Feature/integrate http tooling#82
Conversation
There was a problem hiding this comment.
Hello @cuioss, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
Summary of Changes
gemini-code-assist here, providing a summary of this pull request. The primary goal of this PR, as indicated by the title, is to integrate new HTTP tooling into the library. This involves adding utilities for handling HTTP requests, status codes, and secure SSL contexts, leveraging the modern java.net.http.HttpClient. The changes introduce a new package de.cuioss.tools.net.http containing the core components. Additionally, there are minor updates to the build configuration and some internal refactoring of builder patterns in string utility classes.
Highlights
- New HTTP Utilities: Introduced a new package
de.cuioss.tools.net.httpcontainingHttpHandler(a wrapper forjava.net.http.HttpClientwith builder-based configuration),HttpStatusFamily(an enum for categorizing HTTP status codes), andSecureSSLContextProvider(for managing secure SSL contexts and enforcing modern TLS versions). - Secure SSL Context Handling: The
SecureSSLContextProviderensures that HTTPS connections default to using secure TLS versions (TLS 1.2, TLS 1.3) and provides a mechanism to validate or create secureSSLContextinstances. - HTTP Request Handling: The
HttpHandlerprovides a convenient builder for configuring HTTP requests (URI, timeout, SSL context) and includes utility methods likepingHeadandpingGet. - String Utility Builder Refactoring: Replaced the Lombok
@Builderannotation with custom static builder inner classes forJoinerConfigandSplitterConfig. This change appears to be an internal refactoring of how these configuration objects are built. - Module Info and Dependencies: Updated
module-info.javato requirejava.net.httpand export the newde.cuioss.tools.net.httppackage. Thepom.xmlwas updated to a new parent version and changed the scope ofjakarta.annotation-api. - Comprehensive Unit Tests: Added new unit tests covering the functionality of
HttpHandler,HttpStatusFamily, andSecureSSLContextProvider.
Changelog
Click here to see the changelog
- README.adoc
- Added documentation section for the new
de.cuioss.tools.netutilities, includinghttpandsslsub-sections, listing the new classes.
- Added documentation section for the new
- pom.xml
- Updated parent artifact version from
1.0.1to1.0.2. - Changed the scope of the
jakarta.annotation-apidependency fromtesttoprovided.
- Updated parent artifact version from
- src/main/java/de/cuioss/tools/net/http/HttpHandler.java
- Added new class
HttpHandlerfor wrappingjava.net.http.HttpClient, providing a builder for configuration (URI, timeout, SSL context) and methods for executing requests likepingHeadandpingGet.
- Added new class
- src/main/java/de/cuioss/tools/net/http/HttpStatusFamily.java
- Added new enum
HttpStatusFamilyto represent HTTP status code families (1xx, 2xx, 3xx, 4xx, 5xx, UNKNOWN) with utility methods for checking status codes.
- Added new enum
- src/main/java/de/cuioss/tools/net/http/SecureSSLContextProvider.java
- Added new class
SecureSSLContextProviderto provide and manage secureSSLContextinstances, enforcing minimum TLS versions (TLS 1.2, 1.3) and rejecting insecure ones.
- Added new class
- src/main/java/de/cuioss/tools/net/http/package-info.java
- Added package documentation for
de.cuioss.tools.net.http.
- Added package documentation for
- src/main/java/de/cuioss/tools/net/package-info.java
- Updated package documentation for
de.cuioss.tools.netto include the new HTTP utilities.
- Updated package documentation for
- src/main/java/de/cuioss/tools/string/JoinerConfig.java
- Replaced Lombok's
@Builderannotation with a manually defined staticBuilderinner class and staticbuilder()method. - Updated the
copy()method to use the new custom builder.
- Replaced Lombok's
- src/main/java/de/cuioss/tools/string/SplitterConfig.java
- Replaced Lombok's
@Builderannotation with a manually defined staticBuilderinner class and staticbuilder()method. - Updated the
copy()method to use the new custom builder.
- Replaced Lombok's
- src/main/java/module-info.java
- Added
requires java.net.http;. - Exported the new package
de.cuioss.tools.net.http.
- Added
- src/test/java/de/cuioss/tools/net/http/HttpHandlerTest.java
- Added new unit tests for the
HttpHandlerclass.
- Added new unit tests for the
- src/test/java/de/cuioss/tools/net/http/HttpStatusFamilyTest.java
- Added new unit tests for the
HttpStatusFamilyenum.
- Added new unit tests for the
- src/test/java/de/cuioss/tools/net/http/SecureSSLContextProviderTest.java
- Added new unit tests for the
SecureSSLContextProviderclass.
- Added new unit tests for the
- src/test/java/de/cuioss/tools/net/ssl/KeyMaterialHolderTest.java
- Updated the assertion message in a test case for
NullPointerException.
- Updated the assertion message in a test case for
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Status codes fly,
Two hundred means all is well,
Four hundred, client error.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request introduces a comprehensive suite of HTTP tooling, including HttpHandler for making requests, HttpStatusFamily for interpreting status codes, and SecureSSLContextProvider for managing SSL/TLS settings. The new additions are well-documented and come with extensive unit tests, which is commendable.
The refactoring of JoinerConfig and SplitterConfig to utilize manual builders instead of Lombok's @Builder has also been noted. This change seems to be implemented correctly and maintains the existing functionality, with SplitterConfig.copy() now correctly including the pattern.
Overall, the changes are a significant enhancement to the library. I have a couple of minor points for consideration.
Summary of Findings
- SSLContext for non-HTTPS URIs in HttpHandler: HttpHandler's
createHttpClientmethod configures the HttpClient with an SSLContext even for plain HTTP URIs if one is available. This is unusual and could be clarified or reconsidered. - Copyright Year: The copyright year in
SecureSSLContextProvider.javais set to 2025, which seems to be a future date. It should likely be the current year. - Improved Exception Message: The exception message in
KeyMaterialHolderTestcould be improved by including the parameter name.
Merge Readiness
The pull request is in good shape and adds valuable functionality. There are a couple of medium-severity points raised in the review comments that would be good to address or clarify. Once these are considered, the PR should be ready for merging. As an AI reviewer, I am not authorized to approve pull requests; please ensure further review and approval by authorized maintainers.
… assertion message
|
## Summary Instruments CodeQL scanning and surfaces its status, mirroring cui-http PR #82 (F-16). - **`.github/workflows/codeql.yml`** — delegates to the `cuioss-organization` reusable CodeQL workflow (`reusable-codeql.yml @ v0.7.0`, the same pinned ref this repo already uses for `maven.yml`/`release.yml`). Triggers on push/PR to `main` and a weekly schedule. `languages: java`, `build-mode: none` (source analysis — no Maven build needed for this zero-dependency library). The reusable workflow fixes the query suite to `+security-and-quality` org-wide. - **README badge** — adds a CodeQL status badge to the Status section, in the existing badge style, next to the Maven CI badge. ## Verification - Confirmed `cuioss/cuioss-organization/.github/workflows/reusable-codeql.yml` exists at the pinned `v0.7.0` SHA. - YAML/AsciiDoc-only change; no sources touched. Co-authored-by: Oliver Wolff <23139298+cuioss@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>



No description provided.