remove javax.servlet-api dependency
I want to use this library but not in a servlet container.
When search javax.servlet
, I found only com.nimbusds.oauth2.sdk.http.{HTTPRequest, HTTPResponse} depend on servlet-api and the dependency is only to:
-
construct HTTPRequest from
javax.servlet.http.HttpServletRequest
the constructors is used only in test code -
apply HTTPResponse to a
javax.servlet.http.HttpServletResponse
the methodapplyTo
is also used only in test code.
Question:
Can you remove javax.servlet-api dependency (make the dependency optional) by moving the dependent HTTPRequest's constructors & HTTPResponse.applyTo method into a separate class?
Thank you!
Comments (5)
-
-
- changed status to open
-
- changed status to resolved
Done in commit 2da38b1. Should be released later today as v4.14 to Maven Central.
Cheers,
-
This change breaks the backward compatibility of the sdk, for e.g. in our projects we have about 15 parts to change. If a public method is only used in test code, this doesn't forbids the use of this methods in our applications.
For e.g. fluently code like this:
new TokenErrorResponse(OAuth2Error.UNSUPPORTED_GRANT_TYPE) .toHTTPResponse() .applyTo(servletResponse);
has to be changed to
ServletUtils.applyHTTPResponse( new TokenErrorResponse(OAuth2Error.UNSUPPORTED_GRANT_TYPE).toHTTPResponse(), servletResponse);
And this for all Response types.
Hopefully the SDK will remain more stable in the future and has not be changed for only one user request.
-
Point taken :)
It's not always easy to strike a balance between keeping the code stable and improving / refactoring the code base.
- Log in to comment
Thanks for the suggestion. The servlet dependency is indeed more of an option. We'll mark this for the next release.