[GitHub] [httpcomponents-core] ok2c merged pull request #374: Bump mockito-core from 4.8.0 to 4.8.1

[GitBox]

ok2c merged PR #374:
URL: https://github.com/apache/httpcomponents-core/pull/374


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] dependabot[bot] opened a new pull request, #393: Bump ehcache-api from 3.10.2 to 3.10.3

[GitBox]

dependabot[bot] opened a new pull request, #393:
URL: https://github.com/apache/httpcomponents-client/pull/393

   Bumps [ehcache-api](https://github.com/ehcache/ehcache3) from 3.10.2 to 
3.10.3.
   
   Commits
   
   https://github.com/ehcache/ehcache3/commit/03b2e8754ff2d3450fd18a3f74c35c3c006dc694";>03b2e87
 Set ehcache version to
   https://github.com/ehcache/ehcache3/commit/ba2a4ab1db419ebad1ec3e8e812a6a746936aedc";>ba2a4ab
 Merge pull request https://github-redirect.dependabot.com/ehcache/ehcache3/issues/3072";>#3072
 from chrisdennis/java-17
   https://github.com/ehcache/ehcache3/commit/4df796cfe2b721a94c2ee69330c91b1199ccde4e";>4df796c
 Upgrade to Terracotta Platform 5.9.12
   https://github.com/ehcache/ehcache3/commit/3808a1551ac2572e0596b9dd4cdf66e3112bf827";>3808a15
 Update README.adoc
   See full diff in https://github.com/ehcache/ehcache3/compare/v3.10.2...v3.10.3";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.ehcache.modules:ehcache-api&package-manager=maven&previous-version=3.10.2&new-version=3.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] davewichers commented on pull request #387: Bump slf4j-api from 1.7.36 to 2.0.3

[GitBox]

davewichers commented on PR #387:
URL: 
https://github.com/apache/httpcomponents-client/pull/387#issuecomment-1312248721

   @ok2c - Why are you ignoring the suggestion to upgrade to the 2.x version of 
this library? This is causing Dependency Convergence conflicts with other 
libraries that are using the 2.x version.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #387: Bump slf4j-api from 1.7.36 to 2.0.3

[GitBox]

ok2c commented on PR #387:
URL: 
https://github.com/apache/httpcomponents-client/pull/387#issuecomment-1312423027

   @davewichers Are you suggesting I should do a major upgrade of a dependency 
in the middle of the development cycle?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-core] michael-o opened a new pull request, #375: Use either US-ASCII or UTF-8 encoding for text where approriate

[GitBox]

michael-o opened a new pull request, #375:
URL: https://github.com/apache/httpcomponents-core/pull/375

   Previously, text-based content was many times encoded with ISO-8859-1. This 
has gradually fallen out of use in the past 10 to 15 years. Use US-ASCII where 
a 7-bit encoding scheme is required for everything related to text encoding use 
UTF-8.
   
   This is just a draft to move to UTF-8. May contain incorrect changes. 
Intended for 5.3+ only.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-core] michael-o commented on pull request #375: Use either US-ASCII or UTF-8 encoding for text where approriate

[GitBox]

michael-o commented on PR #375:
URL: 
https://github.com/apache/httpcomponents-core/pull/375#issuecomment-1312561783

   As discussed in 
[HTTPCLIENT-2244](https://issues.apache.org/jira/browse/HTTPCLIENT-2244).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] rschmitt commented on pull request #387: Bump slf4j-api from 1.7.36 to 2.0.3

[GitBox]

rschmitt commented on PR #387:
URL: 
https://github.com/apache/httpcomponents-client/pull/387#issuecomment-1312646873

   My understanding is that the _API_ of Slf4j 2 is backwards compatible with 
that of 1.7, but the _bytecode_ is not because Slf4j 2 requires JDK8. What I 
don't understand is why a library like httpcomponents-client is called upon to 
specify the latest versions of its dependencies, as opposed to the minimum 
versions that are required to function.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] davewichers commented on pull request #387: Bump slf4j-api from 1.7.36 to 2.0.3

[GitBox]

davewichers commented on PR #387:
URL: 
https://github.com/apache/httpcomponents-client/pull/387#issuecomment-1313874158

   @rschmitt - In general, with a pom file you specify the specific version. I 
believe pom's allow you to specify a minimum, but the risk is that if the 
library releases a new incompatible version, that might cause a problem. So 
projects generally specify specific library versions.
   
   @ok2c - Yes - I am suggesting you upgrade. But I don't consider this a major 
upgrade since SLF4J API 2 is backward compatible with v1. So you just upgrade 
the version, it 'just works', and everything is good to go. And it helps users 
of your library avoid having to put in exclusions for the v1 version in order 
to avoid Dependency Convergence conflicts. And given Java 1.7 is WAY 
deprecated, requiring Java 8 shouldn't harm any of your users. If someone 
REALLY needs Java 7, they can suppress your SLF4J API version and put a 1.x 
version back (but that's not likely these days).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] carterkozak commented on pull request #387: Bump slf4j-api from 1.7.36 to 2.0.3

[GitBox]

carterkozak commented on PR #387:
URL: 
https://github.com/apache/httpcomponents-client/pull/387#issuecomment-1313887796

   The biggest problem is that slf4j 2.x requires a different mechanism to bind 
the api to a logging implementation. Forcing services to upgrade the API will 
potentially cause all of their slf4j logging to cease working until they also 
upgrade a logging implementation, however anyone using 2.x will safely be able 
to resolve up the version in a backwards compatible way.
   
   I would not recommend upgrading the major version for some time.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] bryanck opened a new pull request, #394: Cancel connection request on exception

[GitBox]

bryanck opened a new pull request, #394:
URL: https://github.com/apache/httpcomponents-client/pull/394

   This PR addresses an issue when interrupting a thread when using an 
`HttpClient` with the `PoolingHttpClientConnectionManager`. If the pool reaches 
the max size, and the client is waiting on a lease request, and if the client 
thread is interrupted, the lease will continue to wait and the pool will not 
free up until the lease request timeout is reached. This change will explicitly 
cancel the lease request if an exception occurs.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #394: Cancel connection request on exception

[GitBox]

michael-o commented on PR #394:
URL: 
https://github.com/apache/httpcomponents-client/pull/394#issuecomment-1314042710

   Interesting...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #394: Cancel connection request on exception

[GitBox]

ok2c commented on PR #394:
URL: 
https://github.com/apache/httpcomponents-client/pull/394#issuecomment-1314389422

   @bryanck Good catch.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c merged pull request #394: Cancel connection request on exception

[GitBox]

ok2c merged PR #394:
URL: https://github.com/apache/httpcomponents-client/pull/394


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] dependabot[bot] opened a new pull request, #395: Bump actions/dependency-review-action from 2 to 3

[GitBox]

dependabot[bot] opened a new pull request, #395:
URL: https://github.com/apache/httpcomponents-client/pull/395

   Bumps 
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
 from 2 to 3.
   
   Release notes
   Sourced from https://github.com/actions/dependency-review-action/releases";>actions/dependency-review-action's
 releases.
   
   3.0.0
   Breaking Changes
   By default the action now expects https://spdx.org/licenses/";>SPDX-compliant licenses everywhere. If 
you were previously using license names in the allow or deny lists make sure 
they're valid!
   What's Changed
   Support for external configuration files
   You can now specify a https://github.com/actions/dependency-review-action/#configuration-file";>configuration
 file external to your repository. This allows organizations to have a 
single configuration file for all their repos.
   Broader license support
   We've added support for a much broader set of project licenses by using 
GitHub's https://docs.github.com/en/rest/licenses";>Licenses 
API.
   SPDX Compliance
   All of our license-related code now expects https://spdx.org/licenses/";>SPDX-compliant licenses or expressions. 
This allows us to standardize on a license naming scheme that already supports 
OR/AND expressions.
   Disable individual checks
   You can now use the boolean options license-check and 
vulnerability-check to disable either one of the checks. More 
information in https://github.com/actions/dependency-review-action/#configuration-options";>our
 configuration options.
   Thanks
   Contributors for this release include:
   
   https://github.com/cnagadya";>@​cnagadya
   https://github.com/courtneycl";>@​courtneycl
   https://github.com/ericcornelissen";>@​ericcornelissen
   https://github.com/elireisman";>@​elireisman
   https://github.com/hmaurer";>@​hmaurer
   
   Thanks everyone!
   Full Changelog: https://github.com/actions/dependency-review-action/compare/v2...v3.0.0";>https://github.com/actions/dependency-review-action/compare/v2...v3.0.0
   2.5.1
   Adding some quality-of-life improvements to the local development 
experience. You can now pass a flag to the scripts/scan_pr script 
using the -c/--config-file flags to use an external configuration 
file:
   Example:
 scripts/scan_pr 
https://github.com/actions/dependency-review-action/pull/294
   
   2.5.0
   Fallback on GitHub Licenses API data for missing Dependency Review API 
Licenses. This should improve our license coverage.
   2.4.1
   This patch release fixes the bugs below:
   
   Display the dependency name instead of the manifest name in the detailed 
list of dependents.
   Fix an issue where undefined GHSAs would remove filter out all 
changes.
   
   
   
   ... (truncated)
   
   
   Commits
   
   https://github.com/actions/dependency-review-action/commit/11310527b429536e263dc6cc47873e608189ba21";>1131052
 bumping version
   https://github.com/actions/dependency-review-action/commit/ea0f46928bec821731931bf6fd8a83381a5ce4cd";>ea0f469
 Merge pull request https://github-redirect.dependabot.com/actions/dependency-review-action/issues/330";>#330
 from actions/errors-for-external-configs
   https://github.com/actions/dependency-review-action/commit/369356e2e7f3abb7549df131bd54083ad572d326";>369356e
 Fixing merge conflict in dist/
   https://github.com/actions/dependency-review-action/commit/13fe21bc0a6b1ad7d37ee67be878d2de13d41723";>13fe21b
 Merge pull request https://github-redirect.dependabot.com/actions/dependency-review-action/issues/331";>#331
 from actions/octokit/enterprise
   https://github.com/actions/dependency-review-action/commit/136c0838bfc0dddbb218b2e080001e705f4f837b";>136c083
 Merge pull request https://github-redirect.dependabot.com/actions/dependency-review-action/issues/332";>#332
 from actions/dependabot/npm_and_yarn/typescript-4.9.3
   https://github.com/actions/dependency-review-action/commit/8ed85b37572465ac976c07a00b9a6a0005c9a428";>8ed85b3
 Bump typescript from 4.8.4 to 4.9.3
   https://github.com/actions/dependency-review-action/commit/a952d7b1b713a66455943fe278e79b724b4e1726";>a952d7b
 adding dist
   https://github.com/actions/dependency-review-action/commit/b8e622f102742ba074a9c91cbe63e5b0e0740459";>b8e622f
 Move test out of failing block.
   https://github.com/actions/dependency-review-action/commit/ac059c649cce97dc5cc26d574a11b3d58bb0e155";>ac059c6
 Checkpoint!
   https://github.com/actions/dependency-review-action/commit/93652d7af097f472b9ffde6f8c903368d47277cd";>93652d7
 Fix failing tests.
   Additional commits viewable in https://github.com/actions/dependency-review-action/compare/v2...v3";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-sec

[GitHub] [httpcomponents-client] dependabot[bot] opened a new pull request, #396: Bump mockito-core from 4.8.1 to 4.9.0

[GitBox]

dependabot[bot] opened a new pull request, #396:
URL: https://github.com/apache/httpcomponents-client/pull/396

   Bumps [mockito-core](https://github.com/mockito/mockito) from 4.8.1 to 4.9.0.
   
