bdemers commented on a change in pull request #259:
URL: https://github.com/apache/shiro/pull/259#discussion_r505687898
##########
File path:
samples/web/src/test/java/org/apache/shiro/test/WebAppContainerIntegrationIT.java
##########
@@ -31,14 +31,14 @@
import java.io.IOException;
import java.net.MalformedURLException;
-public class ContainerIntegrationIT extends AbstractContainerIT {
+public class WebAppContainerIntegrationIT extends AbstractContainerIT {
protected final WebClient webClient = new WebClient();
Review comment:
In my first pass through I did that :)
But the keystore is already available to the JVM, so the validation just
works. I do agree though, validating the TLS on the client side for the ITs
doesn't add additional value (for what we are testing).
My thought is, leave the default config when possible, and enable proper
validation in the test clients when it's easy, and then disable it when it's
not (with a big warning about NOT doing this in production, etc)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
