From 552521669952fc097670f830438726a0c2f81556 Mon Sep 17 00:00:00 2001
From: Sergi Philipsen <philipsen.sergi@gmail.com>
Date: Wed, 5 Jul 2023 06:15:47 +0200
Subject: [PATCH] revert: cherry pick old custom classes and remove new ones

---
 Dockerfile                                    |   1 -
 .../adapterframework/http/HttpSenderBase.java | 751 ++++++++++++++++--
 .../http/HttpSenderBase.java-orig             | 750 +++++++++++++++--
 .../http/HttpSessionBase.java                 | 748 -----------------
 .../http/HttpSessionBase.java-orig            | 741 -----------------
 5 files changed, 1338 insertions(+), 1653 deletions(-)
 delete mode 100644 java/nl/nn/adapterframework/http/HttpSessionBase.java
 delete mode 100644 java/nl/nn/adapterframework/http/HttpSessionBase.java-orig

diff --git a/Dockerfile b/Dockerfile
index 4ea9d50..0587eb4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,6 @@ COPY --chown=tomcat lib/server/ /usr/local/tomcat/lib/
 COPY --chown=tomcat java /tmp/java
 RUN javac \
       /tmp/java/nl/nn/adapterframework/http/HttpSenderBase.java \
-      /tmp/java/nl/nn/adapterframework/http/HttpSessionBase.java \
       -classpath "/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/*:/usr/local/tomcat/lib/*" \
       -verbose -d /usr/local/tomcat/webapps/ROOT/WEB-INF/classes
 RUN rm -rf /tmp/java
diff --git a/java/nl/nn/adapterframework/http/HttpSenderBase.java b/java/nl/nn/adapterframework/http/HttpSenderBase.java
index bc64bce..86823fc 100644
--- a/java/nl/nn/adapterframework/http/HttpSenderBase.java
+++ b/java/nl/nn/adapterframework/http/HttpSenderBase.java
@@ -21,46 +21,81 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URLEncoder;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
 import java.util.StringTokenizer;
+import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.HostnameVerifier;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.TransformerConfigurationException;
 
 import org.apache.commons.lang3.StringUtils;
+import org.apache.http.HttpHost;
 import org.apache.http.HttpResponse;
 import org.apache.http.MethodNotSupportedException;
 import org.apache.http.StatusLine;
+import org.apache.http.auth.AuthProtocolState;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.AuthState;
+import org.apache.http.auth.Credentials;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.AuthCache;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.client.config.AuthSchemes;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.client.config.RequestConfig.Builder;
 import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.entity.ContentType;
+import org.apache.http.impl.auth.BasicScheme;
+import org.apache.http.impl.client.BasicAuthCache;
+import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.DefaultRedirectStrategy;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
 
 import lombok.Getter;
-import lombok.Setter;
 import nl.nn.adapterframework.configuration.ConfigurationException;
 import nl.nn.adapterframework.configuration.ConfigurationWarning;
-import nl.nn.adapterframework.core.CanUseSharedResource;
 import nl.nn.adapterframework.core.HasPhysicalDestination;
-import nl.nn.adapterframework.core.ISenderWithParameters;
 import nl.nn.adapterframework.core.ParameterException;
 import nl.nn.adapterframework.core.PipeLineSession;
 import nl.nn.adapterframework.core.Resource;
 import nl.nn.adapterframework.core.SenderException;
 import nl.nn.adapterframework.core.SenderResult;
 import nl.nn.adapterframework.core.TimeoutException;
+import nl.nn.adapterframework.encryption.AuthSSLContextFactory;
+import nl.nn.adapterframework.encryption.HasKeystore;
+import nl.nn.adapterframework.encryption.HasTruststore;
 import nl.nn.adapterframework.encryption.KeystoreType;
+import nl.nn.adapterframework.http.authentication.AuthenticationScheme;
+import nl.nn.adapterframework.http.authentication.HttpAuthenticationException;
+import nl.nn.adapterframework.http.authentication.OAuthAccessTokenManager;
+import nl.nn.adapterframework.http.authentication.OAuthAuthenticationScheme;
+import nl.nn.adapterframework.http.authentication.OAuthPreferringAuthenticationStrategy;
 import nl.nn.adapterframework.parameters.Parameter;
-import nl.nn.adapterframework.parameters.ParameterList;
 import nl.nn.adapterframework.parameters.ParameterValue;
 import nl.nn.adapterframework.parameters.ParameterValueList;
+import nl.nn.adapterframework.senders.SenderWithParametersBase;
 import nl.nn.adapterframework.stream.Message;
 import nl.nn.adapterframework.task.TimeoutGuard;
 import nl.nn.adapterframework.util.AppConstants;
 import nl.nn.adapterframework.util.ClassUtils;
+import nl.nn.adapterframework.util.CredentialFactory;
 import nl.nn.adapterframework.util.StreamUtil;
 import nl.nn.adapterframework.util.TransformerPool;
 import nl.nn.adapterframework.util.XmlUtils;
@@ -79,6 +114,55 @@
  *   another_param_name=another_param_value
  * </pre>
  *
+ * <p>
+ * Note 1:
+ * Some certificates require the &lt;java_home&gt;/jre/lib/security/xxx_policy.jar files to be upgraded to unlimited strength. Typically, in such a case, an error message like
+ * <code>Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters</code> is observed.
+ * For IBM JDKs these files can be downloaded from http://www.ibm.com/developerworks/java/jdk/security/50/ (scroll down to 'IBM SDK Policy files')
+ * </p>
+ * Replace in the directory java\jre\lib\security the following files:
+ * <ul>
+ * <li>local_policy.jar</li>
+ * <li>US_export_policy.jar</li>
+ * </ul>
+ * <p>
+ * Note 2:
+ * To debug ssl-related problems, set the following system property:
+ * <ul>
+ * <li>IBM / WebSphere: <code>-Djavax.net.debug=true</code></li>
+ * <li>SUN: <code>-Djavax.net.debug=all</code></li>
+ * </ul>
+ * </p>
+ * <p>
+ * Note 3:
+ * In case <code>javax.net.ssl.SSLHandshakeException: unknown certificate</code>-exceptions are thrown,
+ * probably the certificate of the other party is not trusted. Try to use one of the certificates in the path as your truststore by doing the following:
+ * <ul>
+ *   <li>open the URL you are trying to reach in InternetExplorer</li>
+ *   <li>click on the yellow padlock on the right in the bottom-bar. This opens the certificate information window</li>
+ *   <li>click on tab 'Certificeringspad'</li>
+ *   <li>double click on root certificate in the tree displayed. This opens the certificate information window for the root certificate</li>
+ *   <li>click on tab 'Details'</li>
+ *   <li>click on 'Kopieren naar bestand'</li>
+ *   <li>click 'next', choose 'DER Encoded Binary X.509 (.CER)'</li>
+ *   <li>click 'next', choose a filename</li>
+ *   <li>click 'next' and 'finish'</li>
+ * 	 <li>Start IBM key management tool ikeyman.bat, located in Program Files/IBM/WebSphere Studio/Application Developer/v5.1.2/runtimes/base_v51/bin (or similar)</li>
+ *   <li>create a new key-database (Sleuteldatabase -> Nieuw...), or open the default key.jks (default password="changeit")</li>
+ *   <li>add the generated certificate (Toevoegen...)</li>
+ *   <li>store the key-database in JKS format</li>
+ *   <li>if you didn't use the standard keydatabase, then reference the file in the truststore-attribute in Configuration.xml (include the file as a resource)</li>
+ *   <li>use jks for the truststoreType-attribute</li>
+ *   <li>restart your application</li>
+ *   <li>instead of IBM ikeyman you can use the standard java tool <code>keytool</code> as follows:
+ *      <code>keytool -import -alias <i>yourAlias</i> -file <i>pathToSavedCertificate</i></code></li>
+ * </ul>
+ * <p>
+ * Note 4:
+ * In case <code>cannot create or initialize SocketFactory: (IOException) Unable to verify MAC</code>-exceptions are thrown,
+ * please check password or authAlias configuration of the corresponding certificate.
+ * </p>
+ *
  * @ff.parameters Any parameters present are appended to the request (when method is <code>GET</code> as request-parameters, when method <code>POST</code> as body part) except the <code>headersParams</code> list, which are added as HTTP headers, and the <code>urlParam</code> header
  * @ff.forward "&lt;statusCode of the HTTP response&gt;" default
  *
@@ -87,17 +171,15 @@
  */
 //TODO: Fix javadoc!
 
-public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysicalDestination, ISenderWithParameters, CanUseSharedResource<CloseableHttpClient> {
+public abstract class HttpSenderBase extends SenderWithParametersBase implements HasPhysicalDestination, HasKeystore, HasTruststore {
 
-	private static final String CONTEXT_KEY_STATUS_CODE = "Http.StatusCode";
-	private static final String CONTEXT_KEY_REASON_PHRASE = "Http.ReasonPhrase";
+	private final String CONTEXT_KEY_STATUS_CODE="Http.StatusCode";
+	private final String CONTEXT_KEY_REASON_PHRASE="Http.ReasonPhrase";
 	public static final String MESSAGE_ID_HEADER = "Message-Id";
 	public static final String CORRELATION_ID_HEADER = "Correlation-Id";
 
 	private final @Getter(onMethod = @__(@Override)) String domain = "Http";
 
-	private @Setter String sharedResourceRef;
-
 	private @Getter String url;
 	private @Getter String urlParam = "url";
 
@@ -110,53 +192,121 @@ public enum HttpMethod {
 	private @Getter ContentType fullContentType = null;
 	private @Getter String contentType = null;
 
+	/* CONNECTION POOL */
+	private @Getter int timeout = 10000;
+	private @Getter int maxConnections = 10;
+	private @Getter int maxExecuteRetries = 1;
+	private @Getter boolean staleChecking=true;
+	private @Getter int staleTimeout = 5000; // [ms]
+	private @Getter int connectionTimeToLive = 900; // [s]
+	private @Getter int connectionIdleTimeout = 10; // [s]
+	private HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+	private @Getter HttpClientContext httpClientContext = HttpClientContext.create();
+	private @Getter CloseableHttpClient httpClient;
+
+	/* SECURITY */
+	private @Getter String authAlias;
+	private @Getter String username;
+	private @Getter String password;
+	private @Getter String authDomain;
+	private @Getter String tokenEndpoint;
+	private @Getter int tokenExpiry=-1;
+	private @Getter String clientAuthAlias;
+	private @Getter String clientId;
+	private @Getter String clientSecret;
+	private @Getter String scope;
+	private @Getter boolean authenticatedTokenRequest;
+
+	/* PROXY */
+	private @Getter String proxyHost;
+	private @Getter int    proxyPort=80;
+	private @Getter String proxyAuthAlias;
+	private @Getter String proxyUsername;
+	private @Getter String proxyPassword;
+	private @Getter String proxyRealm=null;
+
+	/* SSL */
+	private @Getter String keystore;
+	private @Getter String keystoreAuthAlias;
+	private @Getter String keystorePassword;
+	private @Getter KeystoreType keystoreType=KeystoreType.PKCS12;
+	private @Getter String keystoreAlias;
+	private @Getter String keystoreAliasAuthAlias;
+	private @Getter String keystoreAliasPassword;
+	private @Getter String keyManagerAlgorithm=null;
+
+	private @Getter String truststore=null;
+	private @Getter String truststoreAuthAlias;
+	private @Getter String truststorePassword=null;
+	private @Getter KeystoreType truststoreType=KeystoreType.JKS;
+	private @Getter String trustManagerAlgorithm=null;
+	private @Getter boolean allowSelfSignedCertificates = false;
+	private @Getter boolean verifyHostname=true;
+	private @Getter boolean ignoreCertificateExpiredException=false;
+
 	private @Getter String headersParams="";
+	private @Getter boolean followRedirects=true;
+	private @Getter boolean ignoreRedirects=false;
 	private @Getter boolean xhtml=false;
 	private @Getter String styleSheetName=null;
+	private @Getter String protocol=null;
 	private @Getter String resultStatusCodeSessionKey;
 	private @Getter String parametersToSkipWhenEmpty;
 
 	private final boolean APPEND_MESSAGEID_HEADER = AppConstants.getInstance(getConfigurationClassLoader()).getBoolean("http.headers.messageid", true);
 	private final boolean APPEND_CORRELATIONID_HEADER = AppConstants.getInstance(getConfigurationClassLoader()).getBoolean("http.headers.correlationid", true);
+	private boolean disableCookies = false;
 
 	private TransformerPool transformerPool=null;
 
 	protected Parameter urlParameter;
 
 	protected URI staticUri;
+	private CredentialFactory credentials;
+	private CredentialFactory user_cf;
+	private CredentialFactory client_cf;
 
 	protected Set<String> requestOrBodyParamsSet=new HashSet<>();
 	protected Set<String> headerParamsSet=new LinkedHashSet<>();
 	protected Set<String> parametersToSkipWhenEmptySet=new HashSet<>();
 
-	protected ParameterList paramList = null;
+	/**
+	 * Makes sure only http(s) requests can be performed.
+	 */
+	protected URI getURI(String url) throws URISyntaxException {
+		URIBuilder uri = new URIBuilder(url);
 
-	@Override
-	public void addParameter(Parameter p) {
-		if (paramList==null) {
-			paramList=new ParameterList();
+		if(uri.getScheme() == null) {
+			throw new URISyntaxException("", "must use an absolute url starting with http(s)://");
+		}
+		if (!uri.getScheme().matches("(?i)https?")) {
+			throw new IllegalArgumentException(ClassUtils.nameOf(this) + " only supports web based schemes. (http or https)");
 		}
-		paramList.add(p);
-	}
 
-	/**
-	 * return the Parameters
-	 */
-	@Override
-	public ParameterList getParameterList() {
-		return paramList;
+		if (uri.getPath()==null) {
+			uri.setPath("/");
+		}
+
+		log.info(getLogPrefix()+"created uri: scheme=["+uri.getScheme()+"] host=["+uri.getHost()+"] path=["+uri.getPath()+"]");
+		return uri.build();
 	}
 
 	@Override
 	public void configure() throws ConfigurationException {
-		if(StringUtils.isBlank(sharedResourceRef)) {
-			log.info("configuring local HttpSession");
-			super.configure();
-		}
+		super.configure();
+
+		/**
+		 * TODO find out if this really breaks proxy authentication or not.
+		 */
+//		httpClientBuilder.disableAuthCaching();
+
+		Builder requestConfigBuilder = RequestConfig.custom();
+		requestConfigBuilder.setConnectTimeout(getTimeout());
+		requestConfigBuilder.setConnectionRequestTimeout(getTimeout());
+		requestConfigBuilder.setSocketTimeout(getTimeout());
 
 		if (paramList!=null) {
 			paramList.configure();
-
 			if (StringUtils.isNotEmpty(getHeadersParams())) {
 				StringTokenizer st = new StringTokenizer(getHeadersParams(), ",");
 				while (st.hasMoreElements()) {
@@ -198,6 +348,10 @@ public void configure() throws ConfigurationException {
 			}
 		}
 
