BasicCredentialsProvider(); - } + credentialsProviderCopy = new SystemDefaultCredentialsProvider(); } TlsStrategy tlsStrategyCopy = this.tlsStrategy; if (tlsStrategyCopy == null) { - if (systemProperties) { - tlsStrategyCopy = DefaultClientTlsStrategy.createSystemDefault(); - } else { - tlsStrategyCopy = DefaultClientTlsStrategy.createDefault(); - } + tlsStrategyCopy = DefaultClientTlsStrategy.createDefault(); } final MultihomeConnectionInitiator connectionInitiator = new MultihomeConnectionInitiator(ioReactor, dnsResolver); diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java index 1f68dedc99..18921219a7 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java @@ -65,7 +65,6 @@ import org.apache.hc.client5.http.impl.DefaultUserTokenHandler; import org.apache.hc.client5.http.impl.IdleConnectionEvictor; import org.apache.hc.client5.http.impl.NoopUserTokenHandler; -import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; import org.apache.hc.client5.http.impl.auth.BasicSchemeFactory; import org.apache.hc.client5.http.impl.auth.BearerSchemeFactory; import org.apache.hc.client5.http.impl.auth.DigestSchemeFactory; @@ -73,7 +72,6 @@ import org.apache.hc.client5.http.impl.auth.SystemDefaultCredentialsProvider; import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; import org.apache.hc.client5.http.impl.routing.DefaultProxyRoutePlanner; -import org.apache.hc.client5.http.impl.routing.DefaultRoutePlanner; import org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner; import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; import org.apache.hc.client5.http.protocol.H2RequestPriority; @@ -137,20 +135,6 @@ * separate connections leased from the connection pool. *

*

- * When a particular component is not explicitly set this class will - * use its default implementation. System properties will be taken - * into account when configuring the default implementations when - * {@link #useSystemProperties()} method is called prior to calling - * {@link #build()}. - *

- * - *

* Please note that some settings used by this class can be mutually * exclusive and may not apply when building {@link CloseableHttpAsyncClient} * instances. @@ -252,7 +236,6 @@ private ExecInterceptorEntry( private boolean evictIdleConnections; private TimeValue maxIdleTime; - private boolean systemProperties; private boolean automaticRetriesDisabled; private boolean redirectHandlingDisabled; private boolean cookieManagementDisabled; @@ -776,13 +759,13 @@ public final HttpAsyncClientBuilder setDefaultRequestConfig(final RequestConfig } /** - * Use system properties when creating and configuring default - * implementations. + * Ignored. * + * @deprecated This method is now redundant and calls to it can be removed. * @return this instance. */ + @Deprecated public final HttpAsyncClientBuilder useSystemProperties() { - this.systemProperties = true; return this; } @@ -1010,11 +993,7 @@ public AsyncClientConnectionManager getConnManager() { public CloseableHttpAsyncClient build() { AsyncClientConnectionManager connManagerCopy = this.connManager; if (connManagerCopy == null) { - final PoolingAsyncClientConnectionManagerBuilder connectionManagerBuilder = PoolingAsyncClientConnectionManagerBuilder.create(); - if (systemProperties) { - connectionManagerBuilder.useSystemProperties(); - } - connManagerCopy = connectionManagerBuilder.build(); + connManagerCopy = PoolingAsyncClientConnectionManagerBuilder.create().build(); } ConnectionKeepAliveStrategy keepAliveStrategyCopy = this.keepAliveStrategy; @@ -1166,11 +1145,9 @@ public CloseableHttpAsyncClient build() { routePlannerCopy = new DefaultProxyRoutePlanner(proxy, schemePortResolverCopy); } else