2

I am trying to use httpclient5 with connection pooling. Below are some of the points mentioned in documentation:

CloseableHttpClient instances should be closed when no longer needed or about to go out of score.

IMPORTANT: Always re-use CloseableHttpClient instances. They are expensive to create, but they are also fully thread safe, so multiple threads can use the same instance of CloseableHttpClient to execute multiple requests concurrently taking full advantage of persistent connection re-use and connection pooling.

I feel both of them feels contradictory. How should I proceed with this? Also in case if I am reusing CloseableHttpClient instances how can I change credentials for different requests which uses same client?

Roman C
  • 49,761
  • 33
  • 66
  • 176
ketan
  • 23
  • 3

2 Answers2

0

the points are not contradicting, creating a new instance of CloseableHttpClient is expensive, but it is also fully thread-safe, so multiple threads can use the same instance of CloseableHttpClient to execute multiple requests concurrently.

To change credentials for different requests that use the same client, you can use the CredentialsProvider class to manage your credentials.

import org.apache.http.auth.AuthScope
import org.apache.http.auth.UsernamePasswordCredentials
import org.apache.http.client.CredentialsProvider
import org.apache.http.impl.client.BasicCredentialsProvider
import org.apache.http.impl.client.CloseableHttpClient
import org.apache.http.impl.client.HttpClients

# Create a credentials provider and set the credentials for a specific AuthScope
creds_provider = BasicCredentialsProvider()
creds_provider.set_credentials(AuthScope("localhost", 8080), UsernamePasswordCredentials("user1", "password1"))

# Create an HttpClientBuilder and set the credentials provider
http_client_builder = HttpClients.custom().setDefaultCredentialsProvider(creds_provider)

# Build the CloseableHttpClient instance
http_client = http_client_builder.build()

# Use the CloseableHttpClient instance to execute your requests
response1 = http_client.execute(request1)
response2 = http_client.execute(request2)

# Set different credentials for a different AuthScope
creds_provider.set_credentials(AuthScope("localhost", 8081), UsernamePasswordCredentials("user2", "password2"))

# Use the same CloseableHttpClient instance to execute another request with different credentials
response3 = http_client.execute(request3)
nischal sharma
  • 479
  • 1
  • 14
  • This does not look thread-safe at all just swapping out credentials on the fly that allegedly are being used by a client that is used by multiple threads at the same time. I say allegedly because I'm not going to dig into how the builder distributes that credentials provider to the clients it builds. – Gimby Jul 26 '23 at 10:46
0

depends on your auth type... for e.g. basic auth just set the header manually for each request

final HttpGet request = new HttpGet(URL_SECURED_BY_BASIC_AUTHENTICATION);
final String auth = DEFAULT_USER + ":" + DEFAULT_PASS;
final byte[] encodedAuth = Base64.encodeBase64(auth.getBytes(StandardCharsets.ISO_8859_1));
final String authHeader = "Basic " + new String(encodedAuth);
request.setHeader(HttpHeaders.AUTHORIZATION, authHeader);

https://www.baeldung.com/httpclient-basic-authentication

Marc Stroebel
  • 2,295
  • 1
  • 12
  • 21