+		if (getMaxConnections() <= 0) {
+			throw new ConfigurationException(getLogPrefix()+"maxConnections is set to ["+getMaxConnections()+"], which is not enough for adequate operation");
+		}
+
 		try {
 			if (urlParameter == null) {
 				if (StringUtils.isEmpty(getUrl())) {
@@ -206,32 +360,102 @@ public void configure() throws ConfigurationException {
 				staticUri = getURI(getUrl());
 			}
 		} catch (URISyntaxException e) {
-			throw new ConfigurationException("cannot interpret url ["+getUrl()+"]", e);
+			throw new ConfigurationException(getLogPrefix()+"cannot interpret url ["+getUrl()+"]", e);
+		}
+
+		AuthSSLContextFactory.verifyKeystoreConfiguration(this, this);
+
+		if (StringUtils.isNotEmpty(getAuthAlias()) || StringUtils.isNotEmpty(getUsername())) {
+			user_cf = new CredentialFactory(getAuthAlias(), getUsername(), getPassword());
+			credentials = user_cf;
+		}
+		client_cf = new CredentialFactory(getClientAuthAlias(), getClientId(), getClientSecret());
+		if (credentials==null) {
+			credentials = client_cf;
+		}
+		if (StringUtils.isNotEmpty(getTokenEndpoint()) && StringUtils.isEmpty(getClientAuthAlias()) && StringUtils.isEmpty(getClientId())) {
+			throw new ConfigurationException("To obtain accessToken at tokenEndpoint ["+getTokenEndpoint()+"] a clientAuthAlias or ClientId and ClientSecret must be specified");
+		}
+		HttpHost proxy = null;
+		CredentialFactory pcf = null;
+		if (StringUtils.isNotEmpty(getProxyHost())) {
+			proxy = new HttpHost(getProxyHost(), getProxyPort());
+			pcf = new CredentialFactory(getProxyAuthAlias(), getProxyUsername(), getProxyPassword());
+			requestConfigBuilder.setProxy(proxy);
+			httpClientBuilder.setProxy(proxy);
+		}
+
+		try {
+			setupAuthentication(pcf, proxy, requestConfigBuilder);
+		} catch (HttpAuthenticationException e) {
+			throw new ConfigurationException("exception configuring authentication", e);
 		}
 
 		if (StringUtils.isNotEmpty(getStyleSheetName())) {
 			try {
 				Resource stylesheet = Resource.getResource(this, getStyleSheetName());
 				if (stylesheet == null) {
-					throw new ConfigurationException("cannot find stylesheet ["+getStyleSheetName()+"]");
+					throw new ConfigurationException(getLogPrefix() + "cannot find stylesheet ["+getStyleSheetName()+"]");
 				}
 				transformerPool = TransformerPool.getInstance(stylesheet);
 			} catch (IOException e) {
-				throw new ConfigurationException("cannot retrieve ["+ getStyleSheetName() + "]", e);
+				throw new ConfigurationException(getLogPrefix() + "cannot retrieve ["+ getStyleSheetName() + "]", e);
 			} catch (TransformerConfigurationException te) {
-				throw new ConfigurationException("got error creating transformer from file [" + getStyleSheetName() + "]", te);
+				throw new ConfigurationException(getLogPrefix() + "got error creating transformer from file [" + getStyleSheetName() + "]", te);
 			}
 		}
+
+		httpClientBuilder.setDefaultRequestConfig(requestConfigBuilder.build());
+
+		httpClientBuilder.setRetryHandler(new HttpRequestRetryHandler(getMaxExecuteRetries()));
+
+		if(areCookiesDisabled()) {
+			httpClientBuilder.disableCookieManagement();
+		}
+
+		// The redirect strategy used to only redirect GET, DELETE and HEAD.
+		httpClientBuilder.setRedirectStrategy(new DefaultRedirectStrategy() {
+			@Override
+			protected boolean isRedirectable(String method) {
+				return isFollowRedirects();
+			}
+		});
 	}
 
 	@Override
 	public void open() throws SenderException {
-		try {
-			start();
-		} catch (Exception e) {
-			throw new SenderException(getLogPrefix()+"unable to create HttpClient", e);
+		// In order to support multiThreading and connectionPooling
+		// If a sslSocketFactory has been defined, the connectionManager has to be initialized with the sslSocketFactory
+		PoolingHttpClientConnectionManager connectionManager;
+		int timeToLive = getConnectionTimeToLive();
+		if (timeToLive<=0) {
+			timeToLive = -1;
+		}
+		SSLConnectionSocketFactory sslSocketFactory = getSSLConnectionSocketFactory();
+		if(sslSocketFactory != null) {
+			Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
+				.register("http", PlainConnectionSocketFactory.getSocketFactory())
+				.register("https", sslSocketFactory)
+				.build();
+			connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry, null, null, null, timeToLive, TimeUnit.SECONDS);
+			log.debug(getLogPrefix()+"created PoolingHttpClientConnectionManager with custom SSLConnectionSocketFactory");
+		}
+		else {
+			connectionManager = new PoolingHttpClientConnectionManager(timeToLive, TimeUnit.SECONDS);
+			log.debug(getLogPrefix()+"created default PoolingHttpClientConnectionManager");
+		}
+
+		connectionManager.setMaxTotal(getMaxConnections());
+		connectionManager.setDefaultMaxPerRoute(getMaxConnections());
+
+		if (isStaleChecking()) {
+			log.info(getLogPrefix()+"set up connectionManager, setting stale checking ["+isStaleChecking()+"]");
+			connectionManager.setValidateAfterInactivity(getStaleTimeout());
 		}
 
+		httpClientBuilder.setConnectionManager(connectionManager);
+		httpClientBuilder.evictIdleConnections(getConnectionIdleTimeout(), TimeUnit.SECONDS);
+
 		if (transformerPool!=null) {
 			try {
 				transformerPool.open();
@@ -239,36 +463,116 @@ public void open() throws SenderException {
 				throw new SenderException(getLogPrefix()+"cannot start TransformerPool", e);
 			}
 		}
+
+		httpClient = httpClientBuilder.build();
 	}
 
 	@Override
-	public Class<CloseableHttpClient> getObjectType() {
-		return CloseableHttpClient.class;
+	public void close() throws SenderException {
+		try {
+			//Close the HttpClient and ConnectionManager to release resources and potential open connections
+			if(httpClient != null) {
+				httpClient.close();
+			}
+		} catch (IOException e) {
+			throw new SenderException(e);
+		}
+
+		if (transformerPool!=null) {
+			transformerPool.close();
+		}
 	}
 
-	@Override
-	public void start() {
-		if(StringUtils.isNotBlank(sharedResourceRef)) {
-			setHttpClient(getSharedResource(sharedResourceRef));
-		} else {
-			buildHttpClient();
+	private void setupAuthentication(CredentialFactory proxyCredentials, HttpHost proxy, Builder requestConfigBuilder) throws HttpAuthenticationException {
+		CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+		if (StringUtils.isNotEmpty(credentials.getUsername()) || StringUtils.isNotEmpty(getTokenEndpoint())) {
+
+			credentialsProvider.setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT), getCredentials());
+
+			AuthenticationScheme preferredAuthenticationScheme = getPreferredAuthenticationScheme();
+			requestConfigBuilder.setTargetPreferredAuthSchemes(Arrays.asList(preferredAuthenticationScheme.getSchemeName()));
+			requestConfigBuilder.setAuthenticationEnabled(true);
+
+			if (preferredAuthenticationScheme == AuthenticationScheme.OAUTH) {
+				OAuthAccessTokenManager accessTokenManager = new OAuthAccessTokenManager(getTokenEndpoint(), getScope(), client_cf, user_cf==null, isAuthenticatedTokenRequest(), this, getTokenExpiry());
+				httpClientContext.setAttribute(OAuthAuthenticationScheme.ACCESSTOKEN_MANAGER_KEY, accessTokenManager);
+				httpClientBuilder.setTargetAuthenticationStrategy(new OAuthPreferringAuthenticationStrategy());
+			}
 		}
+		if (proxy!=null) {
+			AuthScope scope = new AuthScope(proxy, proxyRealm, AuthScope.ANY_SCHEME);
+
+
+			if (StringUtils.isNotEmpty(proxyCredentials.getUsername())) {
+				Credentials credentials = new UsernamePasswordCredentials(proxyCredentials.getUsername(), proxyCredentials.getPassword());
+				credentialsProvider.setCredentials(scope, credentials);
+			}
+			//log.trace("setting credentialProvider [" + credentialsProvider.toString() + "]");
+
+			if(prefillProxyAuthCache()) {
+				requestConfigBuilder.setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC));
+
+				AuthCache authCache = httpClientContext.getAuthCache();
+				if(authCache == null)
+					authCache = new BasicAuthCache();
+
+				authCache.put(proxy, new BasicScheme());
+				httpClientContext.setAuthCache(authCache);
+			}
+
+		}
+
+		httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
 	}
 
-	@Override
-	public void close() {
-		if(StringUtils.isBlank(sharedResourceRef)) {
-			super.stop();
+	private void preAuthenticate() {
+		if (credentials != null && !StringUtils.isEmpty(credentials.getUsername())) {
+			AuthState authState = httpClientContext.getTargetAuthState();
+			if (authState==null) {
+				authState = new AuthState();
+				httpClientContext.setAttribute(HttpClientContext.TARGET_AUTH_STATE, authState);
+			}
+			authState.setState(AuthProtocolState.CHALLENGED);
+			authState.update(getPreferredAuthenticationScheme().createScheme(), getCredentials());
 		}
+	}
 
-		if (transformerPool!=null) {
-			transformerPool.close();
+	private Credentials getCredentials() {
+		String uname;
+		if (StringUtils.isNotEmpty(getAuthDomain())) {
+			uname = getAuthDomain() + "\\" + credentials.getUsername();
+		} else {
+			uname = credentials.getUsername();
 		}
+
+		return new UsernamePasswordCredentials(uname, credentials.getPassword());
+	}
+
+	private AuthenticationScheme getPreferredAuthenticationScheme() {
+		return StringUtils.isNotEmpty(getTokenEndpoint()) ? AuthenticationScheme.OAUTH : AuthenticationScheme.BASIC;
 	}
 
-	protected boolean appendParameters(boolean parametersAppended, StringBuilder path, ParameterValueList parameters) throws SenderException {
+	protected SSLConnectionSocketFactory getSSLConnectionSocketFactory() throws SenderException {
+		SSLConnectionSocketFactory sslSocketFactory;
+		HostnameVerifier hostnameVerifier = verifyHostname ? new DefaultHostnameVerifier() : new NoopHostnameVerifier();
+
+		try {
+			javax.net.ssl.SSLSocketFactory socketfactory = AuthSSLContextFactory.createSSLSocketFactory(this, this, getProtocol());
+			sslSocketFactory = new SSLConnectionSocketFactory(socketfactory, hostnameVerifier);
+		} catch (Exception e) {
+			throw new SenderException("cannot create or initialize SocketFactory", e);
+		}
+		// This method will be overwritten by the connectionManager when connectionPooling is enabled!
+		// Can still be null when no default or an invalid system sslSocketFactory has been defined
+		if(sslSocketFactory != null) {
+			httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
+		}
+		return sslSocketFactory;
+	}
+
+	protected boolean appendParameters(boolean parametersAppended, StringBuffer path, ParameterValueList parameters) throws SenderException {
 		if (parameters != null) {
-			log.debug("appending [{}] parameters", parameters::size);
+			if (log.isDebugEnabled()) log.debug(getLogPrefix()+"appending ["+parameters.size()+"] parameters");
 			for(ParameterValue pv : parameters) {
 				if (requestOrBodyParamsSet.contains(pv.getName())) {
 					String value = pv.asStringValue("");
@@ -282,7 +586,7 @@ protected boolean appendParameters(boolean parametersAppended, StringBuilder pat
 							}
 
 							String parameterToAppend = pv.getDefinition().getName() +"="+ URLEncoder.encode(value, getCharSet());
-							log.debug("appending parameter [{}]", parameterToAppend);
+							if (log.isDebugEnabled()) log.debug(getLogPrefix()+"appending parameter ["+parameterToAppend+"]");
 							path.append(parameterToAppend);
 						} catch (UnsupportedEncodingException e) {
 							throw new SenderException(getLogPrefix()+"["+getCharSet()+"] encoding error. Failed to add parameter ["+pv.getDefinition().getName()+"]", e);
@@ -294,17 +598,6 @@ protected boolean appendParameters(boolean parametersAppended, StringBuilder pat
 		return parametersAppended;
 	}
 
-
-	/**
-	 * Returns the true name of the class and not <code>XsltPipe$$EnhancerBySpringCGLIB$$563e6b5d</code>.
-	 * {@link ClassUtils#nameOf(Object)} makes sure the original class will be used.
-	 * 
-	 * @return className + name of the ISender
-	 */
-	protected String getLogPrefix() {
-		return ClassUtils.nameOf(this) + " ";
-	}
-
 	/**
 	 * Custom implementation to create a {@link HttpRequestBase HttpRequest} object.
 	 * @param uri endpoint to send the message to
@@ -397,16 +690,17 @@ public SenderResult sendMessage(Message message, PipeLineSession session) throws
 
 			preAuthenticate();
 
-			log.info("configured httpclient for host [{}]", targetUri::getHost);
+			log.info(getLogPrefix()+"configured httpclient for host ["+targetUri.getHost()+"]");
 
 		} catch (Exception e) {
 			throw new SenderException(e);
 		}
 
-		Message result;
-		int statusCode;
+		Message result = null;
+		int statusCode = -1;
 		boolean success;
-		String reasonPhrase;
+		String reasonPhrase = null;
+		HttpHost targetHost = new HttpHost(targetUri.getHost(), targetUri.getPort(), targetUri.getScheme());
 
 		TimeoutGuard tg = new TimeoutGuard(1+getTimeout()/1000, getName()) {
 
@@ -428,13 +722,12 @@ protected void abort() {
 				}
 			}
 			if (httpClient == null) {
-				buildHttpClient(); // Prevent java.lang.IllegalStateException: Connection pool shut down
 				httpClient = getHttpClient();
 				session.put("httpClient", httpClient);
 			}
-			log.debug("executing method [{}]", httpRequestBase::getRequestLine);
-			HttpResponse httpResponse = execute(httpClient, targetUri, httpRequestBase);
-			log.debug("executed method");
+			log.debug(getLogPrefix()+"executing method [" + httpRequestBase.getRequestLine() + "]");
+			HttpResponse httpResponse = httpClient.execute(targetHost, httpRequestBase, httpClientContext);
+			log.debug(getLogPrefix()+"executed method");
 
 			HttpResponseHandler responseHandler = new HttpResponseHandler(httpResponse);
 			StatusLine statusline = httpResponse.getStatusLine();
@@ -448,14 +741,14 @@ protected void abort() {
 
 			// Only give warnings for 4xx (client errors) and 5xx (server errors)
 			if (statusCode >= 400 && statusCode < 600) {
-				log.warn("status [{}]", statusline);
+				log.warn(getLogPrefix()+"status ["+statusline.toString()+"]");
 			} else {
-				log.debug("status [{}]", statusCode);
+				log.debug(getLogPrefix()+"status ["+statusCode+"]");
 			}
 
 			result = extractResult(responseHandler, session);
 
-			log.debug("retrieved result [{}]", result);
+			log.debug(getLogPrefix()+"retrieved result ["+result+"]");
 		} catch (IOException e) {
 			httpRequestBase.abort();
 			if (e instanceof SocketTimeoutException) {
@@ -470,8 +763,8 @@ protected void abort() {
 			// in a sessionKey for later use in the pipeline.
 			//
 			// IMPORTANT: It is possible that poorly written implementations
-			// won't read or close the response.
-			// This will cause the connection to become stale.
+			// wont read or close the response.
+			// This will cause the connection to become stale..
 
 			if (tg.cancel()) {
 				throw new TimeoutException(getLogPrefix()+"timeout of ["+getTimeout()+"] ms exceeded");
@@ -483,16 +776,15 @@ protected void abort() {
 		}
 
 		if (isXhtml() && !Message.isEmpty(result)) {
-			// TODO: Streaming XHTML conversion for better performance with large result message?
 			String xhtml;
-			try(Message m = result) {
-				xhtml = XmlUtils.toXhtml(m);
+			try {
+				xhtml = XmlUtils.toXhtml(result);
 			} catch (IOException e) {
 				throw new SenderException("error reading http response as String", e);
 			}
 
 			if (transformerPool != null && xhtml != null) {
-				log.debug("transforming result [{}]", xhtml);
+				log.debug(getLogPrefix() + " transforming result [" + xhtml + "]");
 				try {
 					xhtml = transformerPool.transform(Message.asSource(xhtml));
 				} catch (Exception e) {
@@ -503,7 +795,7 @@ protected void abort() {
 			result = Message.asMessage(xhtml);
 		}
 
-		if (result == null) {
+		if (result==null) {
 			result = Message.nullMessage();
 		}
 		log.debug("Storing [{}]=[{}], [{}]=[{}]", CONTEXT_KEY_STATUS_CODE, statusCode, CONTEXT_KEY_REASON_PHRASE, reasonPhrase);
@@ -557,18 +849,174 @@ public void setCharSet(String string) {
 		charSet = string;
 	}
 
+	/**
+	 * Timeout in ms of obtaining a connection/result. 0 means no timeout
+	 * @ff.default 10000
+	 */
+	public void setTimeout(int i) {
+		timeout = i;
+	}
+
+	/**
+	 * The maximum number of concurrent connections
+	 * @ff.default 10
+	 */
+	public void setMaxConnections(int i) {
+		maxConnections = i;
+	}
+
+	/**
+	 * The maximum number of times the execution is retried
+	 * @ff.default 1 (for repeatable messages) else 0
+	 */
+	public void setMaxExecuteRetries(int i) {
+		maxExecuteRetries = i;
+	}
+
+	/** Authentication alias used for authentication to the host */
+	public void setAuthAlias(String string) {
+		authAlias = string;
+	}
+
+	/** Username used for authentication to the host */
+	public void setUsername(String username) {
+		this.username = username;
+	}
 	@Deprecated
 	@ConfigurationWarning("Please use attribute username instead")
 	public void setUserName(String username) {
 		setUsername(username);
 	}
 