if (this.proxySelector != null) { routePlannerCopy = new SystemDefaultRoutePlanner(schemePortResolverCopy, this.proxySelector); - } else if (systemProperties) { + } else { final ProxySelector defaultProxySelector = ProxySelector.getDefault(); routePlannerCopy = new SystemDefaultRoutePlanner(schemePortResolverCopy, defaultProxySelector); - } else { - routePlannerCopy = new DefaultRoutePlanner(schemePortResolverCopy); } } @@ -1276,11 +1253,7 @@ public CloseableHttpAsyncClient build() { CredentialsProvider credentialsProviderCopy = this.credentialsProvider; if (credentialsProviderCopy == null) { - if (systemProperties) { - credentialsProviderCopy = new SystemDefaultCredentialsProvider(); - } else { - credentialsProviderCopy = new BasicCredentialsProvider(); - } + credentialsProviderCopy = new SystemDefaultCredentialsProvider(); } return new InternalHttpAsyncClient( diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClients.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClients.java index 3ef487a8e6..7afd03ccf0 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClients.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClients.java @@ -89,9 +89,12 @@ public static CloseableHttpAsyncClient createDefault() { /** * Creates {@link CloseableHttpAsyncClient} instance with default * configuration and system properties. + * + * @deprecated This is now a synonym for {@link #createDefault}; call that instead. */ + @Deprecated public static CloseableHttpAsyncClient createSystem() { - return HttpAsyncClientBuilder.create().useSystemProperties().build(); + return createDefault(); } /** @@ -112,11 +115,13 @@ public static CloseableHttpAsyncClient createHttp2Default() { } /** - * Creates HTTP/2 {@link CloseableHttpAsyncClient} instance with default configuration and - * system properties optimized for HTTP/2 protocol and message multiplexing. + * Creates HTTP/2 {@link CloseableHttpAsyncClient} instance with default configuration. + * + * @deprecated This is now a synonym for {@link #createHttp2Default}; call that instead. */ + @Deprecated public static CloseableHttpAsyncClient createHttp2System() { - return H2AsyncClientBuilder.create().useSystemProperties().build(); + return createHttp2Default(); } private static HttpProcessor createMinimalProtocolProcessor() { diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClientBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClientBuilder.java index d7c4a53ac3..6639349323 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClientBuilder.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClientBuilder.java @@ -67,7 +67,6 @@ import org.apache.hc.client5.http.impl.DefaultUserTokenHandler; import org.apache.hc.client5.http.impl.IdleConnectionEvictor; import org.apache.hc.client5.http.impl.NoopUserTokenHandler; -import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; import org.apache.hc.client5.http.impl.auth.BasicSchemeFactory; import org.apache.hc.client5.http.impl.auth.BearerSchemeFactory; import org.apache.hc.client5.http.impl.auth.DigestSchemeFactory; @@ -75,7 +74,6 @@ import org.apache.hc.client5.http.impl.auth.SystemDefaultCredentialsProvider; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; import org.apache.hc.client5.http.impl.routing.DefaultProxyRoutePlanner; -import org.apache.hc.client5.http.impl.routing.DefaultRoutePlanner; import org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner; import org.apache.hc.client5.http.io.HttpClientConnectionManager; import org.apache.hc.client5.http.protocol.HttpClientContext; @@ -117,24 +115,6 @@ /** * Builder for {@link CloseableHttpClient} instances. *