   Release notes
   Sourced from https://github.com/mockito/mockito/releases";>mockito-core's 
releases.
   
   v4.9.0
   Changelog generated 
by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog 
Gradle Plugin
   4.9.0
   
   2022-11-14 - https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0";>6 
commit(s) by Andrei Solntsev, Rafael Winterhalter, Rick Ossendrijver, 
dependabot[bot]
   Upgrade objenesis 3.2 -> 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2784";>#2784)](https://github-redirect.dependabot.com/mockito/mockito/pull/2784";>mockito/mockito#2784)
   Upgrade objenesis 3.2 -> 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2783";>#2783)](https://github-redirect.dependabot.com/mockito/mockito/issues/2783";>mockito/mockito#2783)
   Avoids clearing stale weak entries from critical code segments. [(https://github-redirect.dependabot.com/mockito/mockito/issues/2780";>#2780)](https://github-redirect.dependabot.com/mockito/mockito/pull/2780";>mockito/mockito#2780)
   bump gradle from 7.3.1 to 7.5.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2776";>#2776)](https://github-redirect.dependabot.com/mockito/mockito/pull/2776";>mockito/mockito#2776)
   Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2775";>#2775)](https://github-redirect.dependabot.com/mockito/mockito/pull/2775";>mockito/mockito#2775)
   Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2770";>#2770)](https://github-redirect.dependabot.com/mockito/mockito/pull/2770";>mockito/mockito#2770)
   Bump junit-platform-launcher from 1.9.0 to 1.9.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2768";>#2768)](https://github-redirect.dependabot.com/mockito/mockito/pull/2768";>mockito/mockito#2768)
   
   
   
   
   Commits
   
   https://github.com/mockito/mockito/commit/0052e2f5f78ca2eda4593df158e1c2366639e5db";>0052e2f
 Avoid clearing stale weak entries from critical code segments (https://github-redirect.dependabot.com/mockito/mockito/issues/2780";>#2780)
   https://github.com/mockito/mockito/commit/47045cbdfe606d8616f7e0a814af6e7803d4c33f";>47045cb
 Upgrade objenesis 3.2 -> 3.3 (https://github-redirect.dependabot.com/mockito/mockito/issues/2784";>#2784)
   https://github.com/mockito/mockito/commit/eb85518cef362e39788a7e030bab8ac78eca76c9";>eb85518
 Update gradle to 7.5.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2776";>#2776)
   https://github.com/mockito/mockito/commit/fcb4cf7bf3f38b0135b50bdc930d7532c7168356";>fcb4cf7
 Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 (https://github-redirect.dependabot.com/mockito/mockito/issues/2775";>#2775)
   https://github.com/mockito/mockito/commit/f512a7694097b46b18394d89173506cf59d071ae";>f512a76
 Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2770";>#2770)
   https://github.com/mockito/mockito/commit/fe7dca265190a6ae3040e4938fb25600a09c669f";>fe7dca2
 Bump junit-platform-launcher from 1.9.0 to 1.9.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2768";>#2768)
   See full diff in https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.mockito:mockito-core&package-manager=maven&previous-version=4.8.1&new-version=4.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating 

[GitHub] [httpcomponents-client] dependabot[bot] opened a new pull request, #397: Bump ehcache-api from 3.10.2 to 3.10.6

[GitBox]

dependabot[bot] opened a new pull request, #397:
URL: https://github.com/apache/httpcomponents-client/pull/397

   Bumps [ehcache-api](https://github.com/ehcache/ehcache3) from 3.10.2 to 
3.10.6.
   
   Commits
   
   https://github.com/ehcache/ehcache3/commit/9b9a03b95f159667c9dca1f521614b331a141a9a";>9b9a03b
 Set ehcache version to
   https://github.com/ehcache/ehcache3/commit/0f0a1ec10ff3b4d041d067d073e6e5f5269de205";>0f0a1ec
 Merge pull request https://github-redirect.dependabot.com/ehcache/ehcache3/issues/3082";>#3082
 from mobasherul/version_bump
   https://github.com/ehcache/ehcache3/commit/61ec778db0225a2e4e192345aca574753465b72c";>61ec778
 platform version bump 5.9.15
   https://github.com/ehcache/ehcache3/commit/197066a180280dee70aebef69bfe989f8db78a94";>197066a
 Merge pull request https://github-redirect.dependabot.com/ehcache/ehcache3/issues/3077";>#3077
 from nnares/bugfix-3034-sync
   https://github.com/ehcache/ehcache3/commit/a5533f9a1927c5a68c0e08008f7e454ec5078996";>a5533f9
 Merge branch 'bugfix-3034' into bugfix-3034-sync
   https://github.com/ehcache/ehcache3/commit/45add6939d463d0111193426dd73e9feceea";>45add69
 Merge pull request https://github-redirect.dependabot.com/ehcache/ehcache3/issues/3078";>#3078
 from mobasherul/version_bump
   https://github.com/ehcache/ehcache3/commit/e29596fb0b253d7ed7303ff6d12545d5d4e076b1";>e29596f
 platform version bump up
   https://github.com/ehcache/ehcache3/commit/ba2a4ab1db419ebad1ec3e8e812a6a746936aedc";>ba2a4ab
 Merge pull request https://github-redirect.dependabot.com/ehcache/ehcache3/issues/3072";>#3072
 from chrisdennis/java-17
   https://github.com/ehcache/ehcache3/commit/4df796cfe2b721a94c2ee69330c91b1199ccde4e";>4df796c
 Upgrade to Terracotta Platform 5.9.12
   https://github.com/ehcache/ehcache3/commit/6f5d57ec0c6a741af04d64588cb423a6f86a33f4";>6f5d57e
 issue-3034 : fixing byteSize computation for clear() operation
   Additional commits viewable in https://github.com/ehcache/ehcache3/compare/v3.10.2...v3.10.6";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.ehcache.modules:ehcache-api&package-manager=maven&previous-version=3.10.2&new-version=3.10.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] dependabot[bot] commented on pull request #393: Bump ehcache-api from 3.10.2 to 3.10.3

[GitBox]

dependabot[bot] commented on PR #393:
URL: 
https://github.com/apache/httpcomponents-client/pull/393#issuecomment-1319967111

   Superseded by #397.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] dependabot[bot] closed pull request #393: Bump ehcache-api from 3.10.2 to 3.10.3

[GitBox]

dependabot[bot] closed pull request #393: Bump ehcache-api from 3.10.2 to 3.10.3
URL: https://github.com/apache/httpcomponents-client/pull/393


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-core] dependabot[bot] opened a new pull request, #376: Bump actions/dependency-review-action from 2 to 3

[GitBox]

dependabot[bot] opened a new pull request, #376:
URL: https://github.com/apache/httpcomponents-core/pull/376

   Bumps 
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
 from 2 to 3.
   
   Release notes
   Sourced from https://github.com/actions/dependency-review-action/releases";>actions/dependency-review-action's
 releases.
   
   3.0.0
   Breaking Changes
   By default the action now expects https://spdx.org/licenses/";>SPDX-compliant licenses everywhere. If 
you were previously using license names in the allow or deny lists make sure 
they're valid!
   What's Changed
   Support for external configuration files
   You can now specify a https://github.com/actions/dependency-review-action/#configuration-file";>configuration
 file external to your repository. This allows organizations to have a 
single configuration file for all their repos.
   Broader license support
   We've added support for a much broader set of project licenses by using 
GitHub's https://docs.github.com/en/rest/licenses";>Licenses 
API.
   SPDX Compliance
   All of our license-related code now expects https://spdx.org/licenses/";>SPDX-compliant licenses or expressions. 
This allows us to standardize on a license naming scheme that already supports 
OR/AND expressions.
   Disable individual checks
   You can now use the boolean options license-check and 
vulnerability-check to disable either one of the checks. More 
information in https://github.com/actions/dependency-review-action/#configuration-options";>our
 configuration options.
   Thanks
   Contributors for this release include:
   
   https://github.com/cnagadya";>@​cnagadya
   https://github.com/courtneycl";>@​courtneycl
   https://github.com/ericcornelissen";>@​ericcornelissen
   https://github.com/elireisman";>@​elireisman
   https://github.com/hmaurer";>@​hmaurer
   
   Thanks everyone!
   Full Changelog: https://github.com/actions/dependency-review-action/compare/v2...v3.0.0";>https://github.com/actions/dependency-review-action/compare/v2...v3.0.0
   2.5.1
   Adding some quality-of-life improvements to the local development 
experience. You can now pass a flag to the scripts/scan_pr script 
using the -c/--config-file flags to use an external configuration 
file:
   Example:
 scripts/scan_pr 
https://github.com/actions/dependency-review-action/pull/294
   
   2.5.0
   Fallback on GitHub Licenses API data for missing Dependency Review API 
Licenses. This should improve our license coverage.
   2.4.1
   This patch release fixes the bugs below:
   
   Display the dependency name instead of the manifest name in the detailed 
list of dependents.
   Fix an issue where undefined GHSAs would remove filter out all 
changes.
   
   
   
   ... (truncated)
   
   
   Commits
   
   https://github.com/actions/dependency-review-action/commit/11310527b429536e263dc6cc47873e608189ba21";>1131052
 bumping version
   https://github.com/actions/dependency-review-action/commit/ea0f46928bec821731931bf6fd8a83381a5ce4cd";>ea0f469
 Merge pull request https://github-redirect.dependabot.com/actions/dependency-review-action/issues/330";>#330
 from actions/errors-for-external-configs
   https://github.com/actions/dependency-review-action/commit/369356e2e7f3abb7549df131bd54083ad572d326";>369356e
 Fixing merge conflict in dist/
   https://github.com/actions/dependency-review-action/commit/13fe21bc0a6b1ad7d37ee67be878d2de13d41723";>13fe21b
 Merge pull request https://github-redirect.dependabot.com/actions/dependency-review-action/issues/331";>#331
 from actions/octokit/enterprise
   https://github.com/actions/dependency-review-action/commit/136c0838bfc0dddbb218b2e080001e705f4f837b";>136c083
 Merge pull request https://github-redirect.dependabot.com/actions/dependency-review-action/issues/332";>#332
 from actions/dependabot/npm_and_yarn/typescript-4.9.3
   https://github.com/actions/dependency-review-action/commit/8ed85b37572465ac976c07a00b9a6a0005c9a428";>8ed85b3
 Bump typescript from 4.8.4 to 4.9.3
   https://github.com/actions/dependency-review-action/commit/a952d7b1b713a66455943fe278e79b724b4e1726";>a952d7b
 adding dist
   https://github.com/actions/dependency-review-action/commit/b8e622f102742ba074a9c91cbe63e5b0e0740459";>b8e622f
 Move test out of failing block.
   https://github.com/actions/dependency-review-action/commit/ac059c649cce97dc5cc26d574a11b3d58bb0e155";>ac059c6
 Checkpoint!
   https://github.com/actions/dependency-review-action/commit/93652d7af097f472b9ffde6f8c903368d47277cd";>93652d7
 Fix failing tests.
   Additional commits viewable in https://github.com/actions/dependency-review-action/compare/v2...v3";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-secur

[GitHub] [httpcomponents-core] dependabot[bot] opened a new pull request, #377: Bump mockito-core from 4.8.1 to 4.9.0

[GitBox]

dependabot[bot] opened a new pull request, #377:
URL: https://github.com/apache/httpcomponents-core/pull/377

   Bumps [mockito-core](https://github.com/mockito/mockito) from 4.8.1 to 4.9.0.
   