+	/** Password used for authentication to the host */
+	public void setPassword(String string) {
+		password = string;
+	}
+
+	/**
+	 * Corporate domain name. Should only be used in combination with sAMAccountName, never with an UPN.<br/>
+	 * <br/>
+	 * Assuming the following user:<br/>
+	 * UPN: john.doe@CorpDomain.biz<br/>
+	 * sAMAccountName: CORPDOMAIN\john.doe<br/>
+	 * <br/>
+	 * The username attribute may be set to <code>john.doe</code><br/>
+	 * The AuthDomain attribute may be set to <code>CORPDOMAIN</code><br/>
+	 */
+	@Deprecated
+	@ConfigurationWarning("Please use the UPN or the full sAM-AccountName instead")
+	public void setAuthDomain(String string) {
+		authDomain = string;
+	}
+
+	/**
+	 * Endpoint to obtain OAuth accessToken. If <code>authAlias</code> or <code>username</code>( and <code>password</code>) are specified,
+	 * then a PasswordGrant is used, otherwise a ClientCredentials grant. The obtained accessToken will be added to the regular requests
+	 * in an HTTP Header 'Authorization' with a 'Bearer' prefix.
+	 */
+	public void setTokenEndpoint(String string) {
+		tokenEndpoint = string;
+	}
+	/**
+	 * If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed. Otherwise the token
+	 * will be refreshed when it is half way its lifetime as defined by the <code>expires_in</code> clause of the token response,
+	 * or when the regular server returns a 401 status with a challenge.
+	 * If not specified, and the accessTokens lifetime is not found in the token response, the accessToken will not be refreshed preemptively.
+	 * @ff.default -1
+	 */
+	public void setTokenExpiry(int value) {
+		tokenExpiry = value;
+	}
+	/** Alias used to obtain client_id and client_secret for authentication to <code>tokenEndpoint</code> */
+	public void setClientAlias(String clientAuthAlias) {
+		this.clientAuthAlias = clientAuthAlias;
+	}
+	/** Client_id used in authentication to <code>tokenEndpoint</code> */
+	public void setClientId(String clientId) {
+		this.clientId = clientId;
+	}
+
+	/** Client_secret used in authentication to <code>tokenEndpoint</code> */
+	public void setClientSecret(String clientSecret) {
+		this.clientSecret = clientSecret;
+	}
+	/** Space or comma separated list of scope items requested for accessToken, e.g. <code>read write</code>. Only used when <code>tokenEndpoint</code> is specified */
+	public void setScope(String string) {
+		scope = string;
+	}
+	/** if set true, clientId and clientSecret will be added as Basic Authentication header to the tokenRequest, instead of as request parameters */
+	public void setAuthenticatedTokenRequest(boolean authenticatedTokenRequest) {
+		this.authenticatedTokenRequest = authenticatedTokenRequest;
+	}
+
+
+	/** Proxy host */
+	public void setProxyHost(String string) {
+		proxyHost = string;
+	}
+
+	/**
+	 * Proxy port
+	 * @ff.default 80
+	 */
+	public void setProxyPort(int i) {
+		proxyPort = i;
+	}
+
+	/** Alias used to obtain credentials for authentication to proxy */
+	public void setProxyAuthAlias(String string) {
+		proxyAuthAlias = string;
+	}
+
+	/**
+	 * Proxy username
+	 * @ff.default  
+	 */
+	public void setProxyUsername(String string) {
+		proxyUsername = string;
+	}
 	@Deprecated
 	@ConfigurationWarning("Please use \"proxyUsername\" instead")
 	public void setProxyUserName(String string) {
 		setProxyUsername(string);
 	}
 
+	/**
+	 * Proxy password
+	 * @ff.default  
+	 */
+	public void setProxyPassword(String string) {
+		proxyPassword = string;
+	}
+
+	/**
+	 * Proxy realm
+	 * @ff.default  
+	 */
+	public void setProxyRealm(String string) {
+		proxyRealm = StringUtils.isNotEmpty(string) ? string : null;
+	}
+
+	/**
+	 * TODO: make this configurable
+	 * @return false
+	 */
+	public boolean prefillProxyAuthCache() {
+		return false;
+	}
+
+	/**
+	 * Disables the use of cookies, making the sender completely stateless
+	 * @ff.default false
+	 */
+	public void setDisableCookies(boolean disableCookies) {
+		this.disableCookies = disableCookies;
+	}
+	public boolean areCookiesDisabled() {
+		return disableCookies;
+	}
+
+
 	@Deprecated
 	@ConfigurationWarning("Please use attribute keystore instead")
 	public void setCertificate(String string) {
@@ -590,6 +1038,87 @@ public void setCertificatePassword(String string) {
 		setKeystorePassword(string);
 	}
 
+	/** resource URL to keystore or certificate to be used for authentication. If none specified, the JVMs default keystore will be used. */
+	@Override
+	public void setKeystore(String string) {
+		keystore = string;
+	}
+
+	@Override
+	public void setKeystoreType(KeystoreType value) {
+		keystoreType = value;
+	}
+
+	@Override
+	public void setKeystoreAuthAlias(String string) {
+		keystoreAuthAlias = string;
+	}
+
+	@Override
+	public void setKeystorePassword(String string) {
+		keystorePassword = string;
+	}
+
+	@Override
+	public void setKeyManagerAlgorithm(String keyManagerAlgorithm) {
+		this.keyManagerAlgorithm = keyManagerAlgorithm;
+	}
+
+	@Override
+	public void setKeystoreAlias(String string) {
+		keystoreAlias = string;
+	}
+	@Override
+	public void setKeystoreAliasAuthAlias(String string) {
+		keystoreAliasAuthAlias = string;
+	}
+	@Override
+	public void setKeystoreAliasPassword(String string) {
+		keystoreAliasPassword = string;
+	}
+
+	@Override
+	/** Resource URL to truststore to be used for authenticating peer. If none specified, the JVMs default truststore will be used. */
+	public void setTruststore(String string) {
+		truststore = string;
+	}
+
+	@Override
+	public void setTruststoreAuthAlias(String string) {
+		truststoreAuthAlias = string;
+	}
+
+	@Override
+	public void setTruststorePassword(String string) {
+		truststorePassword = string;
+	}
+
+	@Override
+	public void setTruststoreType(KeystoreType value) {
+		truststoreType = value;
+	}
+
+	@Override
+	public void setTrustManagerAlgorithm(String trustManagerAlgorithm) {
+		this.trustManagerAlgorithm = trustManagerAlgorithm;
+	}
+
+	@Override
+	public void setVerifyHostname(boolean b) {
+		verifyHostname = b;
+	}
+
+	@Override
+	public void setAllowSelfSignedCertificates(boolean allowSelfSignedCertificates) {
+		this.allowSelfSignedCertificates = allowSelfSignedCertificates;
+	}
+
+	@Override
+	public void setIgnoreCertificateExpiredException(boolean b) {
+		ignoreCertificateExpiredException = b;
+	}
+
+
 	/** Comma separated list of parameter names which should be set as HTTP headers */
 	public void setHeadersParams(String headersParams) {
 		this.headersParams = headersParams;
@@ -600,6 +1129,56 @@ public void setParametersToSkipWhenEmpty(String parametersToSkipWhenEmpty) {
 		this.parametersToSkipWhenEmpty = parametersToSkipWhenEmpty;
 	}
 
+
+	/**
+	 * If <code>true</code>, a redirect request will be honoured, e.g. to switch to HTTPS
+	 * @ff.default true
+	 */
+	public void setFollowRedirects(boolean b) {
+		followRedirects = b;
+	}
+
+	/**
+	 * If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successful
+	 * @ff.default false
+	 */
+	public void setIgnoreRedirects(boolean b) {
+		ignoreRedirects = b;
+	}
+
+
+	/**
+	 * Controls whether connections checked to be stale, i.e. appear open, but are not.
+	 * @ff.default true
+	 */
+	public void setStaleChecking(boolean b) {
+		staleChecking = b;
+	}
+
+	/**
+	 * Used when StaleChecking=<code>true</code>. Timeout after which an idle connection will be validated before being used.
+	 * @ff.default 5000 ms
+	 */
+	public void setStaleTimeout(int timeout) {
+		staleTimeout = timeout;
+	}
+
+	/**
+	 * Maximum Time to Live for connections in the pool. No connection will be re-used past its timeToLive value.
+	 * @ff.default 900 s
+	 */
+	public void setConnectionTimeToLive(int timeToLive) {
+		connectionTimeToLive = timeToLive;
+	}
+
+	/**
+	 * Maximum Time for connection to stay idle in the pool. Connections that are idle longer will periodically be evicted from the pool
+	 * @ff.default 10 s
+	 */
+	public void setConnectionIdleTimeout(int idleTimeout) {
+		connectionIdleTimeout = idleTimeout;
+	}
+
 	/**
 	 * If <code>true</code>, the HTML response is transformed to XHTML
 	 * @ff.default false
@@ -613,6 +1192,14 @@ public void setStyleSheetName(String stylesheetName){
 		this.styleSheetName=stylesheetName;
 	}
 
+	/**
+	 * Secure socket protocol (such as 'SSL' and 'TLS') to use when a SSLContext object is generated.
+	 * @ff.default SSL
+	 */
+	public void setProtocol(String protocol) {
+		this.protocol = protocol;
+	}
+
 	/** If set, the status code of the HTTP response is put in the specified sessionKey and the (error or okay) response message is returned.
 	 * Setting this property has a side effect. If a 4xx or 5xx result code is returned and if the configuration does not implement
 	 * the specific forward for the returned HTTP result code, then the success forward is followed instead of the exception forward.
@@ -620,4 +1207,4 @@ public void setStyleSheetName(String stylesheetName){
 	public void setResultStatusCodeSessionKey(String resultStatusCodeSessionKey) {
 		this.resultStatusCodeSessionKey = resultStatusCodeSessionKey;
 	}
-}
+}
\ No newline at end of file
diff --git a/java/nl/nn/adapterframework/http/HttpSenderBase.java-orig b/java/nl/nn/adapterframework/http/HttpSenderBase.java-orig
index f36907c..9e2a796 100644
--- a/java/nl/nn/adapterframework/http/HttpSenderBase.java-orig
+++ b/java/nl/nn/adapterframework/http/HttpSenderBase.java-orig
@@ -21,46 +21,81 @@ import java.net.SocketTimeoutException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URLEncoder;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
 import java.util.StringTokenizer;
+import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.HostnameVerifier;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.TransformerConfigurationException;
 
 import org.apache.commons.lang3.StringUtils;
+import org.apache.http.HttpHost;
 import org.apache.http.HttpResponse;
 import org.apache.http.MethodNotSupportedException;
 import org.apache.http.StatusLine;
+import org.apache.http.auth.AuthProtocolState;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.AuthState;
+import org.apache.http.auth.Credentials;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.AuthCache;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.client.config.AuthSchemes;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.client.config.RequestConfig.Builder;
 import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.entity.ContentType;
+import org.apache.http.impl.auth.BasicScheme;
+import org.apache.http.impl.client.BasicAuthCache;
+import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.DefaultRedirectStrategy;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
 
 import lombok.Getter;
-import lombok.Setter;
 import nl.nn.adapterframework.configuration.ConfigurationException;
 import nl.nn.adapterframework.configuration.ConfigurationWarning;
-import nl.nn.adapterframework.core.CanUseSharedResource;
 import nl.nn.adapterframework.core.HasPhysicalDestination;
-import nl.nn.adapterframework.core.ISenderWithParameters;
 import nl.nn.adapterframework.core.ParameterException;
 import nl.nn.adapterframework.core.PipeLineSession;
 import nl.nn.adapterframework.core.Resource;
 import nl.nn.adapterframework.core.SenderException;
 import nl.nn.adapterframework.core.SenderResult;
 import nl.nn.adapterframework.core.TimeoutException;
+import nl.nn.adapterframework.encryption.AuthSSLContextFactory;
+import nl.nn.adapterframework.encryption.HasKeystore;
+import nl.nn.adapterframework.encryption.HasTruststore;
 import nl.nn.adapterframework.encryption.KeystoreType;
+import nl.nn.adapterframework.http.authentication.AuthenticationScheme;
+import nl.nn.adapterframework.http.authentication.HttpAuthenticationException;
+import nl.nn.adapterframework.http.authentication.OAuthAccessTokenManager;
+import nl.nn.adapterframework.http.authentication.OAuthAuthenticationScheme;
+import nl.nn.adapterframework.http.authentication.OAuthPreferringAuthenticationStrategy;
 import nl.nn.adapterframework.parameters.Parameter;
-import nl.nn.adapterframework.parameters.ParameterList;
 import nl.nn.adapterframework.parameters.ParameterValue;
 import nl.nn.adapterframework.parameters.ParameterValueList;
+import nl.nn.adapterframework.senders.SenderWithParametersBase;
 import nl.nn.adapterframework.stream.Message;
 import nl.nn.adapterframework.task.TimeoutGuard;
 import nl.nn.adapterframework.util.AppConstants;
 import nl.nn.adapterframework.util.ClassUtils;
+import nl.nn.adapterframework.util.CredentialFactory;
 import nl.nn.adapterframework.util.StreamUtil;
 import nl.nn.adapterframework.util.TransformerPool;
 import nl.nn.adapterframework.util.XmlUtils;
@@ -79,6 +114,55 @@ import nl.nn.adapterframework.util.XmlUtils;
  *   another_param_name=another_param_value
  * </pre>
  *
+ * <p>
+ * Note 1:
+ * Some certificates require the &lt;java_home&gt;/jre/lib/security/xxx_policy.jar files to be upgraded to unlimited strength. Typically, in such a case, an error message like
+ * <code>Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters</code> is observed.
+ * For IBM JDKs these files can be downloaded from http://www.ibm.com/developerworks/java/jdk/security/50/ (scroll down to 'IBM SDK Policy files')
+ * </p>
+ * Replace in the directory java\jre\lib\security the following files:
+ * <ul>
+ * <li>local_policy.jar</li>
+ * <li>US_export_policy.jar</li>
+ * </ul>
+ * <p>
+ * Note 2:
+ * To debug ssl-related problems, set the following system property:
+ * <ul>
+ * <li>IBM / WebSphere: <code>-Djavax.net.debug=true</code></li>
+ * <li>SUN: <code>-Djavax.net.debug=all</code></li>
+ * </ul>
+ * </p>
+ * <p>
+ * Note 3:
+ * In case <code>javax.net.ssl.SSLHandshakeException: unknown certificate</code>-exceptions are thrown,
+ * probably the certificate of the other party is not trusted. Try to use one of the certificates in the path as your truststore by doing the following:
+ * <ul>
+ *   <li>open the URL you are trying to reach in InternetExplorer</li>
+ *   <li>click on the yellow padlock on the right in the bottom-bar. This opens the certificate information window</li>
+ *   <li>click on tab 'Certificeringspad'</li>
+ *   <li>double click on root certificate in the tree displayed. This opens the certificate information window for the root certificate</li>
+ *   <li>click on tab 'Details'</li>
+ *   <li>click on 'Kopieren naar bestand'</li>
+ *   <li>click 'next', choose 'DER Encoded Binary X.509 (.CER)'</li>
+ *   <li>click 'next', choose a filename</li>
+ *   <li>click 'next' and 'finish'</li>
+ * 	 <li>Start IBM key management tool ikeyman.bat, located in Program Files/IBM/WebSphere Studio/Application Developer/v5.1.2/runtimes/base_v51/bin (or similar)</li>
+ *   <li>create a new key-database (Sleuteldatabase -> Nieuw...), or open the default key.jks (default password="changeit")</li>
+ *   <li>add the generated certificate (Toevoegen...)</li>
+ *   <li>store the key-database in JKS format</li>
+ *   <li>if you didn't use the standard keydatabase, then reference the file in the truststore-attribute in Configuration.xml (include the file as a resource)</li>
+ *   <li>use jks for the truststoreType-attribute</li>
+ *   <li>restart your application</li>
+ *   <li>instead of IBM ikeyman you can use the standard java tool <code>keytool</code> as follows:
+ *      <code>keytool -import -alias <i>yourAlias</i> -file <i>pathToSavedCertificate</i></code></li>
+ * </ul>
+ * <p>
+ * Note 4:
+ * In case <code>cannot create or initialize SocketFactory: (IOException) Unable to verify MAC</code>-exceptions are thrown,
+ * please check password or authAlias configuration of the corresponding certificate.
+ * </p>
+ *
  * @ff.parameters Any parameters present are appended to the request (when method is <code>GET</code> as request-parameters, when method <code>POST</code> as body part) except the <code>headersParams</code> list, which are added as HTTP headers, and the <code>urlParam</code> header
  * @ff.forward "&lt;statusCode of the HTTP response&gt;" default
  *
@@ -87,17 +171,15 @@ import nl.nn.adapterframework.util.XmlUtils;
  */
 //TODO: Fix javadoc!
 
