New transport: apache5x#742
Conversation
That is using ASF httpclient5x (5.5 currently).
|
Current status: |
|
This also raises following question about Maven core:
|
|
@michael-o can you take a peek please? Also, I copied "apache" transport that was written in very specific way (ie globally shared state etc), that may not be needed (or will not work anymore) for httpclient 5.5.x... |
Will do tomorrow |
|
Migrating to 5.5.x "classic" API is IMO completely enough, unless you think we should do something else. |
| <dependency> | ||
| <groupId>org.apache.httpcomponents.core5</groupId> | ||
| <artifactId>httpcore5-h2</artifactId> | ||
| <version>5.3.4</version> |
|
|
||
| <artifactId>maven-resolver-transport-apache5x</artifactId> | ||
|
|
||
| <name>Maven Artifact Resolver Transport Apache 5.x</name> |
There was a problem hiding this comment.
That is a bad name. Apache is, unfortunately, used synonymously for Apache HTTPd. Use the full name.
| <artifactId>maven-resolver-transport-apache</artifactId> | ||
|
|
||
| <name>Maven Artifact Resolver Transport Apache</name> | ||
| <name>Maven Artifact Resolver Transport Apache 4.x</name> |
| <version>2.0.10-SNAPSHOT</version> | ||
| </parent> | ||
|
|
||
| <artifactId>maven-resolver-transport-apache5x</artifactId> |
| | `"aether.transport.apache.retryHandler.name"` | `String` | The name of retryHandler, supported values are “standard”, that obeys RFC-2616, regarding idempotent methods, and “default” that considers requests w/o payload as idempotent. | `"standard"` | 2.0.0 | Yes | Session Configuration | | ||
| | `"aether.transport.apache.retryHandler.requestSentEnabled"` | `Boolean` | Set to true if it is acceptable to retry non-idempotent requests, that have been sent. | `false` | 2.0.0 | Yes | Session Configuration | | ||
| | `"aether.transport.apache.useSystemProperties"` | `Boolean` | If enabled, underlying Apache HttpClient will use system properties as well to configure itself (typically used to set up HTTP Proxy via Java system properties). See HttpClientBuilder for used properties. This mode is not recommended, better use documented ways of configuration instead. | `false` | 2.0.0 | Yes | Session Configuration | | ||
| | `"aether.transport.apache5x.followRedirects"` | `Boolean` | If enabled, Apache HttpClient will follow HTTP redirects. | `true` | 2.0.10 | Yes | Session Configuration | |
There was a problem hiding this comment.
Why x actually? Isn't 5 enough?
|
|
||
|
|
||
| <site xmlns="http://maven.apache.org/SITE/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://maven.apache.org/SITE/2.0.0 https://maven.apache.org/xsd/site-2.0.0.xsd" name="Transport Apache"> |
| } | ||
| return false; | ||
| } | ||
| } |
There was a problem hiding this comment.
The client package or even core might include UriUtils. Did you check?
| } | ||
| } | ||
|
|
||
| public Boolean getWebDav() { |
| */ | ||
| @Named(ApacheTransporterFactory.NAME) | ||
| public final class ApacheTransporterFactory implements HttpTransporterFactory { | ||
| public static final String NAME = "apache5x"; |
|
@arturobernalg @ok2c @garydgregory: Please have a look. |
@michael-o Sure. I will do a pass |
|
This was a misunderstanding. This PR is not "done-done". I asked @michael-o to "take over", if possible. |
Unfortuntely, my exprience with 5.x is basically zero. I do even maintain 4.x based client code at work. I'll be of very little help here. |
gnodet
left a comment
There was a problem hiding this comment.
AI-Assisted Review — PR #742 (New transport: apache5x)
Thanks for tackling the HC 4.x → 5.x transport migration — this is a substantial and important piece of work (22 files, new module). The overall structure is clean, and the approach of creating a separate maven-resolver-transport-apache5x module rather than modifying the existing transport in-place is a sound strategy that allows both to coexist during the transition.
Verified findings
1. NPE on null password in HC 5.x migration (Bug — new in this PR)
In DeferredCredentialsProvider.BasicFactory.newCredentials(), password can be null when AuthenticationContext.get(AuthenticationContext.PASSWORD) returns null. The code calls password.toCharArray() without a null check. The old HC 4.x UsernamePasswordCredentials(String, String) accepted null passwords, but HC 5.x requires char[]:
// Current code — NPE when password is null:
new UsernamePasswordCredentials(username, password.toCharArray())
// Suggested fix:
new UsernamePasswordCredentials(username, password != null ? password.toCharArray() : new char[0])2. Double status-code in error messages (Cosmetic — pre-existing)
ApacheRFC9457Reporter.getReasonPhrase() appends " (" + statusCode + ")" to the reason phrase, then handleStatus() appends it again, producing messages like "Not Found (404) (404)" for non-RFC 9457 responses. This is actually a pre-existing bug copied from the old transport (maven-resolver-transport-apache), so it's not a regression — but this migration is a good opportunity to fix it.
Noted (not issues)
- NTLM/SPNEGO/Kerberos not registered: The old transport registered these schemes, but HC 5.3+ officially deprecated NTLM (and GSS-based schemes) and disables them by default. Dropping them aligns with HC 5.x's direction. A brief comment in the code or release notes noting the intentional omission would be helpful for users who relied on NTLM.
- SharingAuthCache null handling: The
get()method's behavior of putting null into the HashMap is correctly handled —HashMap.get()returns null for both absent keys and null-valued entries, so subsequent calls correctly re-query the state.
Note: This is a draft PR with merge conflicts and an existing review. The above findings focus on the code correctness aspects.
🤖 This review was generated with AI assistance (reviewer + independent verifier pattern). Findings were independently verified before posting.
That is using ASF httpclient5x (5.5 currently). Took existing "apache" transport and migrated it to "classic" of 5.5 for now. Tests are not passing as I probably introduced some migration issues (or just overlooked something).
WIP