   Release notes
   Sourced from https://github.com/mockito/mockito/releases";>mockito-core's 
releases.
   
   v4.9.0
   Changelog generated 
by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog 
Gradle Plugin
   4.9.0
   
   2022-11-14 - https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0";>6 
commit(s) by Andrei Solntsev, Rafael Winterhalter, Rick Ossendrijver, 
dependabot[bot]
   Upgrade objenesis 3.2 -> 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2784";>#2784)](https://github-redirect.dependabot.com/mockito/mockito/pull/2784";>mockito/mockito#2784)
   Upgrade objenesis 3.2 -> 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2783";>#2783)](https://github-redirect.dependabot.com/mockito/mockito/issues/2783";>mockito/mockito#2783)
   Avoids clearing stale weak entries from critical code segments. [(https://github-redirect.dependabot.com/mockito/mockito/issues/2780";>#2780)](https://github-redirect.dependabot.com/mockito/mockito/pull/2780";>mockito/mockito#2780)
   bump gradle from 7.3.1 to 7.5.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2776";>#2776)](https://github-redirect.dependabot.com/mockito/mockito/pull/2776";>mockito/mockito#2776)
   Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2775";>#2775)](https://github-redirect.dependabot.com/mockito/mockito/pull/2775";>mockito/mockito#2775)
   Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2770";>#2770)](https://github-redirect.dependabot.com/mockito/mockito/pull/2770";>mockito/mockito#2770)
   Bump junit-platform-launcher from 1.9.0 to 1.9.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2768";>#2768)](https://github-redirect.dependabot.com/mockito/mockito/pull/2768";>mockito/mockito#2768)
   
   
   
   
   Commits
   
   https://github.com/mockito/mockito/commit/0052e2f5f78ca2eda4593df158e1c2366639e5db";>0052e2f
 Avoid clearing stale weak entries from critical code segments (https://github-redirect.dependabot.com/mockito/mockito/issues/2780";>#2780)
   https://github.com/mockito/mockito/commit/47045cbdfe606d8616f7e0a814af6e7803d4c33f";>47045cb
 Upgrade objenesis 3.2 -> 3.3 (https://github-redirect.dependabot.com/mockito/mockito/issues/2784";>#2784)
   https://github.com/mockito/mockito/commit/eb85518cef362e39788a7e030bab8ac78eca76c9";>eb85518
 Update gradle to 7.5.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2776";>#2776)
   https://github.com/mockito/mockito/commit/fcb4cf7bf3f38b0135b50bdc930d7532c7168356";>fcb4cf7
 Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 (https://github-redirect.dependabot.com/mockito/mockito/issues/2775";>#2775)
   https://github.com/mockito/mockito/commit/f512a7694097b46b18394d89173506cf59d071ae";>f512a76
 Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2770";>#2770)
   https://github.com/mockito/mockito/commit/fe7dca265190a6ae3040e4938fb25600a09c669f";>fe7dca2
 Bump junit-platform-launcher from 1.9.0 to 1.9.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2768";>#2768)
   See full diff in https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.mockito:mockito-core&package-manager=maven&previous-version=4.8.1&new-version=4.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating an

[GitHub] [httpcomponents-core] ok2c merged pull request #376: Bump actions/dependency-review-action from 2 to 3

[GitBox]

ok2c merged PR #376:
URL: https://github.com/apache/httpcomponents-core/pull/376


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-core] ok2c closed pull request #307: Refactor duplicate patterns with new methods in TimeValue

[GitBox]

ok2c closed pull request #307: Refactor duplicate patterns with new methods in 
TimeValue
URL: https://github.com/apache/httpcomponents-core/pull/307


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] dependabot[bot] opened a new pull request, #398: Bump ehcache-api from 3.10.2 to 3.10.8

[GitBox]

dependabot[bot] opened a new pull request, #398:
URL: https://github.com/apache/httpcomponents-client/pull/398

   Bumps [ehcache-api](https://github.com/ehcache/ehcache3) from 3.10.2 to 
3.10.8.
   
   Commits
   
   https://github.com/ehcache/ehcache3/commit/ac1bb6b5e384cb49a9b7eaefefa5db1cf254adac";>ac1bb6b
 Set ehcache version to
   https://github.com/ehcache/ehcache3/commit/e8c3b4a333f3ffc60d5b8d60ac3f64741efc81e9";>e8c3b4a
 Merge pull request https://github-redirect.dependabot.com/ehcache/ehcache3/issues/3086";>#3086
 from mobasherul/version_bump
   https://github.com/ehcache/ehcache3/commit/be74c741499b9e2595a53e80399937d099ff8a59";>be74c74
 Adding license header
   https://github.com/ehcache/ehcache3/commit/a3364b26ce232268f23dd818c91895247292d35c";>a3364b2
 Merge pull request https://github-redirect.dependabot.com/ehcache/ehcache3/issues/3085";>#3085
 from mobasherul/version_bump
   https://github.com/ehcache/ehcache3/commit/304e9689827df384d733660e5fbd618c9b973028";>304e968
 platform version bump 5.9.16
   https://github.com/ehcache/ehcache3/commit/0f0a1ec10ff3b4d041d067d073e6e5f5269de205";>0f0a1ec
 Merge pull request https://github-redirect.dependabot.com/ehcache/ehcache3/issues/3082";>#3082
 from mobasherul/version_bump
   https://github.com/ehcache/ehcache3/commit/61ec778db0225a2e4e192345aca574753465b72c";>61ec778
 platform version bump 5.9.15
   https://github.com/ehcache/ehcache3/commit/197066a180280dee70aebef69bfe989f8db78a94";>197066a
 Merge pull request https://github-redirect.dependabot.com/ehcache/ehcache3/issues/3077";>#3077
 from nnares/bugfix-3034-sync
   https://github.com/ehcache/ehcache3/commit/a5533f9a1927c5a68c0e08008f7e454ec5078996";>a5533f9
 Merge branch 'bugfix-3034' into bugfix-3034-sync
   https://github.com/ehcache/ehcache3/commit/45add6939d463d0111193426dd73e9feceea";>45add69
 Merge pull request https://github-redirect.dependabot.com/ehcache/ehcache3/issues/3078";>#3078
 from mobasherul/version_bump
   Additional commits viewable in https://github.com/ehcache/ehcache3/compare/v3.10.2...v3.10.8";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.ehcache.modules:ehcache-api&package-manager=maven&previous-version=3.10.2&new-version=3.10.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] dependabot[bot] commented on pull request #397: Bump ehcache-api from 3.10.2 to 3.10.6

[GitBox]

dependabot[bot] commented on PR #397:
URL: 
https://github.com/apache/httpcomponents-client/pull/397#issuecomment-1327447390

   Superseded by #398.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] dependabot[bot] closed pull request #397: Bump ehcache-api from 3.10.2 to 3.10.6

[GitBox]

dependabot[bot] closed pull request #397: Bump ehcache-api from 3.10.2 to 3.10.6
URL: https://github.com/apache/httpcomponents-client/pull/397


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c merged pull request #395: Bump actions/dependency-review-action from 2 to 3

[GitBox]

ok2c merged PR #395:
URL: https://github.com/apache/httpcomponents-client/pull/395


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c merged pull request #398: Bump ehcache-api from 3.10.2 to 3.10.8

[GitBox]

ok2c merged PR #398:
URL: https://github.com/apache/httpcomponents-client/pull/398


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #396: Bump mockito-core from 4.8.1 to 4.9.0

[GitBox]

ok2c commented on PR #396:
URL: 
https://github.com/apache/httpcomponents-client/pull/396#issuecomment-1328017013

   @dependabot rebase


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c opened a new pull request, #399: Bearer auth support

[GitBox]

ok2c opened a new pull request, #399:
URL: https://github.com/apache/httpcomponents-client/pull/399

   @michael-o Please do another pass.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1340029979

   Will take a look and test this week.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045580875


##
httpclient5-testing/src/main/java/org/apache/hc/client5/testing/auth/TokenBearerAuthenticationHandler.java:
##
@@ -0,0 +1,44 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+
+package org.apache.hc.client5.testing.auth;
+
+import org.apache.hc.client5.http.auth.StandardAuthScheme;
+
+public class TokenBearerAuthenticationHandler extends 
AbstractAuthenticationHandler {

Review Comment:
   TokenBearer? Just Bearer. Since we don't do SpnegoTokenAuth...



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045590335


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal

Review Comment:
   I think this line is unnecessary.



##
httpclient5-testing/src/main/java/org/apache/hc/client5/testing/auth/BasicAuthenticationHandler.java:
##
@@ -0,0 +1,49 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+
+package org.apache.hc.client5.testing.auth;
+
+import java.nio.charset.StandardCharsets;
+
+import org.apache.hc.client5.http.auth.StandardAuthScheme;
+import org.apache.hc.client5.http.utils.Base64;
+
+public class BasicAuthenticationHandler extends AbstractAuthenticationHandler {
+
+@Override
+String getSchemeName() {
+return StandardAuthScheme.BASIC;
+}
+
+@Override
+String decodeChallenge(final String challenge) throws 
IllegalArgumentException {
+final byte[] bytes = challenge.getBytes(StandardCharsets.US_ASCII);
+final Base64 codec = new Base64();
+return new String(codec.decode(bytes), StandardCharsets.US_ASCII);

Review Comment:
   You assume that the bytes are always ASCII? What about UTF-8 these days?



##
httpclient5-testing/src/main/java/org/apache/hc/client5/testing/auth/Authenticator.java:
##
@@ -31,6 +31,13 @@
 
 public interface Authenticator {
 
+/**
+ * @since 5.3
+ */
+default AuthResult auth(URIAuthority authority, String requestUri, String 
credentials) {

Review Comment:
   Maybe `perform` is a better name? `auth` and `authenticate` seem to be to 
similar.