-public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysicalDestination, ISenderWithParameters, CanUseSharedResource<CloseableHttpClient> {
+public abstract class HttpSenderBase extends SenderWithParametersBase implements HasPhysicalDestination, HasKeystore, HasTruststore {
 
-	private static final String CONTEXT_KEY_STATUS_CODE = "Http.StatusCode";
-	private static final String CONTEXT_KEY_REASON_PHRASE = "Http.ReasonPhrase";
+	private final String CONTEXT_KEY_STATUS_CODE="Http.StatusCode";
+	private final String CONTEXT_KEY_REASON_PHRASE="Http.ReasonPhrase";
 	public static final String MESSAGE_ID_HEADER = "Message-Id";
 	public static final String CORRELATION_ID_HEADER = "Correlation-Id";
 
 	private final @Getter(onMethod = @__(@Override)) String domain = "Http";
 
-	private @Setter String sharedResourceRef;
-
 	private @Getter String url;
 	private @Getter String urlParam = "url";
 
@@ -110,53 +192,121 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 	private @Getter ContentType fullContentType = null;
 	private @Getter String contentType = null;
 
+	/* CONNECTION POOL */
+	private @Getter int timeout = 10000;
+	private @Getter int maxConnections = 10;
+	private @Getter int maxExecuteRetries = 1;
+	private @Getter boolean staleChecking=true;
+	private @Getter int staleTimeout = 5000; // [ms]
+	private @Getter int connectionTimeToLive = 900; // [s]
+	private @Getter int connectionIdleTimeout = 10; // [s]
+	private HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+	private @Getter HttpClientContext httpClientContext = HttpClientContext.create();
+	private @Getter CloseableHttpClient httpClient;
+
+	/* SECURITY */
+	private @Getter String authAlias;
+	private @Getter String username;
+	private @Getter String password;
+	private @Getter String authDomain;
+	private @Getter String tokenEndpoint;
+	private @Getter int tokenExpiry=-1;
+	private @Getter String clientAuthAlias;
+	private @Getter String clientId;
+	private @Getter String clientSecret;
+	private @Getter String scope;
+	private @Getter boolean authenticatedTokenRequest;
+
+	/* PROXY */
+	private @Getter String proxyHost;
+	private @Getter int    proxyPort=80;
+	private @Getter String proxyAuthAlias;
+	private @Getter String proxyUsername;
+	private @Getter String proxyPassword;
+	private @Getter String proxyRealm=null;
+
+	/* SSL */
+	private @Getter String keystore;
+	private @Getter String keystoreAuthAlias;
+	private @Getter String keystorePassword;
+	private @Getter KeystoreType keystoreType=KeystoreType.PKCS12;
+	private @Getter String keystoreAlias;
+	private @Getter String keystoreAliasAuthAlias;
+	private @Getter String keystoreAliasPassword;
+	private @Getter String keyManagerAlgorithm=null;
+
+	private @Getter String truststore=null;
+	private @Getter String truststoreAuthAlias;
+	private @Getter String truststorePassword=null;
+	private @Getter KeystoreType truststoreType=KeystoreType.JKS;
+	private @Getter String trustManagerAlgorithm=null;
+	private @Getter boolean allowSelfSignedCertificates = false;
+	private @Getter boolean verifyHostname=true;
+	private @Getter boolean ignoreCertificateExpiredException=false;
+
 	private @Getter String headersParams="";
+	private @Getter boolean followRedirects=true;
+	private @Getter boolean ignoreRedirects=false;
 	private @Getter boolean xhtml=false;
 	private @Getter String styleSheetName=null;
+	private @Getter String protocol=null;
 	private @Getter String resultStatusCodeSessionKey;
 	private @Getter String parametersToSkipWhenEmpty;
 
 	private final boolean APPEND_MESSAGEID_HEADER = AppConstants.getInstance(getConfigurationClassLoader()).getBoolean("http.headers.messageid", true);
 	private final boolean APPEND_CORRELATIONID_HEADER = AppConstants.getInstance(getConfigurationClassLoader()).getBoolean("http.headers.correlationid", true);
+	private boolean disableCookies = false;
 
 	private TransformerPool transformerPool=null;
 
 	protected Parameter urlParameter;
 
 	protected URI staticUri;
+	private CredentialFactory credentials;
+	private CredentialFactory user_cf;
+	private CredentialFactory client_cf;
 
 	protected Set<String> requestOrBodyParamsSet=new HashSet<>();
 	protected Set<String> headerParamsSet=new LinkedHashSet<>();
 	protected Set<String> parametersToSkipWhenEmptySet=new HashSet<>();
 
-	protected ParameterList paramList = null;
+	/**
+	 * Makes sure only http(s) requests can be performed.
+	 */
+	protected URI getURI(String url) throws URISyntaxException {
+		URIBuilder uri = new URIBuilder(url);
 
-	@Override
-	public void addParameter(Parameter p) {
-		if (paramList==null) {
-			paramList=new ParameterList();
+		if(uri.getScheme() == null) {
+			throw new URISyntaxException("", "must use an absolute url starting with http(s)://");
+		}
+		if (!uri.getScheme().matches("(?i)https?")) {
+			throw new IllegalArgumentException(ClassUtils.nameOf(this) + " only supports web based schemes. (http or https)");
 		}
-		paramList.add(p);
-	}
 
-	/**
-	 * return the Parameters
-	 */
-	@Override
-	public ParameterList getParameterList() {
-		return paramList;
+		if (uri.getPath()==null) {
+			uri.setPath("/");
+		}
+
+		log.info(getLogPrefix()+"created uri: scheme=["+uri.getScheme()+"] host=["+uri.getHost()+"] path=["+uri.getPath()+"]");
+		return uri.build();
 	}
 
 	@Override
 	public void configure() throws ConfigurationException {
-		if(StringUtils.isBlank(sharedResourceRef)) {
-			log.info("configuring local HttpSession");
-			super.configure();
-		}
+		super.configure();
+
+		/**
+		 * TODO find out if this really breaks proxy authentication or not.
+		 */
+//		httpClientBuilder.disableAuthCaching();
+
+		Builder requestConfigBuilder = RequestConfig.custom();
+		requestConfigBuilder.setConnectTimeout(getTimeout());
+		requestConfigBuilder.setConnectionRequestTimeout(getTimeout());
+		requestConfigBuilder.setSocketTimeout(getTimeout());
 
 		if (paramList!=null) {
 			paramList.configure();
-
 			if (StringUtils.isNotEmpty(getHeadersParams())) {
 				StringTokenizer st = new StringTokenizer(getHeadersParams(), ",");
 				while (st.hasMoreElements()) {
@@ -198,6 +348,10 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 			}
 		}
 
+		if (getMaxConnections() <= 0) {
+			throw new ConfigurationException(getLogPrefix()+"maxConnections is set to ["+getMaxConnections()+"], which is not enough for adequate operation");
+		}
+
 		try {
 			if (urlParameter == null) {
 				if (StringUtils.isEmpty(getUrl())) {
@@ -206,32 +360,102 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 				staticUri = getURI(getUrl());
 			}
 		} catch (URISyntaxException e) {
-			throw new ConfigurationException("cannot interpret url ["+getUrl()+"]", e);
+			throw new ConfigurationException(getLogPrefix()+"cannot interpret url ["+getUrl()+"]", e);
+		}
+
+		AuthSSLContextFactory.verifyKeystoreConfiguration(this, this);
+
+		if (StringUtils.isNotEmpty(getAuthAlias()) || StringUtils.isNotEmpty(getUsername())) {
+			user_cf = new CredentialFactory(getAuthAlias(), getUsername(), getPassword());
+			credentials = user_cf;
+		}
+		client_cf = new CredentialFactory(getClientAuthAlias(), getClientId(), getClientSecret());
+		if (credentials==null) {
+			credentials = client_cf;
+		}
+		if (StringUtils.isNotEmpty(getTokenEndpoint()) && StringUtils.isEmpty(getClientAuthAlias()) && StringUtils.isEmpty(getClientId())) {
+			throw new ConfigurationException("To obtain accessToken at tokenEndpoint ["+getTokenEndpoint()+"] a clientAuthAlias or ClientId and ClientSecret must be specified");
+		}
+		HttpHost proxy = null;
+		CredentialFactory pcf = null;
+		if (StringUtils.isNotEmpty(getProxyHost())) {
+			proxy = new HttpHost(getProxyHost(), getProxyPort());
+			pcf = new CredentialFactory(getProxyAuthAlias(), getProxyUsername(), getProxyPassword());
+			requestConfigBuilder.setProxy(proxy);
+			httpClientBuilder.setProxy(proxy);
+		}
+
+		try {
+			setupAuthentication(pcf, proxy, requestConfigBuilder);
+		} catch (HttpAuthenticationException e) {
+			throw new ConfigurationException("exception configuring authentication", e);
 		}
 
 		if (StringUtils.isNotEmpty(getStyleSheetName())) {
 			try {
 				Resource stylesheet = Resource.getResource(this, getStyleSheetName());
 				if (stylesheet == null) {
-					throw new ConfigurationException("cannot find stylesheet ["+getStyleSheetName()+"]");
+					throw new ConfigurationException(getLogPrefix() + "cannot find stylesheet ["+getStyleSheetName()+"]");
 				}
 				transformerPool = TransformerPool.getInstance(stylesheet);
 			} catch (IOException e) {
-				throw new ConfigurationException("cannot retrieve ["+ getStyleSheetName() + "]", e);
+				throw new ConfigurationException(getLogPrefix() + "cannot retrieve ["+ getStyleSheetName() + "]", e);
 			} catch (TransformerConfigurationException te) {
-				throw new ConfigurationException("got error creating transformer from file [" + getStyleSheetName() + "]", te);
+				throw new ConfigurationException(getLogPrefix() + "got error creating transformer from file [" + getStyleSheetName() + "]", te);
 			}
 		}
+
+		httpClientBuilder.setDefaultRequestConfig(requestConfigBuilder.build());
+
+		httpClientBuilder.setRetryHandler(new HttpRequestRetryHandler(getMaxExecuteRetries()));
+
+		if(areCookiesDisabled()) {
+			httpClientBuilder.disableCookieManagement();
+		}
+
+		// The redirect strategy used to only redirect GET, DELETE and HEAD.
+		httpClientBuilder.setRedirectStrategy(new DefaultRedirectStrategy() {
+			@Override
+			protected boolean isRedirectable(String method) {
+				return isFollowRedirects();
+			}
+		});
 	}
 
 	@Override
 	public void open() throws SenderException {
-		try {
-			start();
-		} catch (Exception e) {
-			throw new SenderException(getLogPrefix()+"unable to create HttpClient", e);
+		// In order to support multiThreading and connectionPooling
+		// If a sslSocketFactory has been defined, the connectionManager has to be initialized with the sslSocketFactory
+		PoolingHttpClientConnectionManager connectionManager;
+		int timeToLive = getConnectionTimeToLive();
+		if (timeToLive<=0) {
+			timeToLive = -1;
+		}
+		SSLConnectionSocketFactory sslSocketFactory = getSSLConnectionSocketFactory();
+		if(sslSocketFactory != null) {
+			Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
+				.register("http", PlainConnectionSocketFactory.getSocketFactory())
+				.register("https", sslSocketFactory)
+				.build();
+			connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry, null, null, null, timeToLive, TimeUnit.SECONDS);
+			log.debug(getLogPrefix()+"created PoolingHttpClientConnectionManager with custom SSLConnectionSocketFactory");
+		}
+		else {
+			connectionManager = new PoolingHttpClientConnectionManager(timeToLive, TimeUnit.SECONDS);
+			log.debug(getLogPrefix()+"created default PoolingHttpClientConnectionManager");
+		}
+
+		connectionManager.setMaxTotal(getMaxConnections());
+		connectionManager.setDefaultMaxPerRoute(getMaxConnections());
+
+		if (isStaleChecking()) {
+			log.info(getLogPrefix()+"set up connectionManager, setting stale checking ["+isStaleChecking()+"]");
+			connectionManager.setValidateAfterInactivity(getStaleTimeout());
 		}
 
+		httpClientBuilder.setConnectionManager(connectionManager);
+		httpClientBuilder.evictIdleConnections(getConnectionIdleTimeout(), TimeUnit.SECONDS);
+
 		if (transformerPool!=null) {
 			try {
 				transformerPool.open();
@@ -239,36 +463,116 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 				throw new SenderException(getLogPrefix()+"cannot start TransformerPool", e);
 			}
 		}
+
+		httpClient = httpClientBuilder.build();
 	}
 
 	@Override
-	public Class<CloseableHttpClient> getObjectType() {
-		return CloseableHttpClient.class;
+	public void close() throws SenderException {
+		try {
+			//Close the HttpClient and ConnectionManager to release resources and potential open connections
+			if(httpClient != null) {
+				httpClient.close();
+			}
+		} catch (IOException e) {
+			throw new SenderException(e);
+		}
+
+		if (transformerPool!=null) {
+			transformerPool.close();
+		}
 	}
 
-	@Override
-	public void start() {
-		if(StringUtils.isNotBlank(sharedResourceRef)) {
-			setHttpClient(getSharedResource(sharedResourceRef));
-		} else {
-			buildHttpClient();
+	private void setupAuthentication(CredentialFactory proxyCredentials, HttpHost proxy, Builder requestConfigBuilder) throws HttpAuthenticationException {
+		CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+		if (StringUtils.isNotEmpty(credentials.getUsername()) || StringUtils.isNotEmpty(getTokenEndpoint())) {
+
+			credentialsProvider.setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT), getCredentials());
+
+			AuthenticationScheme preferredAuthenticationScheme = getPreferredAuthenticationScheme();
+			requestConfigBuilder.setTargetPreferredAuthSchemes(Arrays.asList(preferredAuthenticationScheme.getSchemeName()));
+			requestConfigBuilder.setAuthenticationEnabled(true);
+
+			if (preferredAuthenticationScheme == AuthenticationScheme.OAUTH) {
+				OAuthAccessTokenManager accessTokenManager = new OAuthAccessTokenManager(getTokenEndpoint(), getScope(), client_cf, user_cf==null, isAuthenticatedTokenRequest(), this, getTokenExpiry());
+				httpClientContext.setAttribute(OAuthAuthenticationScheme.ACCESSTOKEN_MANAGER_KEY, accessTokenManager);
+				httpClientBuilder.setTargetAuthenticationStrategy(new OAuthPreferringAuthenticationStrategy());
+			}
 		}
+		if (proxy!=null) {
+			AuthScope scope = new AuthScope(proxy, proxyRealm, AuthScope.ANY_SCHEME);
+
+
+			if (StringUtils.isNotEmpty(proxyCredentials.getUsername())) {
+				Credentials credentials = new UsernamePasswordCredentials(proxyCredentials.getUsername(), proxyCredentials.getPassword());
+				credentialsProvider.setCredentials(scope, credentials);
+			}
+			//log.trace("setting credentialProvider [" + credentialsProvider.toString() + "]");
+
+			if(prefillProxyAuthCache()) {
+				requestConfigBuilder.setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC));
+
+				AuthCache authCache = httpClientContext.getAuthCache();
+				if(authCache == null)
+					authCache = new BasicAuthCache();
+
+				authCache.put(proxy, new BasicScheme());
+				httpClientContext.setAuthCache(authCache);
+			}
+
+		}
+
+		httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
 	}
 
-	@Override
-	public void close() {
-		if(StringUtils.isBlank(sharedResourceRef)) {
-			super.stop();
+	private void preAuthenticate() {
+		if (credentials != null && !StringUtils.isEmpty(credentials.getUsername())) {
+			AuthState authState = httpClientContext.getTargetAuthState();
+			if (authState==null) {
+				authState = new AuthState();
+				httpClientContext.setAttribute(HttpClientContext.TARGET_AUTH_STATE, authState);
+			}
+			authState.setState(AuthProtocolState.CHALLENGED);
+			authState.update(getPreferredAuthenticationScheme().createScheme(), getCredentials());
 		}
+	}
 