- * When a particular component is not explicitly set this class will - * use its default implementation. System properties will be taken - * into account when configuring the default implementations when - * {@link #useSystemProperties()} method is called prior to calling - * {@link #build()}. - *

- * - *

* Please note that some settings used by this class can be mutually * exclusive and may not apply when building {@link CloseableHttpClient} * instances. @@ -225,7 +205,6 @@ private ExecInterceptorEntry( private boolean evictIdleConnections; private TimeValue maxIdleTime; - private boolean systemProperties; private boolean redirectHandlingDisabled; private boolean automaticRetriesDisabled; private boolean contentCompressionDisabled; @@ -732,13 +711,13 @@ public final HttpClientBuilder setDefaultRequestConfig(final RequestConfig confi } /** - * Use system properties when creating and configuring default - * implementations. + * Ignored. * + * @deprecated This method is now redundant and calls to it can be removed. * @return this instance. */ + @Deprecated public final HttpClientBuilder useSystemProperties() { - this.systemProperties = true; return this; } @@ -882,11 +861,7 @@ public CloseableHttpClient build() { } HttpClientConnectionManager connManagerCopy = this.connManager; if (connManagerCopy == null) { - final PoolingHttpClientConnectionManagerBuilder connectionManagerBuilder = PoolingHttpClientConnectionManagerBuilder.create(); - if (systemProperties) { - connectionManagerBuilder.useSystemProperties(); - } - connManagerCopy = connectionManagerBuilder.build(); + connManagerCopy = PoolingHttpClientConnectionManagerBuilder.create().build(); } ConnectionReuseStrategy reuseStrategyCopy = this.reuseStrategy; if (reuseStrategyCopy == null) { @@ -1039,11 +1014,9 @@ public CloseableHttpClient build() { routePlannerCopy = new DefaultProxyRoutePlanner(proxy, schemePortResolverCopy); } else if (this.proxySelector != null) { routePlannerCopy = new SystemDefaultRoutePlanner(schemePortResolverCopy, this.proxySelector); - } else if (systemProperties) { + } else { final ProxySelector defaultProxySelector = ProxySelector.getDefault(); routePlannerCopy = new SystemDefaultRoutePlanner(schemePortResolverCopy, defaultProxySelector); - } else { - routePlannerCopy = new DefaultRoutePlanner(schemePortResolverCopy); } } @@ -1118,11 +1091,7 @@ public CloseableHttpClient build() { CredentialsProvider defaultCredentialsProvider = this.credentialsProvider; if (defaultCredentialsProvider == null) { - if (systemProperties) { - defaultCredentialsProvider = new SystemDefaultCredentialsProvider(); - } else { - defaultCredentialsProvider = new BasicCredentialsProvider(); - } + defaultCredentialsProvider = new SystemDefaultCredentialsProvider(); } List closeablesCopy = closeables != null ? new ArrayList<>(closeables) : null; diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClients.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClients.java index 55ccb58309..d3807d3d06 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClients.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClients.java @@ -57,12 +57,9 @@ public static CloseableHttpClient createDefault() { return HttpClientBuilder.create().build(); } - /** - * Creates {@link CloseableHttpClient} instance with default - * configuration based on system properties. - */ + @Deprecated public static CloseableHttpClient createSystem() { - return HttpClientBuilder.create().useSystemProperties().build(); + return createDefault(); } /** diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/PoolingHttpClientConnectionManagerBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/PoolingHttpClientConnectionManagerBuilder.java index 2f39e9ddfe..651c14856c 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/PoolingHttpClientConnectionManagerBuilder.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/PoolingHttpClientConnectionManagerBuilder.java @@ -54,25 +54,6 @@ /** * Builder for {@link PoolingHttpClientConnectionManager} instances. - *

- * When a particular component is not explicitly set this class will - * use its default implementation. System properties will be taken - * into account when configuring the default implementations when - * {@link #useSystemProperties()} method is called prior to calling - * {@link #build()}. - *

- * * * @since 5.0 */ @@ -88,8 +69,6 @@ public class PoolingHttpClientConnectionManagerBuilder { private Resolver connectionConfigResolver; private Resolver tlsConfigResolver; - private boolean systemProperties; - private int maxConnTotal; private int maxConnPerRoute; @@ -311,13 +290,12 @@ public final PoolingHttpClientConnectionManagerBuilder setValidateAfterInactivit } /** - * Use system properties when creating and configuring default - * implementations. + * Ignored. * - * @return this instance. + * @deprecated This method is now redundant and calls to it can be removed. */ + @Deprecated public final PoolingHttpClientConnectionManagerBuilder useSystemProperties() { - this.systemProperties = true; return this; } @@ -358,11 +336,7 @@ public PoolingHttpClientConnectionManager build() { if (tlsSocketStrategy != null) { tlsSocketStrategyCopy = tlsSocketStrategy; } else { - if (systemProperties) { - tlsSocketStrategyCopy = DefaultClientTlsStrategy.createSystemDefault(); - } else { - tlsSocketStrategyCopy = DefaultClientTlsStrategy.createDefault(); - } + tlsSocketStrategyCopy = DefaultClientTlsStrategy.createDefault(); } final PoolingHttpClientConnectionManager poolingmgr = new PoolingHttpClientConnectionManager( diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/PoolingAsyncClientConnectionManagerBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/PoolingAsyncClientConnectionManagerBuilder.java index e899071003..b879395911 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/PoolingAsyncClientConnectionManagerBuilder.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/PoolingAsyncClientConnectionManagerBuilder.java @@ -50,25 +50,6 @@ /** * Builder for {@link PoolingAsyncClientConnectionManager} instances. - *

- * When a particular component is not explicitly set this class will - * use its default implementation. System properties will be taken - * into account when configuring the default implementations when - * {@link #useSystemProperties()} method is called prior to calling - * {@link #build()}. - *

