make replacement of cxf easier

[schabe77]

Hi,

I try to get rid of BingAds's cxf dependencies.
CXF is not a good product. it's not thread safe, I get these exceptions from time to time:

Interceptor for {https://reporting.api.bingads.microsoft.com/Reporting/v13}WebClient has thrown exception, unwin
ding now
org.apache.cxf.interceptor.Fault: null
        at org.apache.cxf.jaxrs.client.WebClient$BodyWriter.doWriteBody(WebClient.java:1227)
        at org.apache.cxf.jaxrs.client.AbstractClient$AbstractBodyWriter.handleMessage(AbstractClient.java:1223)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
        at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:710)
        at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1085)
        at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:931)
        at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:900)
        at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:460)
        at org.apache.cxf.jaxrs.client.SyncInvokerImpl.method(SyncInvokerImpl.java:150)
        at org.apache.cxf.jaxrs.client.SyncInvokerImpl.method(SyncInvokerImpl.java:145)
        at org.apache.cxf.jaxrs.client.SyncInvokerImpl.post(SyncInvokerImpl.java:85)
        at org.apache.cxf.jaxrs.client.spec.InvocationBuilderImpl.post(InvocationBuilderImpl.java:152)
        at com.microsoft.bingads.internal.restful.RestfulServiceClient.getResponseInfo(RestfulServiceClient.java:182)
        at com.microsoft.bingads.internal.restful.ReportingService.sendRequest(ReportingService.java:58)
        at com.microsoft.bingads.internal.restful.ReportingService.submitGenerateReport(ReportingService.java:89)
       ...
Caused by: java.util.ConcurrentModificationException: null
        at java.base/java.util.ArrayList$Itr.checkForComodification(ArrayList.java:1096)
        at java.base/java.util.ArrayList$Itr.next(ArrayList.java:1050)
        at org.apache.cxf.jaxrs.provider.ProviderFactory.createMessageBodyWriter(ProviderFactory.java:570)
        at org.apache.cxf.jaxrs.provider.ProviderFactory.createMessageBodyWriterInterceptor(ProviderFactory.java:465)
        at org.apache.cxf.jaxrs.client.AbstractClient.writeBody(AbstractClient.java:519)
        at org.apache.cxf.jaxrs.client.WebClient$BodyWriter.doWriteBody(WebClient.java:1222)
        ... 28 common frames omitted

and with the version 4.0.2 it also includes a vulnerability: CVE-2024-28752 8.3 Transitive Server-Side Request Forgery (SSRF) vulnerability with High severity found

I tried to exclude all artifacts of group org.apache.cxf and to use jersey instead. Unfortunately that doesn't work, because com.microsoft.bingads.HttpClientProviderhas direct (GZIPFeature) and indirect (CxfUtils) dependencies to CXF, which leads (when using spring) to

Caused by: java.lang.IllegalStateException: Failed to introspect Class [com.microsoft.bingads.HttpClientProvider] from ClassLoader [jdk.internal.loader.ClassLoaders$AppClassLoader@4e0e2f2a]
	at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:483)
	at org.springframework.util.ReflectionUtils.doWithLocalMethods(ReflectionUtils.java:320)
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.checkLookupMethods(AutowiredAnnotationBeanPostProcessor.java:476)
	... 14 more
Caused by: java.lang.NoClassDefFoundError: org/apache/cxf/ext/logging/LoggingFeature
	at java.base/java.lang.Class.getDeclaredMethods0(Native Method)
	at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3578)
	at java.base/java.lang.Class.getDeclaredMethods(Class.java:2676)
	at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:465)
	... 16 more
Caused by: java.lang.ClassNotFoundException: org.apache.cxf.ext.logging.LoggingFeature
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
	... 20 more

I would be great, if you could get rid of the cxf-references at HttpClientProvider, so it's possible to remove all cxf dependencies

[schabe77]

I created an example implementation that works with my setup: schabe77@c27bb64

In this implementation cxf dependencies are only referenced in CxfHttpClientProviderthat is never used when cxf is not in the classpath.

This implementation is also able to shutdown the client, what is good for jersey: jersey creates a thread "jersey-client-async-executor". When the client is not shut down properly this thread prevents the jvm shutdown for a while.

This is the class that I could use as my own implementation of a HttpClientProvider:

@Component
@Lazy(false)
public class MyJerseyHttpClientProvider extends JerseyHttpClientProvider {

    MyJerseyHttpClientProvider() {
        super(JerseyClientBuilder.newBuilder().register(LoggingFeature.builder()
                        .verbosity(Verbosity.PAYLOAD_ANY)
                        .level(Level.FINE)
                        .withLogger(Logger.getLogger(MyJerseyHttpClientProvider.class.getName()))
                        .build())
                .register(GZipEncoder.class)
                .register(DeflateEncoder.class)
                .register(EncodingFilter.class));
    }

    @PostConstruct
    public void init() {
        GlobalSettings.setHttpClientProvider(this);
    }

    @PreDestroy
    public void destroy() {
        close();
    }
}