-		if (transformerPool!=null) {
-			transformerPool.close();
+	private Credentials getCredentials() {
+		String uname;
+		if (StringUtils.isNotEmpty(getAuthDomain())) {
+			uname = getAuthDomain() + "\\" + credentials.getUsername();
+		} else {
+			uname = credentials.getUsername();
 		}
+
+		return new UsernamePasswordCredentials(uname, credentials.getPassword());
+	}
+
+	private AuthenticationScheme getPreferredAuthenticationScheme() {
+		return StringUtils.isNotEmpty(getTokenEndpoint()) ? AuthenticationScheme.OAUTH : AuthenticationScheme.BASIC;
 	}
 
-	protected boolean appendParameters(boolean parametersAppended, StringBuilder path, ParameterValueList parameters) throws SenderException {
+	protected SSLConnectionSocketFactory getSSLConnectionSocketFactory() throws SenderException {
+		SSLConnectionSocketFactory sslSocketFactory;
+		HostnameVerifier hostnameVerifier = verifyHostname ? new DefaultHostnameVerifier() : new NoopHostnameVerifier();
+
+		try {
+			javax.net.ssl.SSLSocketFactory socketfactory = AuthSSLContextFactory.createSSLSocketFactory(this, this, getProtocol());
+			sslSocketFactory = new SSLConnectionSocketFactory(socketfactory, hostnameVerifier);
+		} catch (Exception e) {
+			throw new SenderException("cannot create or initialize SocketFactory", e);
+		}
+		// This method will be overwritten by the connectionManager when connectionPooling is enabled!
+		// Can still be null when no default or an invalid system sslSocketFactory has been defined
+		if(sslSocketFactory != null) {
+			httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
+		}
+		return sslSocketFactory;
+	}
+
+	protected boolean appendParameters(boolean parametersAppended, StringBuffer path, ParameterValueList parameters) throws SenderException {
 		if (parameters != null) {
-			log.debug("appending [{}] parameters", parameters::size);
+			if (log.isDebugEnabled()) log.debug(getLogPrefix()+"appending ["+parameters.size()+"] parameters");
 			for(ParameterValue pv : parameters) {
 				if (requestOrBodyParamsSet.contains(pv.getName())) {
 					String value = pv.asStringValue("");
@@ -282,7 +586,7 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 							}
 
 							String parameterToAppend = pv.getDefinition().getName() +"="+ URLEncoder.encode(value, getCharSet());
-							log.debug("appending parameter [{}]", parameterToAppend);
+							if (log.isDebugEnabled()) log.debug(getLogPrefix()+"appending parameter ["+parameterToAppend+"]");
 							path.append(parameterToAppend);
 						} catch (UnsupportedEncodingException e) {
 							throw new SenderException(getLogPrefix()+"["+getCharSet()+"] encoding error. Failed to add parameter ["+pv.getDefinition().getName()+"]", e);
@@ -294,17 +598,6 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 		return parametersAppended;
 	}
 
-
-	/**
-	 * Returns the true name of the class and not <code>XsltPipe$$EnhancerBySpringCGLIB$$563e6b5d</code>.
-	 * {@link ClassUtils#nameOf(Object)} makes sure the original class will be used.
-	 * 
-	 * @return className + name of the ISender
-	 */
-	protected String getLogPrefix() {
-		return ClassUtils.nameOf(this) + " ";
-	}
-
 	/**
 	 * Custom implementation to create a {@link HttpRequestBase HttpRequest} object.
 	 * @param uri endpoint to send the message to
@@ -397,16 +690,17 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 
 			preAuthenticate();
 
-			log.info("configured httpclient for host [{}]", targetUri::getHost);
+			log.info(getLogPrefix()+"configured httpclient for host ["+targetUri.getHost()+"]");
 
 		} catch (Exception e) {
 			throw new SenderException(e);
 		}
 
-		Message result;
-		int statusCode;
+		Message result = null;
+		int statusCode = -1;
 		boolean success;
-		String reasonPhrase;
+		String reasonPhrase = null;
+		HttpHost targetHost = new HttpHost(targetUri.getHost(), targetUri.getPort(), targetUri.getScheme());
 
 		TimeoutGuard tg = new TimeoutGuard(1+getTimeout()/1000, getName()) {
 
@@ -417,9 +711,9 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 
 		};
 		try {
-			log.debug("executing method [{}]", httpRequestBase::getRequestLine);
-			HttpResponse httpResponse = execute(targetUri, httpRequestBase);
-			log.debug("executed method");
+			log.debug(getLogPrefix()+"executing method [" + httpRequestBase.getRequestLine() + "]");
+			HttpResponse httpResponse = getHttpClient().execute(targetHost, httpRequestBase, httpClientContext);
+			log.debug(getLogPrefix()+"executed method");
 
 			HttpResponseHandler responseHandler = new HttpResponseHandler(httpResponse);
 			StatusLine statusline = httpResponse.getStatusLine();
@@ -433,14 +727,14 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 
 			// Only give warnings for 4xx (client errors) and 5xx (server errors)
 			if (statusCode >= 400 && statusCode < 600) {
-				log.warn("status [{}]", statusline);
+				log.warn(getLogPrefix()+"status ["+statusline.toString()+"]");
 			} else {
-				log.debug("status [{}]", statusCode);
+				log.debug(getLogPrefix()+"status ["+statusCode+"]");
 			}
 
 			result = extractResult(responseHandler, session);
 
-			log.debug("retrieved result [{}]", result);
+			log.debug(getLogPrefix()+"retrieved result ["+result+"]");
 		} catch (IOException e) {
 			httpRequestBase.abort();
 			if (e instanceof SocketTimeoutException) {
@@ -455,8 +749,8 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 			// in a sessionKey for later use in the pipeline.
 			//
 			// IMPORTANT: It is possible that poorly written implementations
-			// won't read or close the response.
-			// This will cause the connection to become stale.
+			// wont read or close the response.
+			// This will cause the connection to become stale..
 
 			if (tg.cancel()) {
 				throw new TimeoutException(getLogPrefix()+"timeout of ["+getTimeout()+"] ms exceeded");
@@ -468,16 +762,15 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 		}
 
 		if (isXhtml() && !Message.isEmpty(result)) {
-			// TODO: Streaming XHTML conversion for better performance with large result message?
 			String xhtml;
-			try(Message m = result) {
-				xhtml = XmlUtils.toXhtml(m);
+			try {
+				xhtml = XmlUtils.toXhtml(result);
 			} catch (IOException e) {
 				throw new SenderException("error reading http response as String", e);
 			}
 
 			if (transformerPool != null && xhtml != null) {
-				log.debug("transforming result [{}]", xhtml);
+				log.debug(getLogPrefix() + " transforming result [" + xhtml + "]");
 				try {
 					xhtml = transformerPool.transform(Message.asSource(xhtml));
 				} catch (Exception e) {
@@ -488,7 +781,7 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 			result = Message.asMessage(xhtml);
 		}
 
-		if (result == null) {
+		if (result==null) {
 			result = Message.nullMessage();
 		}
 		log.debug("Storing [{}]=[{}], [{}]=[{}]", CONTEXT_KEY_STATUS_CODE, statusCode, CONTEXT_KEY_REASON_PHRASE, reasonPhrase);
@@ -542,18 +835,174 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 		charSet = string;
 	}
 
+	/**
+	 * Timeout in ms of obtaining a connection/result. 0 means no timeout
+	 * @ff.default 10000
+	 */
+	public void setTimeout(int i) {
+		timeout = i;
+	}
+
+	/**
+	 * The maximum number of concurrent connections
+	 * @ff.default 10
+	 */
+	public void setMaxConnections(int i) {
+		maxConnections = i;
+	}
+
+	/**
+	 * The maximum number of times the execution is retried
+	 * @ff.default 1 (for repeatable messages) else 0
+	 */
+	public void setMaxExecuteRetries(int i) {
+		maxExecuteRetries = i;
+	}
+
+	/** Authentication alias used for authentication to the host */
+	public void setAuthAlias(String string) {
+		authAlias = string;
+	}
+
+	/** Username used for authentication to the host */
+	public void setUsername(String username) {
+		this.username = username;
+	}
 	@Deprecated
 	@ConfigurationWarning("Please use attribute username instead")
 	public void setUserName(String username) {
 		setUsername(username);
 	}
 
+	/** Password used for authentication to the host */
+	public void setPassword(String string) {
+		password = string;
+	}
+
+	/**
+	 * Corporate domain name. Should only be used in combination with sAMAccountName, never with an UPN.<br/>
+	 * <br/>
+	 * Assuming the following user:<br/>
+	 * UPN: john.doe@CorpDomain.biz<br/>
+	 * sAMAccountName: CORPDOMAIN\john.doe<br/>
+	 * <br/>
+	 * The username attribute may be set to <code>john.doe</code><br/>
+	 * The AuthDomain attribute may be set to <code>CORPDOMAIN</code><br/>
+	 */
+	@Deprecated
+	@ConfigurationWarning("Please use the UPN or the full sAM-AccountName instead")
+	public void setAuthDomain(String string) {
+		authDomain = string;
+	}
+
+	/**
+	 * Endpoint to obtain OAuth accessToken. If <code>authAlias</code> or <code>username</code>( and <code>password</code>) are specified,
+	 * then a PasswordGrant is used, otherwise a ClientCredentials grant. The obtained accessToken will be added to the regular requests
+	 * in an HTTP Header 'Authorization' with a 'Bearer' prefix.
+	 */
+	public void setTokenEndpoint(String string) {
+		tokenEndpoint = string;
+	}
+	/**
+	 * If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed. Otherwise the token
+	 * will be refreshed when it is half way its lifetime as defined by the <code>expires_in</code> clause of the token response,
+	 * or when the regular server returns a 401 status with a challenge.
+	 * If not specified, and the accessTokens lifetime is not found in the token response, the accessToken will not be refreshed preemptively.
+	 * @ff.default -1
+	 */
+	public void setTokenExpiry(int value) {
+		tokenExpiry = value;
+	}
+	/** Alias used to obtain client_id and client_secret for authentication to <code>tokenEndpoint</code> */
+	public void setClientAlias(String clientAuthAlias) {
+		this.clientAuthAlias = clientAuthAlias;
+	}
+	/** Client_id used in authentication to <code>tokenEndpoint</code> */
+	public void setClientId(String clientId) {
+		this.clientId = clientId;
+	}
+
+	/** Client_secret used in authentication to <code>tokenEndpoint</code> */
+	public void setClientSecret(String clientSecret) {
+		this.clientSecret = clientSecret;
+	}
+	/** Space or comma separated list of scope items requested for accessToken, e.g. <code>read write</code>. Only used when <code>tokenEndpoint</code> is specified */
+	public void setScope(String string) {
+		scope = string;
+	}
+	/** if set true, clientId and clientSecret will be added as Basic Authentication header to the tokenRequest, instead of as request parameters */
+	public void setAuthenticatedTokenRequest(boolean authenticatedTokenRequest) {
+		this.authenticatedTokenRequest = authenticatedTokenRequest;
+	}
+
+
+	/** Proxy host */
+	public void setProxyHost(String string) {
+		proxyHost = string;
+	}
+
+	/**
+	 * Proxy port
+	 * @ff.default 80
+	 */
+	public void setProxyPort(int i) {
+		proxyPort = i;
+	}
+
+	/** Alias used to obtain credentials for authentication to proxy */
+	public void setProxyAuthAlias(String string) {
+		proxyAuthAlias = string;
+	}
+
+	/**
+	 * Proxy username
+	 * @ff.default  
+	 */
+	public void setProxyUsername(String string) {
+		proxyUsername = string;
+	}
 	@Deprecated
 	@ConfigurationWarning("Please use \"proxyUsername\" instead")
 	public void setProxyUserName(String string) {
 		setProxyUsername(string);
 	}
 
+	/**
+	 * Proxy password
+	 * @ff.default  
+	 */
+	public void setProxyPassword(String string) {
+		proxyPassword = string;
+	}
+
+	/**
+	 * Proxy realm
+	 * @ff.default  
+	 */
+	public void setProxyRealm(String string) {
+		proxyRealm = StringUtils.isNotEmpty(string) ? string : null;
+	}
+
+	/**
+	 * TODO: make this configurable
+	 * @return false
+	 */
+	public boolean prefillProxyAuthCache() {
+		return false;
+	}
+
+	/**
+	 * Disables the use of cookies, making the sender completely stateless
+	 * @ff.default false
+	 */
+	public void setDisableCookies(boolean disableCookies) {
+		this.disableCookies = disableCookies;
+	}
+	public boolean areCookiesDisabled() {
+		return disableCookies;
+	}
+
+
 	@Deprecated
 	@ConfigurationWarning("Please use attribute keystore instead")
 	public void setCertificate(String string) {
@@ -575,6 +1024,87 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 		setKeystorePassword(string);
 	}
 
+	/** resource URL to keystore or certificate to be used for authentication. If none specified, the JVMs default keystore will be used. */
+	@Override
+	public void setKeystore(String string) {
+		keystore = string;
+	}
+
+	@Override
+	public void setKeystoreType(KeystoreType value) {
+		keystoreType = value;
+	}
+
+	@Override
+	public void setKeystoreAuthAlias(String string) {
+		keystoreAuthAlias = string;
+	}
+
+	@Override
+	public void setKeystorePassword(String string) {
+		keystorePassword = string;
+	}
+
+	@Override
+	public void setKeyManagerAlgorithm(String keyManagerAlgorithm) {
+		this.keyManagerAlgorithm = keyManagerAlgorithm;
+	}
+
+	@Override
+	public void setKeystoreAlias(String string) {
+		keystoreAlias = string;
+	}
+	@Override
+	public void setKeystoreAliasAuthAlias(String string) {
+		keystoreAliasAuthAlias = string;
+	}
+	@Override
+	public void setKeystoreAliasPassword(String string) {
+		keystoreAliasPassword = string;
+	}
+
+	@Override
+	/** Resource URL to truststore to be used for authenticating peer. If none specified, the JVMs default truststore will be used. */
+	public void setTruststore(String string) {
+		truststore = string;
+	}
+
+	@Override
+	public void setTruststoreAuthAlias(String string) {
+		truststoreAuthAlias = string;
+	}
+
+	@Override
+	public void setTruststorePassword(String string) {
+		truststorePassword = string;
+	}
+
+	@Override
+	public void setTruststoreType(KeystoreType value) {
+		truststoreType = value;
+	}
+
+	@Override
+	public void setTrustManagerAlgorithm(String trustManagerAlgorithm) {
+		this.trustManagerAlgorithm = trustManagerAlgorithm;
+	}
+
+	@Override
+	public void setVerifyHostname(boolean b) {
+		verifyHostname = b;
+	}
+
+	@Override
+	public void setAllowSelfSignedCertificates(boolean allowSelfSignedCertificates) {
+		this.allowSelfSignedCertificates = allowSelfSignedCertificates;
+	}
+
+	@Override
+	public void setIgnoreCertificateExpiredException(boolean b) {
+		ignoreCertificateExpiredException = b;
+	}
+
+
 	/** Comma separated list of parameter names which should be set as HTTP headers */
 	public void setHeadersParams(String headersParams) {
 		this.headersParams = headersParams;
@@ -585,6 +1115,56 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 		this.parametersToSkipWhenEmpty = parametersToSkipWhenEmpty;
 	}
 
+
+	/**
+	 * If <code>true</code>, a redirect request will be honoured, e.g. to switch to HTTPS
+	 * @ff.default true
+	 */
+	public void setFollowRedirects(boolean b) {
+		followRedirects = b;
+	}
+
+	/**
+	 * If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successful
+	 * @ff.default false
+	 */
+	public void setIgnoreRedirects(boolean b) {
+		ignoreRedirects = b;
+	}
+
+
+	/**
+	 * Controls whether connections checked to be stale, i.e. appear open, but are not.
+	 * @ff.default true
+	 */
+	public void setStaleChecking(boolean b) {
+		staleChecking = b;
+	}
+
+	/**
+	 * Used when StaleChecking=<code>true</code>. Timeout after which an idle connection will be validated before being used.
+	 * @ff.default 5000 ms
+	 */
+	public void setStaleTimeout(int timeout) {
+		staleTimeout = timeout;
+	}
+
+	/**
+	 * Maximum Time to Live for connections in the pool. No connection will be re-used past its timeToLive value.
+	 * @ff.default 900 s
+	 */
+	public void setConnectionTimeToLive(int timeToLive) {
+		connectionTimeToLive = timeToLive;
+	}
+
+	/**
+	 * Maximum Time for connection to stay idle in the pool. Connections that are idle longer will periodically be evicted from the pool
+	 * @ff.default 10 s
+	 */
+	public void setConnectionIdleTimeout(int idleTimeout) {
+		connectionIdleTimeout = idleTimeout;
+	}
+
 	/**
 	 * If <code>true</code>, the HTML response is transformed to XHTML
 	 * @ff.default false
@@ -598,6 +1178,14 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 		this.styleSheetName=stylesheetName;
 	}
 