- *
    - *
  • ssl.TrustManagerFactory.algorithm
    • - *
  • javax.net.ssl.trustStoreType
    • - *
  • javax.net.ssl.trustStore
    • - *
  • javax.net.ssl.trustStoreProvider
    • - *
  • javax.net.ssl.trustStorePassword
    • - *
  • ssl.KeyManagerFactory.algorithm
    • - *
  • javax.net.ssl.keyStoreType
    • - *
  • javax.net.ssl.keyStore
    • - *
  • javax.net.ssl.keyStoreProvider
    • - *
  • javax.net.ssl.keyStorePassword
    • - *
* * @since 5.0 */ @@ -80,8 +61,6 @@ public class PoolingAsyncClientConnectionManagerBuilder { private PoolConcurrencyPolicy poolConcurrencyPolicy; private PoolReusePolicy poolReusePolicy; - private boolean systemProperties; - private int maxConnTotal; private int maxConnPerRoute; @@ -259,13 +238,13 @@ public final PoolingAsyncClientConnectionManagerBuilder setValidateAfterInactivi } /** - * Use system properties when creating and configuring default - * implementations. + * Ignored. * + * @deprecated This method is now redundant and calls to it can be removed. * @return this instance. */ + @Deprecated public final PoolingAsyncClientConnectionManagerBuilder useSystemProperties() { - this.systemProperties = true; return this; } @@ -306,17 +285,9 @@ public PoolingAsyncClientConnectionManager build() { tlsStrategyCopy = tlsStrategy; } else { if (ReflectionUtils.determineJRELevel() <= 8 && ConscryptClientTlsStrategy.isSupported()) { - if (systemProperties) { - tlsStrategyCopy = ConscryptClientTlsStrategy.getSystemDefault(); - } else { - tlsStrategyCopy = ConscryptClientTlsStrategy.getDefault(); - } + tlsStrategyCopy = ConscryptClientTlsStrategy.getDefault(); } else { - if (systemProperties) { - tlsStrategyCopy = DefaultClientTlsStrategy.createSystemDefault(); - } else { - tlsStrategyCopy = DefaultClientTlsStrategy.createDefault(); - } + tlsStrategyCopy = DefaultClientTlsStrategy.createDefault(); } } final PoolingAsyncClientConnectionManager poolingmgr = new PoolingAsyncClientConnectionManager( diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java index 12e254a929..7be7dd6938 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java @@ -40,25 +40,6 @@ /** * Builder for client TLS strategy instances. - *

- * When a particular component is not explicitly set this class will - * use its default implementation. System properties will be taken - * into account when configuring the default implementations when - * {@link #useSystemProperties()} method is called prior to calling - * {@link #buildAsync()} or {@link #buildClassic()}. - *

- *
    - *
  • ssl.TrustManagerFactory.algorithm
    • - *
  • javax.net.ssl.trustStoreType
    • - *
  • javax.net.ssl.trustStore
    • - *
  • javax.net.ssl.trustStoreProvider
    • - *
  • javax.net.ssl.trustStorePassword
    • - *
  • ssl.KeyManagerFactory.algorithm
    • - *
  • javax.net.ssl.keyStoreType
    • - *
  • javax.net.ssl.keyStore
    • - *
  • javax.net.ssl.keyStoreProvider
    • - *
  • javax.net.ssl.keyStorePassword
    • - *
* * @since 5.0 */ @@ -74,7 +55,6 @@ public static ClientTlsStrategyBuilder create() { private SSLBufferMode sslBufferMode; private HostnameVerificationPolicy hostnameVerificationPolicy; private HostnameVerifier hostnameVerifier; - private boolean systemProperties; /** * Sets {@link SSLContext} instance. @@ -171,13 +151,12 @@ public ClientTlsStrategyBuilder setTlsDetailsFactory(final Factory - * Java™ Secure Socket Extension (JSSE) Reference Guide. + * Obtains default SSL socket factory with an SSL context based on the standard JSSE + * trust material. * - * @return default system SSL socket factory + * @deprecated This method is now a synonym for {@link #getSocketFactory()}; call that instead. + * @return default SSL socket factory */ + @Deprecated public static SSLConnectionSocketFactory getSystemSocketFactory() throws SSLInitializationException { - return new SSLConnectionSocketFactory( - (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(), - HttpsSupport.getSystemProtocols(), - HttpsSupport.getSystemCipherSuits(), - HttpsSupport.getDefaultHostnameVerifier()); + return getSocketFactory(); } static boolean isWeakCipherSuite(final String cipherSuite) { diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactoryBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactoryBuilder.java index 12bb90b307..47d276d282 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactoryBuilder.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactoryBuilder.java @@ -35,27 +35,6 @@ /** * Builder for {@link SSLConnectionSocketFactory} instances. - *

- * When a particular component is not explicitly set this class will - * use its default implementation. System properties will be taken - * into account when configuring the default implementations when - * {@link #useSystemProperties()} method is called prior to calling - * {@link #build()}. - *