#

[GitHub] [httpcomponents-client] ok2c commented on pull request #399: Bearer auth support

[GitBox]

ok2c commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1346274196

   > Don't add runtime exceptions to method signatures. They belong into 
Javadoc. See Effective Java from Joshua Bloch.
   
   @ok2c I must say I disagree with Joshua Bloch in this particular instance. 
There is no negative runtime impact from declaration of runtime exceptions in 
the throws clause. Essentially it is a matter of taste rather anything else. 
But so be it. I'll remove it. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on a diff in pull request #399: Bearer auth support

[GitBox]

ok2c commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045684393


##
httpclient5-testing/src/main/java/org/apache/hc/client5/testing/auth/Authenticator.java:
##
@@ -31,6 +31,13 @@
 
 public interface Authenticator {
 
+/**
+ * @since 5.3
+ */
+default AuthResult auth(URIAuthority authority, String requestUri, String 
credentials) {

Review Comment:
   @michael-o Agreed.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on a diff in pull request #399: Bearer auth support

[GitBox]

ok2c commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045689705


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal userPrincipal, final String token) {
+super();
+this.principal = Args.notNull(userPrincipal, "User principal");

Review Comment:
   @michael-o Why would not principal make sense here? Credentials are always 
associated with a particular security principal of some sort. Whether or not we 
can parse out the principal out of the token itself is a whole different story.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045722003


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal userPrincipal, final String token) {
+super();
+this.principal = Args.notNull(userPrincipal, "User principal");

Review Comment:
   This might be or not. The RFC does not indicate whether a subject is 
associated with. It solely talks about resource access.
   Now let's look at this from client's perspective: I cannot obtain the 
principal since the token is supposed to be opaque to me and I have received it 
from my OIDC provider. Even with client credentials there is no guarantee that 
the final subject will correspond to the client_id? Should I supply a bogus 
principal?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1346334453

   > > Don't add runtime exceptions to method signatures. They belong into 
Javadoc. See Effective Java from Joshua Bloch.
   > 
   > @michael-o I must say I disagree with Joshua Bloch in this particular 
instance. There is no negative runtime impact from declaration of runtime 
exceptions in the throws clause. Essentially it is a matter of taste rather 
anything else. But so be it. I'll remove it.
   
   I agree wth you, correct, there is no negative impact, but runtime 
exceptions denote a irrecoverable state mostly due to programming errors: shit 
in, shit out.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045738039


##
httpclient5-testing/src/main/java/org/apache/hc/client5/testing/auth/BasicAuthenticationHandler.java:
##
@@ -27,13 +27,27 @@
 
 package org.apache.hc.client5.testing.auth;
 
+import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 
 import org.apache.hc.client5.http.auth.StandardAuthScheme;
 import org.apache.hc.client5.http.utils.Base64;
 
 public class BasicAuthenticationHandler extends AbstractAuthenticationHandler {
 
+private final Charset charset;
+
+/**
+ * @since 5.3
+ */
+public BasicAuthenticationHandler(final Charset charset) {
+this.charset = charset != null ? charset : StandardCharsets.UTF_8;
+}
+
+public BasicAuthenticationHandler() {
+this(StandardCharsets.US_ASCII);
+}

Review Comment:
   Is this for backwards compat? Since it looks inconsistent with no-arg and 
`null` arg. At least from a client perspective it is suprising.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on a diff in pull request #399: Bearer auth support

[GitBox]

ok2c commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045756872


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal userPrincipal, final String token) {
+super();
+this.principal = Args.notNull(userPrincipal, "User principal");

Review Comment:
   @michael-o No matter what perspective, HTTP requests are always executed on 
someone's behalf and tokens is not something you find lying on the ground. They 
are acquired for a specific principal. It is bogus only if you make it bogus.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045763985


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal userPrincipal, final String token) {
+super();
+this.principal = Args.notNull(userPrincipal, "User principal");

Review Comment:
   I understand that, but what do you expect people to supply if they cannot 
deliver that?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on a diff in pull request #399: Bearer auth support

[GitBox]

ok2c commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045775614


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal userPrincipal, final String token) {
+super();
+this.principal = Args.notNull(userPrincipal, "User principal");

Review Comment:
   @michael-o What do you mean? They do not know what they are doing? HTTP 
requests are no farts. They do not happen once of a sudden and for no reason. 
They are always executed by some agent for a specific means. There is always at 
least the application with an application id of some sort.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045786273


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal userPrincipal, final String token) {
+super();
+this.principal = Args.notNull(userPrincipal, "User principal");

Review Comment:
   Yes, but my understanding is that the token is quite abstract compared to 
Basic.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1346436026

   Two more questions left, I will try this in production.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on a diff in pull request #399: Bearer auth support

[GitBox]

ok2c commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045816086


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal userPrincipal, final String token) {
+super();
+this.principal = Args.notNull(userPrincipal, "User principal");

Review Comment:
   @michael-o It is, but despite being abstract it still represents a 
principal. Would you rather like it to be null?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on a diff in pull request #399: Bearer auth support

[GitBox]

ok2c commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045817334


##
httpclient5-testing/src/main/java/org/apache/hc/client5/testing/auth/BasicAuthenticationHandler.java:
##
@@ -27,13 +27,27 @@
 
 package org.apache.hc.client5.testing.auth;
 
+import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 
 import org.apache.hc.client5.http.auth.StandardAuthScheme;
 import org.apache.hc.client5.http.utils.Base64;
 
 public class BasicAuthenticationHandler extends AbstractAuthenticationHandler {
 
+private final Charset charset;
+
+/**
+ * @since 5.3
+ */
+public BasicAuthenticationHandler(final Charset charset) {
+this.charset = charset != null ? charset : StandardCharsets.UTF_8;
+}
+
+public BasicAuthenticationHandler() {
+this(StandardCharsets.US_ASCII);
+}

Review Comment:
   > Is this for backwards compat? 
   
   @michael-o Yes, it is.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045824851


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal userPrincipal, final String token) {
+super();
+this.principal = Args.notNull(userPrincipal, "User principal");

Review Comment:
   From my point it can be `null` since we don't have it 
[here](https://github.com/apache/httpcomponents-client/blob/5.3.x/httpclient5/src/main/java/org/apache/hc/client5/http/auth/KerberosCredentials.java)
 as well. (here it could ge source with the `GSSName`, but that is a different 
discussion)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1045837033


##
httpclient5-testing/src/main/java/org/apache/hc/client5/testing/auth/BasicAuthenticationHandler.java:
##
@@ -27,13 +27,27 @@
 
 package org.apache.hc.client5.testing.auth;
 
+import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 
 import org.apache.hc.client5.http.auth.StandardAuthScheme;
 import org.apache.hc.client5.http.utils.Base64;
 
 public class BasicAuthenticationHandler extends AbstractAuthenticationHandler {
 
+private final Charset charset;
+
+/**
+ * @since 5.3
+ */
+public BasicAuthenticationHandler(final Charset charset) {
+this.charset = charset != null ? charset : StandardCharsets.UTF_8;
+}
+
+public BasicAuthenticationHandler() {
+this(StandardCharsets.US_ASCII);
+}

Review Comment:
   I see, the for consistency reasons the one-arg constructor should not allow 
null, encoding must be explicit then. Then the client can explicitly pass 
`UTF-8` and the rest will always be `US-ASCII`. We could also consider to use 
always `UTF-8` since ASCII input will always work.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #399: Bearer auth support

[GitBox]

ok2c commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1347056473

   @michael-o I have a feeling we are talking blondes vs brunettes here, but 
have it the way you like it. Please review


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046257968


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param principal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal principal, final String token) {
+super();
+this.principal = principal;
+this.token = Args.notBlank(token, "Token");
+}
+
+/**
+ * The constructor with the username and token arguments.
+ *
+ * @param userName the username
+ * @param token the token
+ */
+public BearerToken(final String userName, final String token) {
+this(userName != null ? new BasicUserPrincipal(userName) : null, 
token);
+}
+
+@Override
+public Principal getUserPrincipal() {
+return this.principal;
+}
+
+public String getUserName() {
+return this.principal.getName();

Review Comment:
   This will cause a NPE when `principal` is null.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046260885


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param principal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal principal, final String token) {
+super();
+this.principal = principal;
+this.token = Args.notBlank(token, "Token");
+}
+
+/**
+ * The constructor with the username and token arguments.
+ *
+ * @param userName the username
+ * @param token the token
+ */
+public BearerToken(final String userName, final String token) {
+this(userName != null ? new BasicUserPrincipal(userName) : null, 
token);
+}
+
+@Override
+public Principal getUserPrincipal() {
+return this.principal;
+}
+
+public String getUserName() {
+return this.principal.getName();
+}
+
+/**
+ * @deprecated Do not use.
+ */
+@Deprecated
+@Override
+public char[] getPassword() {
+return null;
+}
+
+public String getToken() {
+return token;
+}
+
+@Override
+public int hashCode() {
+return this.principal.hashCode();
+}
+
+@Override
+public boolean equals(final Object o) {
+if (this == o) {
+return true;
+}
+if (o instanceof BearerToken) {
+final BearerToken that = (BearerToken) o;
+return Objects.equals(this.principal, that.principal);

Review Comment:
   Do you really consider both equal when the access tokens differ, but 
principal matches?