+	/**
+	 * Secure socket protocol (such as 'SSL' and 'TLS') to use when a SSLContext object is generated.
+	 * @ff.default SSL
+	 */
+	public void setProtocol(String protocol) {
+		this.protocol = protocol;
+	}
+
 	/** If set, the status code of the HTTP response is put in the specified sessionKey and the (error or okay) response message is returned.
 	 * Setting this property has a side effect. If a 4xx or 5xx result code is returned and if the configuration does not implement
 	 * the specific forward for the returned HTTP result code, then the success forward is followed instead of the exception forward.
@@ -605,4 +1193,4 @@ public abstract class HttpSenderBase extends HttpSessionBase implements HasPhysi
 	public void setResultStatusCodeSessionKey(String resultStatusCodeSessionKey) {
 		this.resultStatusCodeSessionKey = resultStatusCodeSessionKey;
 	}
-}
+}
\ No newline at end of file
diff --git a/java/nl/nn/adapterframework/http/HttpSessionBase.java b/java/nl/nn/adapterframework/http/HttpSessionBase.java
deleted file mode 100644
index 699a545..0000000
--- a/java/nl/nn/adapterframework/http/HttpSessionBase.java
+++ /dev/null
@@ -1,748 +0,0 @@
-/*
-   Copyright 2017-2023 WeAreFrank!
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-package nl.nn.adapterframework.http;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.Arrays;
-import java.util.concurrent.TimeUnit;
-
-import javax.annotation.Nonnull;
-import javax.net.ssl.HostnameVerifier;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.http.HttpHost;
-import org.apache.http.HttpResponse;
-import org.apache.http.auth.AuthProtocolState;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.AuthState;
-import org.apache.http.auth.Credentials;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.AuthCache;
-import org.apache.http.client.CredentialsProvider;
-import org.apache.http.client.config.AuthSchemes;
-import org.apache.http.client.config.RequestConfig;
-import org.apache.http.client.methods.HttpDelete;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpHead;
-import org.apache.http.client.methods.HttpRequestBase;
-import org.apache.http.client.protocol.HttpClientContext;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.config.Registry;
-import org.apache.http.config.RegistryBuilder;
-import org.apache.http.conn.socket.ConnectionSocketFactory;
-import org.apache.http.conn.socket.PlainConnectionSocketFactory;
-import org.apache.http.conn.ssl.DefaultHostnameVerifier;
-import org.apache.http.conn.ssl.NoopHostnameVerifier;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.impl.auth.BasicScheme;
-import org.apache.http.impl.client.BasicAuthCache;
-import org.apache.http.impl.client.BasicCredentialsProvider;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.DefaultRedirectStrategy;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
-import org.apache.logging.log4j.Logger;
-import org.springframework.context.ApplicationContext;
-
-import lombok.Getter;
-import lombok.Setter;
-import nl.nn.adapterframework.configuration.ConfigurationException;
-import nl.nn.adapterframework.configuration.ConfigurationWarning;
-import nl.nn.adapterframework.encryption.AuthSSLContextFactory;
-import nl.nn.adapterframework.encryption.HasKeystore;
-import nl.nn.adapterframework.encryption.HasTruststore;
-import nl.nn.adapterframework.encryption.KeystoreType;
-import nl.nn.adapterframework.http.authentication.AuthenticationScheme;
-import nl.nn.adapterframework.http.authentication.HttpAuthenticationException;
-import nl.nn.adapterframework.http.authentication.OAuthAccessTokenManager;
-import nl.nn.adapterframework.http.authentication.OAuthAuthenticationScheme;
-import nl.nn.adapterframework.http.authentication.OAuthPreferringAuthenticationStrategy;
-import nl.nn.adapterframework.lifecycle.ConfigurableLifecycle;
-import nl.nn.adapterframework.util.ClassUtils;
-import nl.nn.adapterframework.util.CredentialFactory;
-import nl.nn.adapterframework.util.LogUtil;
-
-/**
- * <p>
- * Note 1:
- * Some certificates require the &lt;java_home&gt;/jre/lib/security/xxx_policy.jar files to be upgraded to unlimited strength. Typically, in such a case, an error message like
- * <code>Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters</code> is observed.
- * For IBM JDKs these files can be downloaded from http://www.ibm.com/developerworks/java/jdk/security/50/ (scroll down to 'IBM SDK Policy files')
- * </p>
- * Replace in the directory java\jre\lib\security the following files:
- * <ul>
- * <li>local_policy.jar</li>
- * <li>US_export_policy.jar</li>
- * </ul>
- * <p>
- * Note 2:
- * To debug ssl-related problems, set the following system property:
- * <ul>
- * <li>IBM / WebSphere: <code>-Djavax.net.debug=true</code></li>
- * <li>SUN: <code>-Djavax.net.debug=all</code></li>
- * </ul>
- * </p>
- * <p>
- * Note 3:
- * In case <code>javax.net.ssl.SSLHandshakeException: unknown certificate</code>-exceptions are thrown,
- * probably the certificate of the other party is not trusted. Try to use one of the certificates in the path as your truststore by doing the following:
- * <ul>
- *   <li>open the URL you are trying to reach in InternetExplorer</li>
- *   <li>click on the yellow padlock on the right in the bottom-bar. This opens the certificate information window</li>
- *   <li>click on tab 'Certificeringspad'</li>
- *   <li>double click on root certificate in the tree displayed. This opens the certificate information window for the root certificate</li>
- *   <li>click on tab 'Details'</li>
- *   <li>click on 'Kopieren naar bestand'</li>
- *   <li>click 'next', choose 'DER Encoded Binary X.509 (.CER)'</li>
- *   <li>click 'next', choose a filename</li>
- *   <li>click 'next' and 'finish'</li>
- * 	 <li>Start IBM key management tool ikeyman.bat, located in Program Files/IBM/WebSphere Studio/Application Developer/v5.1.2/runtimes/base_v51/bin (or similar)</li>
- *   <li>create a new key-database (Sleuteldatabase -> Nieuw...), or open the default key.jks (default password="changeit")</li>
- *   <li>add the generated certificate (Toevoegen...)</li>
- *   <li>store the key-database in JKS format</li>
- *   <li>if you didn't use the standard keydatabase, then reference the file in the truststore-attribute in Configuration.xml (include the file as a resource)</li>
- *   <li>use jks for the truststoreType-attribute</li>
- *   <li>restart your application</li>
- *   <li>instead of IBM ikeyman you can use the standard java tool <code>keytool</code> as follows:
- *      <code>keytool -import -alias <i>yourAlias</i> -file <i>pathToSavedCertificate</i></code></li>
- * </ul>
- * <p>
- * Note 4:
- * In case <code>cannot create or initialize SocketFactory: (IOException) Unable to verify MAC</code>-exceptions are thrown,
- * please check password or authAlias configuration of the corresponding certificate.
- * </p>
- *
- * @author	Niels Meijer
- * @since	7.0
- */
-public abstract class HttpSessionBase implements ConfigurableLifecycle, HasKeystore, HasTruststore {
-	protected Logger log = LogUtil.getLogger(this);
-
-	private @Getter ClassLoader configurationClassLoader = Thread.currentThread().getContextClassLoader();
-	private @Getter @Setter String name;
-	private @Getter @Setter ApplicationContext applicationContext;
-
-	/* CONNECTION POOL */
-	private @Getter int timeout = 10000;
-	private @Getter int maxConnections = 10;
-	private @Getter int maxExecuteRetries = 1;
-	private @Getter boolean staleChecking=true;
-	private @Getter int staleTimeout = 5000; // [ms]
-	private @Getter int connectionTimeToLive = 900; // [s]
-	private @Getter int connectionIdleTimeout = 10; // [s]
-	private HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
-	private HttpClientContext httpClientContext = HttpClientContext.create();
-	private @Getter CloseableHttpClient httpClient;
-
-	/* SECURITY */
-	private @Getter String authAlias;
-	private @Getter String username;
-	private @Getter String password;
-	private @Getter String authDomain;
-	private @Getter String tokenEndpoint;
-	private @Getter int tokenExpiry=-1;
-	private @Getter String clientAuthAlias;
-	private @Getter String clientId;
-	private @Getter String clientSecret;
-	private @Getter String scope;
-	private @Getter boolean authenticatedTokenRequest;
-
-	/* PROXY */
-	private @Getter String proxyHost;
-	private @Getter int    proxyPort=80;
-	private @Getter String proxyAuthAlias;
-	private @Getter String proxyUsername;
-	private @Getter String proxyPassword;
-	private @Getter String proxyRealm=null;
-	private @Getter boolean prefillProxyAuthCache;
-
-	/* SSL */
-	private @Getter String keystore;
-	private @Getter String keystoreAuthAlias;
-	private @Getter String keystorePassword;
-	private @Getter KeystoreType keystoreType=KeystoreType.PKCS12;
-	private @Getter String keystoreAlias;
-	private @Getter String keystoreAliasAuthAlias;
-	private @Getter String keystoreAliasPassword;
-	private @Getter String keyManagerAlgorithm=null;
-
-	private @Getter String truststore=null;
-	private @Getter String truststoreAuthAlias;
-	private @Getter String truststorePassword=null;
-	private @Getter KeystoreType truststoreType=KeystoreType.JKS;
-	private @Getter String trustManagerAlgorithm=null;
-	private @Getter boolean allowSelfSignedCertificates = false;
-	private @Getter boolean verifyHostname=true;
-	private @Getter boolean ignoreCertificateExpiredException=false;
-
-	private @Getter boolean followRedirects=true;
-	private @Getter boolean ignoreRedirects=false;
-	private @Getter String protocol=null;
-	private SSLConnectionSocketFactory sslSocketFactory;
-
-	private boolean disableCookies = false;
-
-	private CredentialFactory credentials;
-	private CredentialFactory user_cf;
-	private CredentialFactory client_cf;
-
-	/**
-	 * Makes sure only http(s) requests can be performed.
-	 */
-	protected URI getURI(String url) throws URISyntaxException {
-		URIBuilder uri = new URIBuilder(url);
-
-		if(uri.getScheme() == null) {
-			throw new URISyntaxException("", "must use an absolute url starting with http(s)://");
-		}
-		if (!uri.getScheme().matches("(?i)https?")) {
-			throw new IllegalArgumentException(ClassUtils.nameOf(this) + " only supports web based schemes. (http or https)");
-		}
-
-		if (uri.getPath()==null) {
-			uri.setPath("/");
-		}
-
-		log.info("created uri: scheme=["+uri.getScheme()+"] host=["+uri.getHost()+"] path=["+uri.getPath()+"]");
-		return uri.build();
-	}
-
-	@Override
-	public void configure() throws ConfigurationException {
-		/**
-		 * TODO find out if this really breaks proxy authentication or not.
-		 */
-//		httpClientBuilder.disableAuthCaching();
-
-		if (getMaxConnections() <= 0) {
-			throw new ConfigurationException("maxConnections is set to ["+getMaxConnections()+"], which is not enough for adequate operation");
-		}
-
-		AuthSSLContextFactory.verifyKeystoreConfiguration(this, this);
-
-		if (StringUtils.isNotEmpty(getAuthAlias()) || StringUtils.isNotEmpty(getUsername())) {
-			user_cf = new CredentialFactory(getAuthAlias(), getUsername(), getPassword());
-			credentials = user_cf;
-		}
-		client_cf = new CredentialFactory(getClientAuthAlias(), getClientId(), getClientSecret());
-		if (credentials==null) {
-			credentials = client_cf;
-		}
-		if (StringUtils.isNotEmpty(getTokenEndpoint()) && StringUtils.isEmpty(getClientAuthAlias()) && StringUtils.isEmpty(getClientId())) {
-			throw new ConfigurationException("To obtain accessToken at tokenEndpoint ["+getTokenEndpoint()+"] a clientAuthAlias or ClientId and ClientSecret must be specified");
-		}
-
-
-		RequestConfig.Builder requestConfigBuilder = RequestConfig.custom();
-		requestConfigBuilder.setConnectTimeout(getTimeout());
-		requestConfigBuilder.setConnectionRequestTimeout(getTimeout());
-		requestConfigBuilder.setSocketTimeout(getTimeout());
-
-		HttpHost proxy = null;
-		CredentialFactory pcf = null;
-		if (StringUtils.isNotEmpty(getProxyHost())) {
-			proxy = new HttpHost(getProxyHost(), getProxyPort());
-			pcf = new CredentialFactory(getProxyAuthAlias(), getProxyUsername(), getProxyPassword());
-			requestConfigBuilder.setProxy(proxy);
-			httpClientBuilder.setProxy(proxy);
-		}
-
-		try {
-			setupAuthentication(pcf, proxy, requestConfigBuilder);
-		} catch (HttpAuthenticationException e) {
-			throw new ConfigurationException("exception configuring authentication", e);
-		}
-
-		httpClientBuilder.setDefaultRequestConfig(requestConfigBuilder.build());
-
-		httpClientBuilder.setRetryHandler(new HttpRequestRetryHandler(getMaxExecuteRetries()));
-
-		if(areCookiesDisabled()) {
-			httpClientBuilder.disableCookieManagement();
-		}
-		httpClientBuilder.evictIdleConnections((long) getConnectionIdleTimeout(), TimeUnit.SECONDS);
-
-		sslSocketFactory = getSSLConnectionSocketFactory(); //Configure it here, so we can handle exceptions
-
-		configureRedirectStrategy();
-	}
-
-	/** The redirect strategy used to only redirect GET, DELETE and HEAD. */
-	private void configureRedirectStrategy() {
-		if(isFollowRedirects()) {
-			httpClientBuilder.setRedirectStrategy(new DefaultRedirectStrategy(new String[] { HttpGet.METHOD_NAME, HttpHead.METHOD_NAME, HttpDelete.METHOD_NAME }));
-		} else {
-			httpClientBuilder.disableRedirectHandling();
-		}
-	}
-
-	/** 
-	 * In order to support multiThreading and connectionPooling.
-	 * The connectionManager has to be initialized with a sslSocketFactory.
-	 * The pool must be re-created once closed.
-	 */
-	public void configureConnectionManager() {
-		int timeToLive = getConnectionTimeToLive();
-		if (timeToLive<=0) {
-			timeToLive = -1;
-		}
-
-		Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
-			.register("http", PlainConnectionSocketFactory.getSocketFactory())
-			.register("https", sslSocketFactory)
-			.build();
-
-		PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry, null, null, null, timeToLive, TimeUnit.SECONDS);
-		log.debug("created PoolingHttpClientConnectionManager with custom SSLConnectionSocketFactory");
-
-		connectionManager.setMaxTotal(getMaxConnections());
-		connectionManager.setDefaultMaxPerRoute(getMaxConnections());
-
-		if (isStaleChecking()) {
-			log.info("set up connectionManager, setting stale checking ["+isStaleChecking()+"]");
-			connectionManager.setValidateAfterInactivity(getStaleTimeout());
-		}
-
-		httpClientBuilder.setConnectionManager(connectionManager);
-	}
-
-	@Override
-	public void start() {
-		buildHttpClient();
-	}
-
-	protected void buildHttpClient() {
-		configureConnectionManager();
-		httpClient = httpClientBuilder.build();
-	}
-
-	protected void setHttpClient(CloseableHttpClient httpClient) {
-		this.httpClient = httpClient;
-	}
-
-	@Override
-	public boolean isRunning() {
-		return getHttpClient() != null;
-	}
-
-	@Override
-	public void stop() {
-		//Close the HttpClient and ConnectionManager to release resources and potential open connections
-		if(httpClient != null) {
-			try {
-				httpClient.close();
-			} catch (IOException e) {
-				log.warn("unable to close HttpClient", e);
-			}
-		}
-	}
-
-	private void setupAuthentication(CredentialFactory proxyCredentials, HttpHost proxy, RequestConfig.Builder requestConfigBuilder) throws HttpAuthenticationException {
-		CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-		if (StringUtils.isNotEmpty(credentials.getUsername()) || StringUtils.isNotEmpty(getTokenEndpoint())) {
-
-			credentialsProvider.setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT), getCredentials());
-
-			AuthenticationScheme preferredAuthenticationScheme = getPreferredAuthenticationScheme();