- *
    - *
  • ssl.TrustManagerFactory.algorithm
    • - *
  • javax.net.ssl.trustStoreType
    • - *
  • javax.net.ssl.trustStore
    • - *
  • javax.net.ssl.trustStoreProvider
    • - *
  • javax.net.ssl.trustStorePassword
    • - *
  • ssl.KeyManagerFactory.algorithm
    • - *
  • javax.net.ssl.keyStoreType
    • - *
  • javax.net.ssl.keyStore
    • - *
  • javax.net.ssl.keyStoreProvider
    • - *
  • javax.net.ssl.keyStorePassword
    • - *
  • https.protocols
    • - *
  • https.cipherSuites
    • - *
* * @deprecated Use {@link DefaultClientTlsStrategy} */ @@ -70,7 +49,6 @@ public static SSLConnectionSocketFactoryBuilder create() { private String[] tlsVersions; private String[] ciphers; private HostnameVerifier hostnameVerifier; - private boolean systemProperties; /** * Sets {@link SSLContext} instance. @@ -127,13 +105,9 @@ public SSLConnectionSocketFactoryBuilder setHostnameVerifier(final HostnameVerif } /** - * Use system properties when creating and configuring default - * implementations. - * - * @return this instance. + * Ignored. */ public final SSLConnectionSocketFactoryBuilder useSystemProperties() { - this.systemProperties = true; return this; } @@ -142,28 +116,12 @@ public SSLConnectionSocketFactory build() { if (sslContext != null) { socketFactory = sslContext.getSocketFactory(); } else { - if (systemProperties) { - socketFactory = (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(); - } else { - socketFactory = SSLContexts.createDefault().getSocketFactory(); - } - } - final String[] tlsVersionsCopy; - if (tlsVersions != null) { - tlsVersionsCopy = tlsVersions; - } else { - tlsVersionsCopy = systemProperties ? HttpsSupport.getSystemProtocols() : null; - } - final String[] ciphersCopy; - if (ciphers != null) { - ciphersCopy = ciphers; - } else { - ciphersCopy = systemProperties ? HttpsSupport.getSystemCipherSuits() : null; + socketFactory = SSLContexts.createDefault().getSocketFactory(); } return new SSLConnectionSocketFactory( socketFactory, - tlsVersionsCopy, - ciphersCopy, + tlsVersions, + ciphers, hostnameVerifier != null ? hostnameVerifier : HttpsSupport.getDefaultHostnameVerifier()); } diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientSNI.java b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientSNI.java index 9b38baa82c..1176047b79 100644 --- a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientSNI.java +++ b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientSNI.java @@ -51,7 +51,7 @@ public class AsyncClientSNI { public static void main(final String[] args) throws Exception { - try (final CloseableHttpAsyncClient client = HttpAsyncClients.createSystem()) { + try (final CloseableHttpAsyncClient client = HttpAsyncClients.createDefault()) { client.start(); diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientConfiguration.java b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientConfiguration.java index a9acf0098d..80275b66eb 100644 --- a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientConfiguration.java +++ b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientConfiguration.java @@ -147,7 +147,7 @@ public Header parseHeader(final CharArrayBuffer buffer) { // SSL context for secure connections can be created either based on // system or application specific properties. - final SSLContext sslContext = SSLContexts.createSystemDefault(); + final SSLContext sslContext = SSLContexts.createDefault(); // Create a registry of custom connection socket factories for supported // protocol schemes. diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientSNI.java b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientSNI.java index 17736e884e..3fecb58b59 100644 --- a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientSNI.java +++ b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientSNI.java @@ -44,7 +44,7 @@ public class ClientSNI { public final static void main(final String[] args) throws Exception { - try (CloseableHttpClient httpclient = HttpClients.createSystem()) { + try (CloseableHttpClient httpclient = HttpClients.createDefault()) { final HttpHost target = new HttpHost("https", "www.google.com"); final HttpGet httpget = new HttpGet("https://www.google.ch/"); diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientSpkiPinningExample.java b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientSpkiPinningExample.java index a05c4b2367..59a33de341 100644 --- a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientSpkiPinningExample.java +++ b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientSpkiPinningExample.java @@ -48,7 +48,7 @@ public class ClientSpkiPinningExample { public static void main(final String[] args) throws Exception { - final SSLContext sslContext = SSLContexts.createSystemDefault(); + final SSLContext sslContext = SSLContexts.createDefault(); final SpkiPinningClientTlsStrategy pinning = SpkiPinningClientTlsStrategy .newBuilder(sslContext)