##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Soft

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1347116449

   > @michael-o I have a feeling we are talking blondes vs brunettes here, but 
have it the way you like it. Please review
   
   I like both, I am not picky :-D


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on a diff in pull request #399: Bearer auth support

[GitBox]

ok2c commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046267743


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param principal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal principal, final String token) {
+super();
+this.principal = principal;
+this.token = Args.notBlank(token, "Token");
+}
+
+/**
+ * The constructor with the username and token arguments.
+ *
+ * @param userName the username
+ * @param token the token
+ */
+public BearerToken(final String userName, final String token) {
+this(userName != null ? new BasicUserPrincipal(userName) : null, 
token);
+}
+
+@Override
+public Principal getUserPrincipal() {
+return this.principal;
+}
+
+public String getUserName() {
+return this.principal.getName();
+}
+
+/**
+ * @deprecated Do not use.
+ */
+@Deprecated
+@Override
+public char[] getPassword() {
+return null;
+}
+
+public String getToken() {
+return token;
+}
+
+@Override
+public int hashCode() {
+return this.principal.hashCode();
+}
+
+@Override
+public boolean equals(final Object o) {
+if (this == o) {
+return true;
+}
+if (o instanceof BearerToken) {
+final BearerToken that = (BearerToken) o;
+return Objects.equals(this.principal, that.principal);

Review Comment:
   @michael-o I do. This is why I think null principal is sully, but so be it.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on a diff in pull request #399: Bearer auth support

[GitBox]

ok2c commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046267743


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param principal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal principal, final String token) {
+super();
+this.principal = principal;
+this.token = Args.notBlank(token, "Token");
+}
+
+/**
+ * The constructor with the username and token arguments.
+ *
+ * @param userName the username
+ * @param token the token
+ */
+public BearerToken(final String userName, final String token) {
+this(userName != null ? new BasicUserPrincipal(userName) : null, 
token);
+}
+
+@Override
+public Principal getUserPrincipal() {
+return this.principal;
+}
+
+public String getUserName() {
+return this.principal.getName();
+}
+
+/**
+ * @deprecated Do not use.
+ */
+@Deprecated
+@Override
+public char[] getPassword() {
+return null;
+}
+
+public String getToken() {
+return token;
+}
+
+@Override
+public int hashCode() {
+return this.principal.hashCode();
+}
+
+@Override
+public boolean equals(final Object o) {
+if (this == o) {
+return true;
+}
+if (o instanceof BearerToken) {
+final BearerToken that = (BearerToken) o;
+return Objects.equals(this.principal, that.principal);

Review Comment:
   @michael-o I do. This is why I think null principal is silly, but so be it.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046269591


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal

Review Comment:
   The `NTUserPrincipal` does not apply here.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046270523


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param principal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal principal, final String token) {
+super();
+this.principal = principal;
+this.token = Args.notBlank(token, "Token");
+}
+
+/**
+ * The constructor with the username and token arguments.
+ *
+ * @param userName the username
+ * @param token the token
+ */
+public BearerToken(final String userName, final String token) {
+this(userName != null ? new BasicUserPrincipal(userName) : null, 
token);
+}
+
+@Override
+public Principal getUserPrincipal() {
+return this.principal;
+}
+
+public String getUserName() {
+return this.principal.getName();
+}
+
+/**
+ * @deprecated Do not use.
+ */
+@Deprecated
+@Override
+public char[] getPassword() {
+return null;
+}
+
+public String getToken() {
+return token;
+}
+
+@Override
+public int hashCode() {
+return this.principal.hashCode();

Review Comment:
   This one as well, no?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046272608


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/UsernamePasswordCredentials.java:
##
@@ -45,22 +45,36 @@ public class UsernamePasswordCredentials implements 
Credentials, Serializable {
 
 private static final long serialVersionUID = 243343858802739403L;
 
-private final BasicUserPrincipal principal;
+private final Principal principal;
 private final char[] password;
 
 /**
  * The constructor with the username and password arguments.
  *
- * @param userName the user name
+ * @param principal the user principal
  * @param password the password
+ *
+ * @since 5.3
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
  */
-public UsernamePasswordCredentials(final String userName, final char[] 
password) {
+public UsernamePasswordCredentials(final Principal principal, final char[] 
password) {
 super();
-Args.notNull(userName, "Username");
-this.principal = new BasicUserPrincipal(userName);
+this.principal = Args.notNull(principal, "User principal");
 this.password = password;
 }
 
+/**
+ * The constructor with the username and password arguments.
+ *
+ * @param username the user name
+ * @param password the password
+ */
+public UsernamePasswordCredentials(final String username, final char[] 
password) {
+this(new BasicUserPrincipal(username), password);

Review Comment:
   Shouldn't username be tested for `null` as well?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1347141146

   @ok2c Can you explain why you use the `realm` parameter actively with Bearer 
altough rfc6749 does not mention it once? I only see these: 
https://datatracker.ietf.org/doc/html/rfc6749#section-11-2-2


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #399: Bearer auth support

[GitBox]

ok2c commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1347162852

   > @ok2c Can you explain why you use the `realm` parameter actively with 
Bearer altough rfc6749 does not mention it once? I only see these: 
https://datatracker.ietf.org/doc/html/rfc6749#section-11-2-2
   
   Please see rfc6750, section 3.
   https://www.rfc-editor.org/rfc/rfc6750
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1347170203

   > > @ok2c Can you explain why you use the `realm` parameter actively with 
Bearer altough rfc6749 does not mention it once? I only see these: 
https://datatracker.ietf.org/doc/html/rfc6749#section-11-2-2
   > 
   > @michael-o Please see rfc6750, section 3. 
https://datatracker.ietf.org/doc/html/rfc6750#section-3
   
   Indeed, thank you very much. This makes sense now!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on a diff in pull request #399: Bearer auth support

[GitBox]

ok2c commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046296139


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal

Review Comment:
   @michael-o Why?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046302493


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param principal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal
+ */
+public BearerToken(final Principal principal, final String token) {
+super();
+this.principal = principal;
+this.token = Args.notBlank(token, "Token");
+}
+
+/**
+ * The constructor with the username and token arguments.
+ *
+ * @param userName the username
+ * @param token the token
+ */
+public BearerToken(final String userName, final String token) {
+this(userName != null ? new BasicUserPrincipal(userName) : null, 
token);
+}
+
+@Override
+public Principal getUserPrincipal() {
+return this.principal;
+}
+
+public String getUserName() {
+return this.principal.getName();
+}
+
+/**
+ * @deprecated Do not use.
+ */
+@Deprecated
+@Override
+public char[] getPassword() {
+return null;
+}
+
+public String getToken() {
+return token;
+}
+
+@Override
+public int hashCode() {
+return this.principal.hashCode();
+}
+
+@Override
+public boolean equals(final Object o) {
+if (this == o) {
+return true;
+}
+if (o instanceof BearerToken) {
+final BearerToken that = (BearerToken) o;
+return Objects.equals(this.principal, that.principal);

Review Comment:
   I can imagine the following: two clients (principals) have been granted to 
the same token to access a resource on behalf of the resource owner. How should 
equals behave here?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046339102


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal

Review Comment:
   Because the `NTUserPrincipal` consists of two components. This assumption 
cannot be done here.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on a diff in pull request #399: Bearer auth support

[GitBox]

michael-o commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046341201


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,95 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final String token;
+
+public BearerToken(final String token) {
+super();
+this.token = Args.notBlank(token, "Token");
+}
+
+@Override
+public Principal getUserPrincipal() {
+return null;
+}
+
+/**
+ * @deprecated Do not use.
+ */
+@Deprecated
+@Override
+public char[] getPassword() {
+return null;
+}
+
+public String getToken() {
+return token;
+}
+
+@Override
+public int hashCode() {
+return token.hashCode();
+}
+
+@Override
+public boolean equals(final Object o) {
+if (this == o) {
+return true;
+}
+if (o instanceof BearerToken) {
+final BearerToken that = (BearerToken) o;
+return Objects.equals(this.token, that.token);
+}
+return false;
+}
+
+@Override
+public String toString() {
+return this.token;

Review Comment:
   This is reasonable? Other credentials don't expose the secret via 
`toString()`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on a diff in pull request #399: Bearer auth support

[GitBox]

ok2c commented on code in PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#discussion_r1046343685


##
httpclient5/src/main/java/org/apache/hc/client5/http/auth/BearerToken.java:
##
@@ -0,0 +1,120 @@
+/*
+ * 
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * 
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+package org.apache.hc.client5.http.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Opaque token {@link Credentials} usually representing a set of claims, 
often encrypted
+ * or signed. The JWT (JSON Web Token) is among most widely used tokens used 
at the time
+ * of writing.
+ *
+ * @since 5.3
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class BearerToken implements Credentials, Serializable {
+
+private final Principal principal;
+private final String token;
+
+/**
+ * The constructor with the user principal and token arguments.
+ *
+ * @param userPrincipal the user principal
+ * @param token the token
+ *
+ * @see BasicUserPrincipal
+ * @see NTUserPrincipal

Review Comment:
   > This assumption cannot be done here.
   
   @michael-o Why is that? An NT principal is just a composite of domain and 
user name. Anyhow, I removed the principal from `BearerToken`. So, forget it.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #399: Bearer auth support

[GitBox]

ok2c commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1347258295

   @michael-o what is it exactly that you want me to change now?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1347326058

   > @michael-o what is it exactly that you want me to change now?
   
   Only the `toString()` is questionable, the rest is fine. Let me give it a 
shot tomorrow.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c merged pull request #400: Fix minor typo in Javadoc

[GitBox]

ok2c merged PR #400:
URL: https://github.com/apache/httpcomponents-client/pull/400


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] Pluto-Whong closed pull request #401: Avoid being closed by the Evictor when the connection is used.

[GitBox]

Pluto-Whong closed pull request #401: Avoid being closed by the Evictor when 
the connection is used.
URL: https://github.com/apache/httpcomponents-client/pull/401


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] dependabot[bot] opened a new pull request, #402: Bump mockito-core from 4.8.1 to 4.10.0

[GitBox]

dependabot[bot] opened a new pull request, #402:
URL: https://github.com/apache/httpcomponents-client/pull/402

   Bumps [mockito-core](https://github.com/mockito/mockito) from 4.8.1 to 
4.10.0.
   
   Release notes
   Sourced from https://github.com/mockito/mockito/releases";>mockito-core's 
releases.
   
   v4.10.0
   Changelog generated 
by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog 
Gradle Plugin
   4.10.0
   
   2022-12-14 - https://github.com/mockito/mockito/compare/v4.9.0...v4.10.0";>13 
commit(s) by Andrei Solntsev, Andriy Redko, Andy Coates, Christopher 
Lambert, Marcono1234, Vladimir Glinskikh, dependabot[bot]
   Add new artifact mockito-subclass (to use mock-maker-subclass MockMaker) 
[(https://github-redirect.dependabot.com/mockito/mockito/issues/2821";>#2821)](https://github-redirect.dependabot.com/mockito/mockito/pull/2821";>mockito/mockito#2821)
   Bump gradle from 7.5.1 to 7.6 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2817";>#2817)](https://github-redirect.dependabot.com/mockito/mockito/pull/2817";>mockito/mockito#2817)
   Fix incorrect Javadoc inline tag for MockitoJUnitRunner [(https://github-redirect.dependabot.com/mockito/mockito/issues/2816";>#2816)](https://github-redirect.dependabot.com/mockito/mockito/pull/2816";>mockito/mockito#2816)
   Bump shipkit-auto-version from 1.2.1 to 1.2.2 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2811";>#2811)](https://github-redirect.dependabot.com/mockito/mockito/pull/2811";>mockito/mockito#2811)
   Bump com.github.ben-manes.versions from 0.42.0 to 0.44.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2810";>#2810)](https://github-redirect.dependabot.com/mockito/mockito/pull/2810";>mockito/mockito#2810)
   Bump kotlinVersion from 1.7.21 to 1.7.22 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2809";>#2809)](https://github-redirect.dependabot.com/mockito/mockito/pull/2809";>mockito/mockito#2809)
   Bump junit from 1.1.3 to 1.1.4 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2806";>#2806)](https://github-redirect.dependabot.com/mockito/mockito/pull/2806";>mockito/mockito#2806)
   Simplify MatcherApplicationStrategy [(https://github-redirect.dependabot.com/mockito/mockito/issues/2803";>#2803)](https://github-redirect.dependabot.com/mockito/mockito/pull/2803";>mockito/mockito#2803)
   Bump kotlinVersion from 1.7.10 to 1.7.21 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2801";>#2801)](https://github-redirect.dependabot.com/mockito/mockito/pull/2801";>mockito/mockito#2801)
   Bump espresso-core from 3.4.0 to 3.5.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2800";>#2800)](https://github-redirect.dependabot.com/mockito/mockito/pull/2800";>mockito/mockito#2800)
   Bump versions.bytebuddy from 1.12.16 to 1.12.19 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2799";>#2799)](https://github-redirect.dependabot.com/mockito/mockito/pull/2799";>mockito/mockito#2799)
   Upgrade errorprone from 2.14.0 to 2.16 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2794";>#2794)](https://github-redirect.dependabot.com/mockito/mockito/pull/2794";>mockito/mockito#2794)
   automatically detect class to mock [(https://github-redirect.dependabot.com/mockito/mockito/issues/2779";>#2779)](https://github-redirect.dependabot.com/mockito/mockito/pull/2779";>mockito/mockito#2779)
   
   v4.9.0
   Changelog generated 
by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog 
Gradle Plugin
   4.9.0
   