-			requestConfigBuilder.setTargetPreferredAuthSchemes(Arrays.asList(preferredAuthenticationScheme.getSchemeName()));
-			requestConfigBuilder.setAuthenticationEnabled(true);
-
-			if (preferredAuthenticationScheme == AuthenticationScheme.OAUTH) {
-				OAuthAccessTokenManager accessTokenManager = new OAuthAccessTokenManager(getTokenEndpoint(), getScope(), client_cf, user_cf==null, isAuthenticatedTokenRequest(), this, getTokenExpiry());
-				httpClientContext.setAttribute(OAuthAuthenticationScheme.ACCESSTOKEN_MANAGER_KEY, accessTokenManager);
-				httpClientBuilder.setTargetAuthenticationStrategy(new OAuthPreferringAuthenticationStrategy());
-			}
-		}
-		if (proxy!=null) {
-			AuthScope authScope = new AuthScope(proxy, proxyRealm, AuthScope.ANY_SCHEME);
-
-
-			if (StringUtils.isNotEmpty(proxyCredentials.getUsername())) {
-				Credentials httpCredentials = new UsernamePasswordCredentials(proxyCredentials.getUsername(), proxyCredentials.getPassword());
-				credentialsProvider.setCredentials(authScope, httpCredentials);
-			}
-			log.trace("setting credentialProvider [{}]", credentialsProvider);
-
-			if(isPrefillProxyAuthCache()) {
-				requestConfigBuilder.setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC));
-
-				AuthCache authCache = httpClientContext.getAuthCache();
-				if(authCache == null)
-					authCache = new BasicAuthCache();
-
-				authCache.put(proxy, new BasicScheme());
-				httpClientContext.setAuthCache(authCache);
-			}
-
-		}
-
-		httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
-	}
-
-	protected void preAuthenticate() {
-		if (credentials != null && !StringUtils.isEmpty(credentials.getUsername())) {
-			AuthState authState = httpClientContext.getTargetAuthState();
-			if (authState==null) {
-				authState = new AuthState();
-				httpClientContext.setAttribute(HttpClientContext.TARGET_AUTH_STATE, authState);
-			}
-			authState.setState(AuthProtocolState.CHALLENGED);
-			authState.update(getPreferredAuthenticationScheme().createScheme(), getCredentials());
-		}
-	}
-
-	private Credentials getCredentials() {
-		String uname;
-		if (StringUtils.isNotEmpty(getAuthDomain())) {
-			uname = getAuthDomain() + "\\" + credentials.getUsername();
-		} else {
-			uname = credentials.getUsername();
-		}
-
-		return new UsernamePasswordCredentials(uname, credentials.getPassword());
-	}
-
-	private AuthenticationScheme getPreferredAuthenticationScheme() {
-		return StringUtils.isNotEmpty(getTokenEndpoint()) ? AuthenticationScheme.OAUTH : AuthenticationScheme.BASIC;
-	}
-
-	@Nonnull
-	protected SSLConnectionSocketFactory getSSLConnectionSocketFactory() throws ConfigurationException {
-		SSLConnectionSocketFactory sslSocketFactory;
-		HostnameVerifier hostnameVerifier = verifyHostname ? new DefaultHostnameVerifier() : new NoopHostnameVerifier();
-
-		try {
-			javax.net.ssl.SSLSocketFactory socketfactory = AuthSSLContextFactory.createSSLSocketFactory(this, this, getProtocol());
-			sslSocketFactory = new SSLConnectionSocketFactory(socketfactory, hostnameVerifier);
-		} catch (Exception e) {
-			throw new ConfigurationException("cannot create or initialize SocketFactory", e);
-		}
-
-		// This method will be overwritten by the connectionManager when connectionPooling is enabled!
-		// Can still be null when no default or an invalid system sslSocketFactory has been defined
-		httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
-
-		return sslSocketFactory;
-	}
-
-	protected HttpResponse execute(URI targetUri, HttpRequestBase httpRequestBase) throws IOException {
-		return execute(null, targetUri, httpRequestBase);
-	}
-
-	protected HttpResponse execute(CloseableHttpClient httpClient, URI targetUri, HttpRequestBase httpRequestBase) throws IOException {
-		if (httpClient == null) {
-			httpClient = getHttpClient();
-		}
-		HttpHost targetHost = new HttpHost(targetUri.getHost(), targetUri.getPort(), targetUri.getScheme());
-		return httpClient.execute(targetHost, httpRequestBase, httpClientContext);
-	}
-
-	/**
-	 * Timeout in ms of obtaining a connection/result. 0 means no timeout
-	 * @ff.default 10000
-	 */
-	public void setTimeout(int i) {
-		timeout = i;
-	}
-
-	/**
-	 * The maximum number of concurrent connections
-	 * @ff.default 10
-	 */
-	public void setMaxConnections(int i) {
-		maxConnections = i;
-	}
-
-	/**
-	 * The maximum number of times the execution is retried
-	 * @ff.default 1 (for repeatable messages) else 0
-	 */
-	public void setMaxExecuteRetries(int i) {
-		maxExecuteRetries = i;
-	}
-
-	/** Authentication alias used for authentication to the host */
-	public void setAuthAlias(String string) {
-		authAlias = string;
-	}
-
-	/** Username used for authentication to the host */
-	public void setUsername(String username) {
-		this.username = username;
-	}
-
-	/**
-	 * Corporate domain name. Should only be used in combination with sAMAccountName, never with an UPN.<br/>
-	 * <br/>
-	 * Assuming the following user:<br/>
-	 * UPN: john.doe@CorpDomain.biz<br/>
-	 * sAMAccountName: CORPDOMAIN\john.doe<br/>
-	 * <br/>
-	 * The username attribute may be set to <code>john.doe</code><br/>
-	 * The AuthDomain attribute may be set to <code>CORPDOMAIN</code><br/>
-	 */
-	@Deprecated
-	@ConfigurationWarning("Please use the UPN or the full sAM-AccountName instead")
-	public void setAuthDomain(String string) {
-		authDomain = string;
-	}
-
-	/** Password used for authentication to the host */
-	public void setPassword(String string) {
-		password = string;
-	}
-
-	/**
-	 * Endpoint to obtain OAuth accessToken. If <code>authAlias</code> or <code>username</code>( and <code>password</code>) are specified,
-	 * then a PasswordGrant is used, otherwise a ClientCredentials grant. The obtained accessToken will be added to the regular requests
-	 * in an HTTP Header 'Authorization' with a 'Bearer' prefix.
-	 */
-	public void setTokenEndpoint(String string) {
-		tokenEndpoint = string;
-	}
-	/**
-	 * If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed. Otherwise the token
-	 * will be refreshed when it is half way its lifetime as defined by the <code>expires_in</code> clause of the token response,
-	 * or when the regular server returns a 401 status with a challenge.
-	 * If not specified, and the accessTokens lifetime is not found in the token response, the accessToken will not be refreshed preemptively.
-	 * @ff.default -1
-	 */
-	public void setTokenExpiry(int value) {
-		tokenExpiry = value;
-	}
-	/** Alias used to obtain client_id and client_secret for authentication to <code>tokenEndpoint</code> */
-	public void setClientAlias(String clientAuthAlias) {
-		this.clientAuthAlias = clientAuthAlias;
-	}
-	/** Client_id used in authentication to <code>tokenEndpoint</code> */
-	public void setClientId(String clientId) {
-		this.clientId = clientId;
-	}
-
-	/** Client_secret used in authentication to <code>tokenEndpoint</code> */
-	public void setClientSecret(String clientSecret) {
-		this.clientSecret = clientSecret;
-	}
-	/** Space or comma separated list of scope items requested for accessToken, e.g. <code>read write</code>. Only used when <code>tokenEndpoint</code> is specified */
-	public void setScope(String string) {
-		scope = string;
-	}
-	/** if set true, clientId and clientSecret will be added as Basic Authentication header to the tokenRequest, instead of as request parameters */
-	public void setAuthenticatedTokenRequest(boolean authenticatedTokenRequest) {
-		this.authenticatedTokenRequest = authenticatedTokenRequest;
-	}
-
-
-	/** Proxy host */
-	public void setProxyHost(String string) {
-		proxyHost = string;
-	}
-
-	/**
-	 * Proxy port
-	 * @ff.default 80
-	 */
-	public void setProxyPort(int i) {
-		proxyPort = i;
-	}
-
-	/** Alias used to obtain credentials for authentication to proxy */
-	public void setProxyAuthAlias(String string) {
-		proxyAuthAlias = string;
-	}
-
-	/**
-	 * Proxy username
-	 * @ff.default
-	 */
-	public void setProxyUsername(String string) {
-		proxyUsername = string;
-	}
-
-	/**
-	 * Proxy password
-	 * @ff.default
-	 */
-	public void setProxyPassword(String string) {
-		proxyPassword = string;
-	}
-
-	/**
-	 * Proxy realm
-	 * @ff.default
-	 */
-	public void setProxyRealm(String string) {
-		proxyRealm = StringUtils.isNotEmpty(string) ? string : null;
-	}
-
-	/**
-	 * Create a pre-emptive login context for the proxy connection(s).
-	 */
-	public void setPrefillProxyAuthCache(boolean b) {
-		this.prefillProxyAuthCache = b;
-	}
-
-	/**
-	 * Disables the use of cookies, making the sender completely stateless
-	 * @ff.default false
-	 */
-	public void setDisableCookies(boolean disableCookies) {
-		this.disableCookies = disableCookies;
-	}
-	public boolean areCookiesDisabled() {
-		return disableCookies;
-	}
-
-
-	/** resource URL to keystore or certificate to be used for authentication. If none specified, the JVMs default keystore will be used. */
-	@Override
-	public void setKeystore(String string) {
-		keystore = string;
-	}
-
-	@Override
-	public void setKeystoreType(KeystoreType value) {
-		keystoreType = value;
-	}
-
-	@Override
-	public void setKeystoreAuthAlias(String string) {
-		keystoreAuthAlias = string;
-	}
-
-	@Override
-	public void setKeystorePassword(String string) {
-		keystorePassword = string;
-	}
-
-	@Override
-	public void setKeyManagerAlgorithm(String keyManagerAlgorithm) {
-		this.keyManagerAlgorithm = keyManagerAlgorithm;
-	}
-
-	@Override
-	public void setKeystoreAlias(String string) {
-		keystoreAlias = string;
-	}
-	@Override
-	public void setKeystoreAliasAuthAlias(String string) {
-		keystoreAliasAuthAlias = string;
-	}
-	@Override
-	public void setKeystoreAliasPassword(String string) {
-		keystoreAliasPassword = string;
-	}
-
-	@Override
-	/** Resource URL to truststore to be used for authenticating peer. If none specified, the JVMs default truststore will be used. */
-	public void setTruststore(String string) {
-		truststore = string;
-	}
-
-	@Override
-	public void setTruststoreAuthAlias(String string) {
-		truststoreAuthAlias = string;
-	}
-
-	@Override
-	public void setTruststorePassword(String string) {
-		truststorePassword = string;
-	}
-
-	@Override
-	public void setTruststoreType(KeystoreType value) {
-		truststoreType = value;
-	}
-
-	@Override
-	public void setTrustManagerAlgorithm(String trustManagerAlgorithm) {
-		this.trustManagerAlgorithm = trustManagerAlgorithm;
-	}
-
-	@Override
-	public void setVerifyHostname(boolean b) {
-		verifyHostname = b;
-	}
-
-	@Override
-	public void setAllowSelfSignedCertificates(boolean allowSelfSignedCertificates) {
-		this.allowSelfSignedCertificates = allowSelfSignedCertificates;
-	}
-
-	@Override
-	public void setIgnoreCertificateExpiredException(boolean b) {
-		ignoreCertificateExpiredException = b;
-	}
-
-	/**
-	 * If <code>true</code>, a redirect request will be honoured, e.g. to switch to HTTPS
-	 * @ff.default true
-	 */
-	public void setFollowRedirects(boolean b) {
-		followRedirects = b;
-	}
-
-	/**
-	 * If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successful
-	 * @ff.default false
-	 */
-	public void setIgnoreRedirects(boolean b) {
-		ignoreRedirects = b;
-	}
-
-
-	/**
-	 * Controls whether connections checked to be stale, i.e. appear open, but are not.
-	 * @ff.default true
-	 */
-	public void setStaleChecking(boolean b) {
-		staleChecking = b;
-	}
-
-	/**
-	 * Used when StaleChecking=<code>true</code>. Timeout after which an idle connection will be validated before being used.
-	 * @ff.default 5000 ms
-	 */
-	public void setStaleTimeout(int timeout) {
-		staleTimeout = timeout;
-	}
-
-	/**
-	 * Maximum Time to Live for connections in the pool. No connection will be re-used past its timeToLive value.
-	 * @ff.default 900 s
-	 */
-	public void setConnectionTimeToLive(int timeToLive) {
-		connectionTimeToLive = timeToLive;
-	}
-
-	/**
-	 * Maximum Time for connection to stay idle in the pool. Connections that are idle longer will periodically be evicted from the pool
-	 * @ff.default 10 s
-	 */
-	public void setConnectionIdleTimeout(int idleTimeout) {
-		connectionIdleTimeout = idleTimeout;
-	}
-
-	/**
-	 * Secure socket protocol (such as 'SSL' and 'TLS') to use when a SSLContext object is generated.
-	 * @ff.default SSL
-	 */
-	public void setProtocol(String protocol) {
-		this.protocol = protocol;
-	}
-}
diff --git a/java/nl/nn/adapterframework/http/HttpSessionBase.java-orig b/java/nl/nn/adapterframework/http/HttpSessionBase.java-orig
deleted file mode 100644
index dcb2091..0000000
--- a/java/nl/nn/adapterframework/http/HttpSessionBase.java-orig
+++ /dev/null
@@ -1,741 +0,0 @@
-/*
-   Copyright 2017-2023 WeAreFrank!
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-package nl.nn.adapterframework.http;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.Arrays;
-import java.util.concurrent.TimeUnit;
-
-import javax.annotation.Nonnull;
-import javax.net.ssl.HostnameVerifier;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.http.HttpHost;
-import org.apache.http.HttpResponse;
-import org.apache.http.auth.AuthProtocolState;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.AuthState;
-import org.apache.http.auth.Credentials;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.AuthCache;
-import org.apache.http.client.CredentialsProvider;
-import org.apache.http.client.config.AuthSchemes;
-import org.apache.http.client.config.RequestConfig;
-import org.apache.http.client.methods.HttpDelete;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpHead;
-import org.apache.http.client.methods.HttpRequestBase;
-import org.apache.http.client.protocol.HttpClientContext;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.config.Registry;
-import org.apache.http.config.RegistryBuilder;
-import org.apache.http.conn.socket.ConnectionSocketFactory;
-import org.apache.http.conn.socket.PlainConnectionSocketFactory;
-import org.apache.http.conn.ssl.DefaultHostnameVerifier;
-import org.apache.http.conn.ssl.NoopHostnameVerifier;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.impl.auth.BasicScheme;
-import org.apache.http.impl.client.BasicAuthCache;
-import org.apache.http.impl.client.BasicCredentialsProvider;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.DefaultRedirectStrategy;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
-import org.apache.logging.log4j.Logger;
-import org.springframework.context.ApplicationContext;
-
-import lombok.Getter;
-import lombok.Setter;
-import nl.nn.adapterframework.configuration.ConfigurationException;
-import nl.nn.adapterframework.configuration.ConfigurationWarning;
-import nl.nn.adapterframework.encryption.AuthSSLContextFactory;
-import nl.nn.adapterframework.encryption.HasKeystore;
-import nl.nn.adapterframework.encryption.HasTruststore;
-import nl.nn.adapterframework.encryption.KeystoreType;
-import nl.nn.adapterframework.http.authentication.AuthenticationScheme;
-import nl.nn.adapterframework.http.authentication.HttpAuthenticationException;
-import nl.nn.adapterframework.http.authentication.OAuthAccessTokenManager;
-import nl.nn.adapterframework.http.authentication.OAuthAuthenticationScheme;
-import nl.nn.adapterframework.http.authentication.OAuthPreferringAuthenticationStrategy;
-import nl.nn.adapterframework.lifecycle.ConfigurableLifecycle;
-import nl.nn.adapterframework.util.ClassUtils;
-import nl.nn.adapterframework.util.CredentialFactory;
-import nl.nn.adapterframework.util.LogUtil;
-
-/**
- * <p>
- * Note 1:
- * Some certificates require the &lt;java_home&gt;/jre/lib/security/xxx_policy.jar files to be upgraded to unlimited strength. Typically, in such a case, an error message like