   2022-11-14 - https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0";>6 
commit(s) by Andrei Solntsev, Rafael Winterhalter, Rick Ossendrijver, 
dependabot[bot]
   Upgrade objenesis 3.2 -> 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2784";>#2784)](https://github-redirect.dependabot.com/mockito/mockito/pull/2784";>mockito/mockito#2784)
   Upgrade objenesis 3.2 -> 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2783";>#2783)](https://github-redirect.dependabot.com/mockito/mockito/issues/2783";>mockito/mockito#2783)
   Avoids clearing stale weak entries from critical code segments. [(https://github-redirect.dependabot.com/mockito/mockito/issues/2780";>#2780)](https://github-redirect.dependabot.com/mockito/mockito/pull/2780";>mockito/mockito#2780)
   bump gradle from 7.3.1 to 7.5.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2776";>#2776)](https://github-redirect.dependabot.com/mockito/mockito/pull/2776";>mockito/mockito#2776)
   Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2775";>#2775)](https://github-redirect.dependabot.com/mockito/mockito/pull/2775";>mockito/mockito#2775)
   Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2770";>#2770)](https://github-redirect.dependabot.com/mockito/mo

[GitHub] [httpcomponents-client] dependabot[bot] commented on pull request #396: Bump mockito-core from 4.8.1 to 4.9.0

[GitBox]

dependabot[bot] commented on PR #396:
URL: 
https://github.com/apache/httpcomponents-client/pull/396#issuecomment-1354735219

   Superseded by #402.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] dependabot[bot] closed pull request #396: Bump mockito-core from 4.8.1 to 4.9.0

[GitBox]

dependabot[bot] closed pull request #396: Bump mockito-core from 4.8.1 to 4.9.0
URL: https://github.com/apache/httpcomponents-client/pull/396


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-core] dependabot[bot] opened a new pull request, #378: Bump mockito-core from 4.8.1 to 4.10.0

[GitBox]

dependabot[bot] opened a new pull request, #378:
URL: https://github.com/apache/httpcomponents-core/pull/378

   Bumps [mockito-core](https://github.com/mockito/mockito) from 4.8.1 to 
4.10.0.
   
   Release notes
   Sourced from https://github.com/mockito/mockito/releases";>mockito-core's 
releases.
   
   v4.10.0
   Changelog generated 
by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog 
Gradle Plugin
   4.10.0
   
   2022-12-14 - https://github.com/mockito/mockito/compare/v4.9.0...v4.10.0";>13 
commit(s) by Andrei Solntsev, Andriy Redko, Andy Coates, Christopher 
Lambert, Marcono1234, Vladimir Glinskikh, dependabot[bot]
   Add new artifact mockito-subclass (to use mock-maker-subclass MockMaker) 
[(https://github-redirect.dependabot.com/mockito/mockito/issues/2821";>#2821)](https://github-redirect.dependabot.com/mockito/mockito/pull/2821";>mockito/mockito#2821)
   Bump gradle from 7.5.1 to 7.6 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2817";>#2817)](https://github-redirect.dependabot.com/mockito/mockito/pull/2817";>mockito/mockito#2817)
   Fix incorrect Javadoc inline tag for MockitoJUnitRunner [(https://github-redirect.dependabot.com/mockito/mockito/issues/2816";>#2816)](https://github-redirect.dependabot.com/mockito/mockito/pull/2816";>mockito/mockito#2816)
   Bump shipkit-auto-version from 1.2.1 to 1.2.2 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2811";>#2811)](https://github-redirect.dependabot.com/mockito/mockito/pull/2811";>mockito/mockito#2811)
   Bump com.github.ben-manes.versions from 0.42.0 to 0.44.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2810";>#2810)](https://github-redirect.dependabot.com/mockito/mockito/pull/2810";>mockito/mockito#2810)
   Bump kotlinVersion from 1.7.21 to 1.7.22 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2809";>#2809)](https://github-redirect.dependabot.com/mockito/mockito/pull/2809";>mockito/mockito#2809)
   Bump junit from 1.1.3 to 1.1.4 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2806";>#2806)](https://github-redirect.dependabot.com/mockito/mockito/pull/2806";>mockito/mockito#2806)
   Simplify MatcherApplicationStrategy [(https://github-redirect.dependabot.com/mockito/mockito/issues/2803";>#2803)](https://github-redirect.dependabot.com/mockito/mockito/pull/2803";>mockito/mockito#2803)
   Bump kotlinVersion from 1.7.10 to 1.7.21 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2801";>#2801)](https://github-redirect.dependabot.com/mockito/mockito/pull/2801";>mockito/mockito#2801)
   Bump espresso-core from 3.4.0 to 3.5.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2800";>#2800)](https://github-redirect.dependabot.com/mockito/mockito/pull/2800";>mockito/mockito#2800)
   Bump versions.bytebuddy from 1.12.16 to 1.12.19 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2799";>#2799)](https://github-redirect.dependabot.com/mockito/mockito/pull/2799";>mockito/mockito#2799)
   Upgrade errorprone from 2.14.0 to 2.16 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2794";>#2794)](https://github-redirect.dependabot.com/mockito/mockito/pull/2794";>mockito/mockito#2794)
   automatically detect class to mock [(https://github-redirect.dependabot.com/mockito/mockito/issues/2779";>#2779)](https://github-redirect.dependabot.com/mockito/mockito/pull/2779";>mockito/mockito#2779)
   
   v4.9.0
   Changelog generated 
by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog 
Gradle Plugin
   4.9.0
   
   2022-11-14 - https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0";>6 
commit(s) by Andrei Solntsev, Rafael Winterhalter, Rick Ossendrijver, 
dependabot[bot]
   Upgrade objenesis 3.2 -> 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2784";>#2784)](https://github-redirect.dependabot.com/mockito/mockito/pull/2784";>mockito/mockito#2784)
   Upgrade objenesis 3.2 -> 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2783";>#2783)](https://github-redirect.dependabot.com/mockito/mockito/issues/2783";>mockito/mockito#2783)
   Avoids clearing stale weak entries from critical code segments. [(https://github-redirect.dependabot.com/mockito/mockito/issues/2780";>#2780)](https://github-redirect.dependabot.com/mockito/mockito/pull/2780";>mockito/mockito#2780)
   bump gradle from 7.3.1 to 7.5.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2776";>#2776)](https://github-redirect.dependabot.com/mockito/mockito/pull/2776";>mockito/mockito#2776)
   Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2775";>#2775)](https://github-redirect.dependabot.com/mockito/mockito/pull/2775";>mockito/mockito#2775)
   Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2770";>#2770)](https://github-redirect.dependabot.com/mockito/mock

[GitHub] [httpcomponents-core] dependabot[bot] commented on pull request #377: Bump mockito-core from 4.8.1 to 4.9.0

[GitBox]

dependabot[bot] commented on PR #377:
URL: 
https://github.com/apache/httpcomponents-core/pull/377#issuecomment-1354866207

   Superseded by #378.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-core] dependabot[bot] closed pull request #377: Bump mockito-core from 4.8.1 to 4.9.0

[GitBox]

dependabot[bot] closed pull request #377: Bump mockito-core from 4.8.1 to 4.9.0
URL: https://github.com/apache/httpcomponents-core/pull/377


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1355099174

   OK, I gave it a shot. OIDC provider is Ping Identity and the target host 
uses Spring Security. The good news, it works with no, invalid and valid 
tokens. The following needs to be clarified:
   * The client has no chance to access response params from 
https://datatracker.ietf.org/doc/html/rfc6750#section-3
   * In logging I see: "[main] DEBUG 
org.apache.hc.client5.http.impl.auth.BearerScheme - invalid_token (Invalid 
token)". I think this misses a bit context that this actually comes from the 
target server. For my taste, it is too sparse.
   * Optional `error_uri` isn't logged for the developer. I don't know how 
valuable this information is, at least Spring Security refers to RFC 6750.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #399: Bearer auth support

[GitBox]

ok2c commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1355338254

   > The client has no chance to access response params from 
https://datatracker.ietf.org/doc/html/rfc6750#section-3
   
   @michael-o What do you mean exactly? Do you mean the client or the caller? 
The client has access to the response parameters. if you want the caller to be 
able to have access to them as well, you need to tell me how that API should 
look like. At any rate, this should be a separate change-set and not a blocker 
for this PR.
   
   >  think this misses a bit context that this actually comes from the target 
server. For my taste, it is too sparse.
   
   What additional details would you like to have? Could you please specify how 
exactly the log entry should look like for your taste?
   
   > Optional error_uri isn't logged for the developer. 
   
   That I will do.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1355593033

   > > The client has no chance to access response params from 
https://datatracker.ietf.org/doc/html/rfc6750#section-3
   > 
   > @michael-o What do you mean exactly? Do you mean the client or the caller? 
The client has access to the response parameters. if you want the caller to be 
able to have access to them as well, you need to tell me how that API should 
look like. At any rate, this should be a separate change-set and not a blocker 
for this PR.
   
   Caller. Yes, separate PR.

   > > think this misses a bit context that this actually comes from the target 
server. For my taste, it is too sparse.
   > 
   > What additional details would you like to have? Could you please specify 
how exactly the log entry should look like for your taste?
   
   I need to crunch on this...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-core] dependabot[bot] opened a new pull request, #379: Bump docker-maven-plugin from 0.31.0 to 0.40.3

[GitBox]

dependabot[bot] opened a new pull request, #379:
URL: https://github.com/apache/httpcomponents-core/pull/379

   Bumps 
[docker-maven-plugin](https://github.com/fabric8io/docker-maven-plugin) from 
0.31.0 to 0.40.3.
   
   Release notes
   Sourced from https://github.com/fabric8io/docker-maven-plugin/releases";>docker-maven-plugin's
 releases.
   
   0.40.3 (2022-12-18)
   
   image/squash option is taken into account when using buildx (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/pull/1605";>1605)
 https://github.com/kevinleturc";>@​kevinleturc
   Allow having build args with same name but different value in various 
sources, which are overriden in the order of precedence in resulting build args 
map (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1407";>1407)
 https://github.com/pavelsmolensky";>@​pavelsmolensky
   Use double for docker.cpus property and interpret this 
value in the same way as Docker config option --cpus (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/pull/1609";>1609)
 https://github.com/vjuranek";>@​vjuranek
   NPE from Assembly plugin when POM packaging is used (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1146";>1146)
 https://github.com/slawekjaranowski";>@​slawekjaranowski
   Docker pulling progress only shown after pull has completed and not in 
real-time (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1598";>1598)
 https://github.com/causalnet";>@​causalnet
   Bump org.yaml:snakeyaml to v1.32 (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/pull/1619";>1619)
 https://github.com/pen4";>@​pen4
   Bump com.google.cloud.tools:jib-core to v0.23.0 (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/pull/1620";>1620)
 https://github.com/pen4";>@​pen4
   Bump com.google.guava:guava to v31.1-jre https://github.com/rohanKanojia";>@​rohanKanojia
   
   0.40.2 (2022-07-31)
   
   Plugin doesn't abort building an image in case Podman is used and 
Dockerfile can't be processed (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1512";>1562)
 https://github.com/jh-cd";>@​jh-cd
   Bump gson from 2.8.5 to 2.8.9 (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/pull/1556";>1556)
 https://github.com/dependabot";>@​dependabot
   Build and load native platform during build goal, build and push all 
platforms during push goal (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1576";>1576)
 https://github.com/chonton";>@​chonton
   Remove buildx cache, don't delete builder instances after goal. Use 
builder instance to cache artifacts (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/pull/1579";>1579)
 https://github.com/chonton";>@​chonton
   Multiple assemblies use the name "maven". Please assign each 
assembly a unique name (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1558";>1558)
 https://github.com/tbfky";>@​tbfky
   Use https://index.docker.io/v1/ as default buildx server 
registry (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1574";>1574)
 https://github.com/chonton";>@​chonton
   When using buildx, do not force build of native platform  (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1572";>1572)
 https://github.com/chonton";>@​chonton
   
   0.40.1 (2022-06-11)
   
   buildx does not work when specifying Dockerfile location (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1562";>1562)
 https://github.com/chonton";>@​chonton
   Use buildx, set tag to current version fails if it contains 
-SNAPSHOT (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1566";>1566)
 https://github.com/chonton";>@​chonton
   
   0.40.0 (2022-05-29):
   
   Multi-architecture images using buildx (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1502";>1502)
 https://github.com/chonton";>@​chonton
   Migrate to JUnit5 and Mockito for testing (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/pull/1550";>1550)
 https://github.com/chonton";>@​chonton
   docker:stop should respect docker.skip even when 
docker.executeStopOnVMShutdown is set to true (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/pull/1561";>1561)
 https://github.com/doyleyoung";>@​doyleyoung
   Prevent concurrent access to secDispatcher during password decryption 
(https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/pull/1533";>1533)
 https://github.com/joserebelo";>@​joserebelo
   Support for docker run --sysctl parameters (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/issues/1530";>1530)
 https://github.com/jpraet";>@​jpraet
   Add missing dash to buildx --build-arg (https://github-redirect.dependabot.com/fabric8io/docker-maven-plugin/pull/1

[GitHub] [httpcomponents-client] dependabot[bot] opened a new pull request, #403: Bump mockito-core from 4.8.1 to 4.11.0

[GitBox]

dependabot[bot] opened a new pull request, #403:
URL: https://github.com/apache/httpcomponents-client/pull/403

   Bumps [mockito-core](https://github.com/mockito/mockito) from 4.8.1 to 
4.11.0.
   
   Release notes
   Sourced from https://github.com/mockito/mockito/releases";>mockito-core's 
releases.
   
   v4.11.0
   Changelog generated 
by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog 
Gradle Plugin
   4.11.0
   
   2022-12-28 - https://github.com/mockito/mockito/compare/v4.10.0...v4.11.0";>1 
commit(s) by Andy Coates
   Improve vararg handling: approach 2 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2807";>#2807)](https://github-redirect.dependabot.com/mockito/mockito/pull/2807";>mockito/mockito#2807)
   Mocking varargs method with any(String[].class) doesn't 
work as expected [(https://github-redirect.dependabot.com/mockito/mockito/issues/2796";>#2796)](https://github-redirect.dependabot.com/mockito/mockito/issues/2796";>mockito/mockito#2796)
   (Argument)Matchers regression from 1.10.19 to 2.18.3 for varargs [(https://github-redirect.dependabot.com/mockito/mockito/issues/1498";>#1498)](https://github-redirect.dependabot.com/mockito/mockito/issues/1498";>mockito/mockito#1498)
   Cannot verify varargs parameter as an array [(https://github-redirect.dependabot.com/mockito/mockito/issues/1222";>#1222)](https://github-redirect.dependabot.com/mockito/mockito/issues/1222";>mockito/mockito#1222)
   ArgumentCaptor can't capture varargs-arrays [(https://github-redirect.dependabot.com/mockito/mockito/issues/584";>#584)](https://github-redirect.dependabot.com/mockito/mockito/issues/584";>mockito/mockito#584)
   Verification of an empty varargs call fails when isNotNull() is used 
[(https://github-redirect.dependabot.com/mockito/mockito/issues/567";>#567)](https://github-redirect.dependabot.com/mockito/mockito/issues/567";>mockito/mockito#567)
   
   v4.10.0
   Changelog generated 
by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog 
Gradle Plugin
   4.10.0
   
   2022-12-14 - https://github.com/mockito/mockito/compare/v4.9.0...v4.10.0";>13 
commit(s) by Andrei Solntsev, Andriy Redko, Andy Coates, Christopher 
Lambert, Marcono1234, Vladimir Glinskikh, dependabot[bot]
   Add new artifact mockito-subclass (to use mock-maker-subclass MockMaker) 
[(https://github-redirect.dependabot.com/mockito/mockito/issues/2821";>#2821)](https://github-redirect.dependabot.com/mockito/mockito/pull/2821";>mockito/mockito#2821)
   Bump gradle from 7.5.1 to 7.6 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2817";>#2817)](https://github-redirect.dependabot.com/mockito/mockito/pull/2817";>mockito/mockito#2817)
   Fix incorrect Javadoc inline tag for MockitoJUnitRunner [(https://github-redirect.dependabot.com/mockito/mockito/issues/2816";>#2816)](https://github-redirect.dependabot.com/mockito/mockito/pull/2816";>mockito/mockito#2816)
   Bump shipkit-auto-version from 1.2.1 to 1.2.2 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2811";>#2811)](https://github-redirect.dependabot.com/mockito/mockito/pull/2811";>mockito/mockito#2811)
   Bump com.github.ben-manes.versions from 0.42.0 to 0.44.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2810";>#2810)](https://github-redirect.dependabot.com/mockito/mockito/pull/2810";>mockito/mockito#2810)
   Bump kotlinVersion from 1.7.21 to 1.7.22 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2809";>#2809)](https://github-redirect.dependabot.com/mockito/mockito/pull/2809";>mockito/mockito#2809)
   Bump junit from 1.1.3 to 1.1.4 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2806";>#2806)](https://github-redirect.dependabot.com/mockito/mockito/pull/2806";>mockito/mockito#2806)
   Simplify MatcherApplicationStrategy [(https://github-redirect.dependabot.com/mockito/mockito/issues/2803";>#2803)](https://github-redirect.dependabot.com/mockito/mockito/pull/2803";>mockito/mockito#2803)
   Bump kotlinVersion from 1.7.10 to 1.7.21 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2801";>#2801)](https://github-redirect.dependabot.com/mockito/mockito/pull/2801";>mockito/mockito#2801)
   Bump espresso-core from 3.4.0 to 3.5.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2800";>#2800)](https://github-redirect.dependabot.com/mockito/mockito/pull/2800";>mockito/mockito#2800)
   Bump versions.bytebuddy from 1.12.16 to 1.12.19 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2799";>#2799)](https://github-redirect.dependabot.com/mockito/mockito/pull/2799";>mockito/mockito#2799)
   Upgrade errorprone from 2.14.0 to 2.16 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2794";>#2794)](https://github-redirect.dependabot.com/mockito/mockito/pull/2794";>mockito/mockito#2794)
   automatically detect class to mock [(https://github-redirect.dependabot.com/mockito/mockito/issues/2779";>#2779)](https://github-redirect.dependabot.c

[GitHub] [httpcomponents-client] dependabot[bot] commented on pull request #402: Bump mockito-core from 4.8.1 to 4.10.0

[GitBox]

dependabot[bot] commented on PR #402:
URL: 
https://github.com/apache/httpcomponents-client/pull/402#issuecomment-1367907720

   Superseded by #403.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] dependabot[bot] closed pull request #402: Bump mockito-core from 4.8.1 to 4.10.0

[GitBox]

dependabot[bot] closed pull request #402: Bump mockito-core from 4.8.1 to 4.10.0
URL: https://github.com/apache/httpcomponents-client/pull/402


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-core] dependabot[bot] commented on pull request #378: Bump mockito-core from 4.8.1 to 4.10.0

[GitBox]

dependabot[bot] commented on PR #378:
URL: 
https://github.com/apache/httpcomponents-core/pull/378#issuecomment-1367934975

   Superseded by #380.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-core] dependabot[bot] opened a new pull request, #380: Bump mockito-core from 4.8.1 to 4.11.0

[GitBox]

dependabot[bot] opened a new pull request, #380:
URL: https://github.com/apache/httpcomponents-core/pull/380

   Bumps [mockito-core](https://github.com/mockito/mockito) from 4.8.1 to 
4.11.0.
   
   Release notes
   Sourced from https://github.com/mockito/mockito/releases";>mockito-core's 
releases.
   
   v4.11.0
   Changelog generated 
by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog 
Gradle Plugin
   4.11.0
   
   2022-12-28 - https://github.com/mockito/mockito/compare/v4.10.0...v4.11.0";>1 
commit(s) by Andy Coates
   Improve vararg handling: approach 2 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2807";>#2807)](https://github-redirect.dependabot.com/mockito/mockito/pull/2807";>mockito/mockito#2807)
   Mocking varargs method with any(String[].class) doesn't 
work as expected [(https://github-redirect.dependabot.com/mockito/mockito/issues/2796";>#2796)](https://github-redirect.dependabot.com/mockito/mockito/issues/2796";>mockito/mockito#2796)
   (Argument)Matchers regression from 1.10.19 to 2.18.3 for varargs [(https://github-redirect.dependabot.com/mockito/mockito/issues/1498";>#1498)](https://github-redirect.dependabot.com/mockito/mockito/issues/1498";>mockito/mockito#1498)
   Cannot verify varargs parameter as an array [(https://github-redirect.dependabot.com/mockito/mockito/issues/1222";>#1222)](https://github-redirect.dependabot.com/mockito/mockito/issues/1222";>mockito/mockito#1222)
   ArgumentCaptor can't capture varargs-arrays [(https://github-redirect.dependabot.com/mockito/mockito/issues/584";>#584)](https://github-redirect.dependabot.com/mockito/mockito/issues/584";>mockito/mockito#584)
   Verification of an empty varargs call fails when isNotNull() is used 
[(https://github-redirect.dependabot.com/mockito/mockito/issues/567";>#567)](https://github-redirect.dependabot.com/mockito/mockito/issues/567";>mockito/mockito#567)
   
   v4.10.0
   Changelog generated 
by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog 
Gradle Plugin
   4.10.0
   
   2022-12-14 - https://github.com/mockito/mockito/compare/v4.9.0...v4.10.0";>13 
commit(s) by Andrei Solntsev, Andriy Redko, Andy Coates, Christopher 
Lambert, Marcono1234, Vladimir Glinskikh, dependabot[bot]
   Add new artifact mockito-subclass (to use mock-maker-subclass MockMaker) 
[(https://github-redirect.dependabot.com/mockito/mockito/issues/2821";>#2821)](https://github-redirect.dependabot.com/mockito/mockito/pull/2821";>mockito/mockito#2821)
   Bump gradle from 7.5.1 to 7.6 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2817";>#2817)](https://github-redirect.dependabot.com/mockito/mockito/pull/2817";>mockito/mockito#2817)
   Fix incorrect Javadoc inline tag for MockitoJUnitRunner [(https://github-redirect.dependabot.com/mockito/mockito/issues/2816";>#2816)](https://github-redirect.dependabot.com/mockito/mockito/pull/2816";>mockito/mockito#2816)
   Bump shipkit-auto-version from 1.2.1 to 1.2.2 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2811";>#2811)](https://github-redirect.dependabot.com/mockito/mockito/pull/2811";>mockito/mockito#2811)
   Bump com.github.ben-manes.versions from 0.42.0 to 0.44.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2810";>#2810)](https://github-redirect.dependabot.com/mockito/mockito/pull/2810";>mockito/mockito#2810)
   Bump kotlinVersion from 1.7.21 to 1.7.22 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2809";>#2809)](https://github-redirect.dependabot.com/mockito/mockito/pull/2809";>mockito/mockito#2809)
   Bump junit from 1.1.3 to 1.1.4 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2806";>#2806)](https://github-redirect.dependabot.com/mockito/mockito/pull/2806";>mockito/mockito#2806)
   Simplify MatcherApplicationStrategy [(https://github-redirect.dependabot.com/mockito/mockito/issues/2803";>#2803)](https://github-redirect.dependabot.com/mockito/mockito/pull/2803";>mockito/mockito#2803)
   Bump kotlinVersion from 1.7.10 to 1.7.21 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2801";>#2801)](https://github-redirect.dependabot.com/mockito/mockito/pull/2801";>mockito/mockito#2801)
   Bump espresso-core from 3.4.0 to 3.5.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2800";>#2800)](https://github-redirect.dependabot.com/mockito/mockito/pull/2800";>mockito/mockito#2800)
   Bump versions.bytebuddy from 1.12.16 to 1.12.19 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2799";>#2799)](https://github-redirect.dependabot.com/mockito/mockito/pull/2799";>mockito/mockito#2799)
   Upgrade errorprone from 2.14.0 to 2.16 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2794";>#2794)](https://github-redirect.dependabot.com/mockito/mockito/pull/2794";>mockito/mockito#2794)
   automatically detect class to mock [(https://github-redirect.dependabot.com/mockito/mockito/issues/2779";>#2779)](https://github-redirect.dependabot.com

[GitHub] [httpcomponents-core] dependabot[bot] closed pull request #378: Bump mockito-core from 4.8.1 to 4.10.0

[GitBox]

dependabot[bot] closed pull request #378: Bump mockito-core from 4.8.1 to 4.10.0
URL: https://github.com/apache/httpcomponents-core/pull/378


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] alturkovic opened a new pull request, #404: feature(SSLConnectionSocketFactory): Pass HttpContext to prepareSocket method

[GitBox]

alturkovic opened a new pull request, #404:
URL: https://github.com/apache/httpcomponents-client/pull/404

   Some implementations might depend on a variable present in the `HttpContext` 
which is available in most other methods.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #404: feature(SSLConnectionSocketFactory): Pass HttpContext to prepareSocket method

[GitBox]

ok2c commented on PR #404:
URL: 
https://github.com/apache/httpcomponents-client/pull/404#issuecomment-1370957675

   @alturkovic The change-set breaks backward compatibility with 5.0 APIs. 
   
   By the way, one may be better off writing a custom 
`SSLConnectionSocketFactory` instead of trying to make the default one work in 
all specific cases.
   
   ```
   [INFO] BUILD FAILURE
   [INFO] 

   [INFO] Total time:  46.847 s
   [INFO] Finished at: 2023-01-04T13:46:47Z
   [INFO] 

   Error:  Failed to execute goal 
com.github.siom79.japicmp:japicmp-maven-plugin:0.16.0:cmp (default) on project 
httpclient5: There is at least one incompatibility: 
org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory.prepareSocket(javax.net.ssl.SSLSocket):METHOD_REMOVED
 -> [Help 1]
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] alturkovic commented on pull request #404: feature(SSLConnectionSocketFactory): Pass HttpContext to prepareSocket method

[GitBox]

alturkovic commented on PR #404:
URL: 
https://github.com/apache/httpcomponents-client/pull/404#issuecomment-1370959011

   @ok2c Oops, added the method back. I understand, I just thought that having 
`HttpContext` available by default made sense.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #404: feature(SSLConnectionSocketFactory): Pass HttpContext to prepareSocket method

[GitBox]

ok2c commented on PR #404:
URL: 
https://github.com/apache/httpcomponents-client/pull/404#issuecomment-1370961882

   @alturkovic Please deprecate the old method in favor of the new one.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #404: feature(SSLConnectionSocketFactory): Pass HttpContext to prepareSocket method

[GitBox]

ok2c commented on PR #404:
URL: 
https://github.com/apache/httpcomponents-client/pull/404#issuecomment-1370975027

   @alturkovic Great. But please do it nicely and suppress deprecation warnings 
in the new method.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] alturkovic commented on pull request #404: feature(SSLConnectionSocketFactory): Pass HttpContext to prepareSocket method

[GitBox]

alturkovic commented on PR #404:
URL: 
https://github.com/apache/httpcomponents-client/pull/404#issuecomment-1370980479

   Sorry, I do not know what you mean by that, I took a look how other methods 
are deprecated (i.e.: 
`org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder#setTlsDetailsFactory`) 
and I do not see any suppressions? Would you mind explaining a bit more what 
needs to be done? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #404: feature(SSLConnectionSocketFactory): Pass HttpContext to prepareSocket method

[GitBox]

ok2c commented on PR #404:
URL: 
https://github.com/apache/httpcomponents-client/pull/404#issuecomment-1370987346

   @alturkovic Please add `@SuppressWarnings("deprecation")` annotation to the 
new method.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c merged pull request #404: feature(SSLConnectionSocketFactory): Pass HttpContext to prepareSocket method

[GitBox]

ok2c merged PR #404:
URL: https://github.com/apache/httpcomponents-client/pull/404


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-core] ok2c merged pull request #380: Bump mockito-core from 4.8.1 to 4.11.0

[GitBox]

ok2c merged PR #380:
URL: https://github.com/apache/httpcomponents-core/pull/380


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #399: Bearer auth support

[GitBox]

ok2c commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1374431955

   @michael-o Out of curiosity, how long do you intend to block this PR?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1374432854

   > @michael-o Out of curiosity, how long do you intend to block this PR?
   
   ??? There are still unresolved issues:
   * `toString()` unnecessarily exposes the token
   * `error_uri` is not passed


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #399: Bearer auth support

[GitBox]

ok2c commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1374436754

   > > @michael-o Out of curiosity, how long do you intend to block this PR?
   > 
   > ??? There are still unresolved issues:
   > 
   
   Issues?
   
   > * `toString()` unnecessarily exposes the token
   > 
   
   Why is this an issue, let alone a blocker?
   
   > * `error_uri` is not passed
   
   Why is this an issue? Is there a MUST or SHOULD requirement? This is merely 
logging, which I am happy to tweak to your personal liking, but I still do not 
know _how_ exactly you want log entries to look like. 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1374437550

   > > > @michael-o Out of curiosity, how long do you intend to block this PR?
   > > 
   > > 
   > > ??? There are still unresolved issues:
   > 
   > Issues?
   > 
   > > ```
   > > * `toString()` unnecessarily exposes the token
   > > ```
   > 
   > Why is this an issue, let alone a blocker?
   
   I bet there will be clowns complaining about this. I never wrote that this 
is a blocker.
   
   > > ```
   > > * `error_uri` is not passed
   > > ```
   > 
   > Why is this an issue? Is there a MUST or SHOULD requirement? This is 
merely logging, which I am happy to tweak to your personal liking, but I still 
do not know _how_ exactly you want log entries to look like.
   
   Look at your answer here: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1355338254
   
   You wrote: I will do.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #399: Bearer auth support

[GitBox]

ok2c commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-137876

   > > Why is this an issue, let alone a blocker?
   > 
   > I bet there will be clowns complaining about this. I never wrote that this 
is a blocker.
   >
   
   OK. This I can understand.

   > Look at your answer here: [#399 
(comment)](https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1355338254)
   > 
   > You wrote: I will do.
   
   Sure, I will, but I need to know _how_ it should look like.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] michael-o commented on pull request #399: Bearer auth support

[GitBox]

michael-o commented on PR #399:
URL: 
https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1374477027

   > > > Why is this an issue, let alone a blocker?
   > > 
   > > 
   > > I bet there will be clowns complaining about this. I never wrote that 
this is a blocker.
   > 
   > OK. This I can understand.
   > 
   > > Look at your answer here: [#399 
(comment)](https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1355338254)
   > > You wrote: I will do.
   > 
   > Sure, I will, but I need to know _how_ it should look like.
   
   I believe it can be added here: 
https://github.com/apache/httpcomponents-client/pull/399/files#diff-7a1d150c72f302b07cf402857b31bc209747308f250ef752f38bdc51472ffe48R101-R110
   
   Maybe: `{error} ({error_description}; `{error_uri}`)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[GitHub] [httpcomponents-client] MartinWitt opened a new pull request, #405: refactor: refactor bad smell InnerClassMayBeStatic

[GitBox]

MartinWitt opened a new pull request, #405:
URL: https://github.com/apache/httpcomponents-client/pull/405

   # Repairing Code Style Issues
   
   ## InnerClassMayBeStatic
   Inner classes that do not reference their enclosing instances can be made 
static.
   This prevents a common cause of memory leaks and uses less memory per 
instance of the class.
   
   
   
   
   # Repairing Code Style Issues
   * InnerClassMayBeStatic (3)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org