- * <code>Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters</code> is observed.
- * For IBM JDKs these files can be downloaded from http://www.ibm.com/developerworks/java/jdk/security/50/ (scroll down to 'IBM SDK Policy files')
- * </p>
- * Replace in the directory java\jre\lib\security the following files:
- * <ul>
- * <li>local_policy.jar</li>
- * <li>US_export_policy.jar</li>
- * </ul>
- * <p>
- * Note 2:
- * To debug ssl-related problems, set the following system property:
- * <ul>
- * <li>IBM / WebSphere: <code>-Djavax.net.debug=true</code></li>
- * <li>SUN: <code>-Djavax.net.debug=all</code></li>
- * </ul>
- * </p>
- * <p>
- * Note 3:
- * In case <code>javax.net.ssl.SSLHandshakeException: unknown certificate</code>-exceptions are thrown,
- * probably the certificate of the other party is not trusted. Try to use one of the certificates in the path as your truststore by doing the following:
- * <ul>
- *   <li>open the URL you are trying to reach in InternetExplorer</li>
- *   <li>click on the yellow padlock on the right in the bottom-bar. This opens the certificate information window</li>
- *   <li>click on tab 'Certificeringspad'</li>
- *   <li>double click on root certificate in the tree displayed. This opens the certificate information window for the root certificate</li>
- *   <li>click on tab 'Details'</li>
- *   <li>click on 'Kopieren naar bestand'</li>
- *   <li>click 'next', choose 'DER Encoded Binary X.509 (.CER)'</li>
- *   <li>click 'next', choose a filename</li>
- *   <li>click 'next' and 'finish'</li>
- * 	 <li>Start IBM key management tool ikeyman.bat, located in Program Files/IBM/WebSphere Studio/Application Developer/v5.1.2/runtimes/base_v51/bin (or similar)</li>
- *   <li>create a new key-database (Sleuteldatabase -> Nieuw...), or open the default key.jks (default password="changeit")</li>
- *   <li>add the generated certificate (Toevoegen...)</li>
- *   <li>store the key-database in JKS format</li>
- *   <li>if you didn't use the standard keydatabase, then reference the file in the truststore-attribute in Configuration.xml (include the file as a resource)</li>
- *   <li>use jks for the truststoreType-attribute</li>
- *   <li>restart your application</li>
- *   <li>instead of IBM ikeyman you can use the standard java tool <code>keytool</code> as follows:
- *      <code>keytool -import -alias <i>yourAlias</i> -file <i>pathToSavedCertificate</i></code></li>
- * </ul>
- * <p>
- * Note 4:
- * In case <code>cannot create or initialize SocketFactory: (IOException) Unable to verify MAC</code>-exceptions are thrown,
- * please check password or authAlias configuration of the corresponding certificate.
- * </p>
- *
- * @author	Niels Meijer
- * @since	7.0
- */
-public abstract class HttpSessionBase implements ConfigurableLifecycle, HasKeystore, HasTruststore {
-	protected Logger log = LogUtil.getLogger(this);
-
-	private @Getter ClassLoader configurationClassLoader = Thread.currentThread().getContextClassLoader();
-	private @Getter @Setter String name;
-	private @Getter @Setter ApplicationContext applicationContext;
-
-	/* CONNECTION POOL */
-	private @Getter int timeout = 10000;
-	private @Getter int maxConnections = 10;
-	private @Getter int maxExecuteRetries = 1;
-	private @Getter boolean staleChecking=true;
-	private @Getter int staleTimeout = 5000; // [ms]
-	private @Getter int connectionTimeToLive = 900; // [s]
-	private @Getter int connectionIdleTimeout = 10; // [s]
-	private HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
-	private HttpClientContext httpClientContext = HttpClientContext.create();
-	private @Getter CloseableHttpClient httpClient;
-
-	/* SECURITY */
-	private @Getter String authAlias;
-	private @Getter String username;
-	private @Getter String password;
-	private @Getter String authDomain;
-	private @Getter String tokenEndpoint;
-	private @Getter int tokenExpiry=-1;
-	private @Getter String clientAuthAlias;
-	private @Getter String clientId;
-	private @Getter String clientSecret;
-	private @Getter String scope;
-	private @Getter boolean authenticatedTokenRequest;
-
-	/* PROXY */
-	private @Getter String proxyHost;
-	private @Getter int    proxyPort=80;
-	private @Getter String proxyAuthAlias;
-	private @Getter String proxyUsername;
-	private @Getter String proxyPassword;
-	private @Getter String proxyRealm=null;
-	private @Getter boolean prefillProxyAuthCache;
-
-	/* SSL */
-	private @Getter String keystore;
-	private @Getter String keystoreAuthAlias;
-	private @Getter String keystorePassword;
-	private @Getter KeystoreType keystoreType=KeystoreType.PKCS12;
-	private @Getter String keystoreAlias;
-	private @Getter String keystoreAliasAuthAlias;
-	private @Getter String keystoreAliasPassword;
-	private @Getter String keyManagerAlgorithm=null;
-
-	private @Getter String truststore=null;
-	private @Getter String truststoreAuthAlias;
-	private @Getter String truststorePassword=null;
-	private @Getter KeystoreType truststoreType=KeystoreType.JKS;
-	private @Getter String trustManagerAlgorithm=null;
-	private @Getter boolean allowSelfSignedCertificates = false;
-	private @Getter boolean verifyHostname=true;
-	private @Getter boolean ignoreCertificateExpiredException=false;
-
-	private @Getter boolean followRedirects=true;
-	private @Getter boolean ignoreRedirects=false;
-	private @Getter String protocol=null;
-	private SSLConnectionSocketFactory sslSocketFactory;
-
-	private boolean disableCookies = false;
-
-	private CredentialFactory credentials;
-	private CredentialFactory user_cf;
-	private CredentialFactory client_cf;
-
-	/**
-	 * Makes sure only http(s) requests can be performed.
-	 */
-	protected URI getURI(String url) throws URISyntaxException {
-		URIBuilder uri = new URIBuilder(url);
-
-		if(uri.getScheme() == null) {
-			throw new URISyntaxException("", "must use an absolute url starting with http(s)://");
-		}
-		if (!uri.getScheme().matches("(?i)https?")) {
-			throw new IllegalArgumentException(ClassUtils.nameOf(this) + " only supports web based schemes. (http or https)");
-		}
-
-		if (uri.getPath()==null) {
-			uri.setPath("/");
-		}
-
-		log.info("created uri: scheme=["+uri.getScheme()+"] host=["+uri.getHost()+"] path=["+uri.getPath()+"]");
-		return uri.build();
-	}
-
-	@Override
-	public void configure() throws ConfigurationException {
-		/**
-		 * TODO find out if this really breaks proxy authentication or not.
-		 */
-//		httpClientBuilder.disableAuthCaching();
-
-		if (getMaxConnections() <= 0) {
-			throw new ConfigurationException("maxConnections is set to ["+getMaxConnections()+"], which is not enough for adequate operation");
-		}
-
-		AuthSSLContextFactory.verifyKeystoreConfiguration(this, this);
-
-		if (StringUtils.isNotEmpty(getAuthAlias()) || StringUtils.isNotEmpty(getUsername())) {
-			user_cf = new CredentialFactory(getAuthAlias(), getUsername(), getPassword());
-			credentials = user_cf;
-		}
-		client_cf = new CredentialFactory(getClientAuthAlias(), getClientId(), getClientSecret());
-		if (credentials==null) {
-			credentials = client_cf;
-		}
-		if (StringUtils.isNotEmpty(getTokenEndpoint()) && StringUtils.isEmpty(getClientAuthAlias()) && StringUtils.isEmpty(getClientId())) {
-			throw new ConfigurationException("To obtain accessToken at tokenEndpoint ["+getTokenEndpoint()+"] a clientAuthAlias or ClientId and ClientSecret must be specified");
-		}
-
-
-		RequestConfig.Builder requestConfigBuilder = RequestConfig.custom();
-		requestConfigBuilder.setConnectTimeout(getTimeout());
-		requestConfigBuilder.setConnectionRequestTimeout(getTimeout());
-		requestConfigBuilder.setSocketTimeout(getTimeout());
-
-		HttpHost proxy = null;
-		CredentialFactory pcf = null;
-		if (StringUtils.isNotEmpty(getProxyHost())) {
-			proxy = new HttpHost(getProxyHost(), getProxyPort());
-			pcf = new CredentialFactory(getProxyAuthAlias(), getProxyUsername(), getProxyPassword());
-			requestConfigBuilder.setProxy(proxy);
-			httpClientBuilder.setProxy(proxy);
-		}
-
-		try {
-			setupAuthentication(pcf, proxy, requestConfigBuilder);
-		} catch (HttpAuthenticationException e) {
-			throw new ConfigurationException("exception configuring authentication", e);
-		}
-
-		httpClientBuilder.setDefaultRequestConfig(requestConfigBuilder.build());
-
-		httpClientBuilder.setRetryHandler(new HttpRequestRetryHandler(getMaxExecuteRetries()));
-
-		if(areCookiesDisabled()) {
-			httpClientBuilder.disableCookieManagement();
-		}
-		httpClientBuilder.evictIdleConnections((long) getConnectionIdleTimeout(), TimeUnit.SECONDS);
-
-		sslSocketFactory = getSSLConnectionSocketFactory(); //Configure it here, so we can handle exceptions
-
-		configureRedirectStrategy();
-	}
-
-	/** The redirect strategy used to only redirect GET, DELETE and HEAD. */
-	private void configureRedirectStrategy() {
-		if(isFollowRedirects()) {
-			httpClientBuilder.setRedirectStrategy(new DefaultRedirectStrategy(new String[] { HttpGet.METHOD_NAME, HttpHead.METHOD_NAME, HttpDelete.METHOD_NAME }));
-		} else {
-			httpClientBuilder.disableRedirectHandling();
-		}
-	}
-
-	/** 
-	 * In order to support multiThreading and connectionPooling.
-	 * The connectionManager has to be initialized with a sslSocketFactory.
-	 * The pool must be re-created once closed.
-	 */
-	public void configureConnectionManager() {
-		int timeToLive = getConnectionTimeToLive();
-		if (timeToLive<=0) {
-			timeToLive = -1;
-		}
-
-		Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
-			.register("http", PlainConnectionSocketFactory.getSocketFactory())
-			.register("https", sslSocketFactory)
-			.build();
-
-		PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry, null, null, null, timeToLive, TimeUnit.SECONDS);
-		log.debug("created PoolingHttpClientConnectionManager with custom SSLConnectionSocketFactory");
-
-		connectionManager.setMaxTotal(getMaxConnections());
-		connectionManager.setDefaultMaxPerRoute(getMaxConnections());
-
-		if (isStaleChecking()) {
-			log.info("set up connectionManager, setting stale checking ["+isStaleChecking()+"]");
-			connectionManager.setValidateAfterInactivity(getStaleTimeout());
-		}
-
-		httpClientBuilder.setConnectionManager(connectionManager);
-	}
-
-	@Override
-	public void start() {
-		buildHttpClient();
-	}
-
-	protected void buildHttpClient() {
-		configureConnectionManager();
-		httpClient = httpClientBuilder.build();
-	}
-
-	protected void setHttpClient(CloseableHttpClient httpClient) {
-		this.httpClient = httpClient;
-	}
-
-	@Override
-	public boolean isRunning() {
-		return getHttpClient() != null;
-	}
-
-	@Override
-	public void stop() {
-		//Close the HttpClient and ConnectionManager to release resources and potential open connections
-		if(httpClient != null) {
-			try {
-				httpClient.close();
-			} catch (IOException e) {
-				log.warn("unable to close HttpClient", e);
-			}
-		}
-	}
-
-	private void setupAuthentication(CredentialFactory proxyCredentials, HttpHost proxy, RequestConfig.Builder requestConfigBuilder) throws HttpAuthenticationException {
-		CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-		if (StringUtils.isNotEmpty(credentials.getUsername()) || StringUtils.isNotEmpty(getTokenEndpoint())) {
-
-			credentialsProvider.setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT), getCredentials());
-
-			AuthenticationScheme preferredAuthenticationScheme = getPreferredAuthenticationScheme();
-			requestConfigBuilder.setTargetPreferredAuthSchemes(Arrays.asList(preferredAuthenticationScheme.getSchemeName()));
-			requestConfigBuilder.setAuthenticationEnabled(true);
-
-			if (preferredAuthenticationScheme == AuthenticationScheme.OAUTH) {
-				OAuthAccessTokenManager accessTokenManager = new OAuthAccessTokenManager(getTokenEndpoint(), getScope(), client_cf, user_cf==null, isAuthenticatedTokenRequest(), this, getTokenExpiry());
-				httpClientContext.setAttribute(OAuthAuthenticationScheme.ACCESSTOKEN_MANAGER_KEY, accessTokenManager);
-				httpClientBuilder.setTargetAuthenticationStrategy(new OAuthPreferringAuthenticationStrategy());
-			}
-		}
-		if (proxy!=null) {
-			AuthScope authScope = new AuthScope(proxy, proxyRealm, AuthScope.ANY_SCHEME);
-
-
-			if (StringUtils.isNotEmpty(proxyCredentials.getUsername())) {
-				Credentials httpCredentials = new UsernamePasswordCredentials(proxyCredentials.getUsername(), proxyCredentials.getPassword());
-				credentialsProvider.setCredentials(authScope, httpCredentials);
-			}
-			log.trace("setting credentialProvider [{}]", credentialsProvider);
-
-			if(isPrefillProxyAuthCache()) {
-				requestConfigBuilder.setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC));
-
-				AuthCache authCache = httpClientContext.getAuthCache();
-				if(authCache == null)
-					authCache = new BasicAuthCache();
-
-				authCache.put(proxy, new BasicScheme());
-				httpClientContext.setAuthCache(authCache);
-			}
-
-		}
-
-		httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
-	}
-
-	protected void preAuthenticate() {
-		if (credentials != null && !StringUtils.isEmpty(credentials.getUsername())) {
-			AuthState authState = httpClientContext.getTargetAuthState();
-			if (authState==null) {
-				authState = new AuthState();
-				httpClientContext.setAttribute(HttpClientContext.TARGET_AUTH_STATE, authState);
-			}
-			authState.setState(AuthProtocolState.CHALLENGED);
-			authState.update(getPreferredAuthenticationScheme().createScheme(), getCredentials());
-		}
-	}
-
-	private Credentials getCredentials() {
-		String uname;
-		if (StringUtils.isNotEmpty(getAuthDomain())) {
-			uname = getAuthDomain() + "\\" + credentials.getUsername();
-		} else {
-			uname = credentials.getUsername();
-		}
-
-		return new UsernamePasswordCredentials(uname, credentials.getPassword());
-	}
-
-	private AuthenticationScheme getPreferredAuthenticationScheme() {
-		return StringUtils.isNotEmpty(getTokenEndpoint()) ? AuthenticationScheme.OAUTH : AuthenticationScheme.BASIC;
-	}
-
-	@Nonnull
-	protected SSLConnectionSocketFactory getSSLConnectionSocketFactory() throws ConfigurationException {
-		SSLConnectionSocketFactory sslSocketFactory;
-		HostnameVerifier hostnameVerifier = verifyHostname ? new DefaultHostnameVerifier() : new NoopHostnameVerifier();
-
-		try {
-			javax.net.ssl.SSLSocketFactory socketfactory = AuthSSLContextFactory.createSSLSocketFactory(this, this, getProtocol());
-			sslSocketFactory = new SSLConnectionSocketFactory(socketfactory, hostnameVerifier);
-		} catch (Exception e) {
-			throw new ConfigurationException("cannot create or initialize SocketFactory", e);
-		}
-
-		// This method will be overwritten by the connectionManager when connectionPooling is enabled!
-		// Can still be null when no default or an invalid system sslSocketFactory has been defined
-		httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
-
-		return sslSocketFactory;
-	}
-
-	protected HttpResponse execute(URI targetUri, HttpRequestBase httpRequestBase) throws IOException {
-		HttpHost targetHost = new HttpHost(targetUri.getHost(), targetUri.getPort(), targetUri.getScheme());
-		return getHttpClient().execute(targetHost, httpRequestBase, httpClientContext);
-	}
-
-	/**
-	 * Timeout in ms of obtaining a connection/result. 0 means no timeout
-	 * @ff.default 10000
-	 */
-	public void setTimeout(int i) {
-		timeout = i;
-	}
-
-	/**
-	 * The maximum number of concurrent connections
-	 * @ff.default 10
-	 */
-	public void setMaxConnections(int i) {
-		maxConnections = i;
-	}
-
-	/**
-	 * The maximum number of times the execution is retried
-	 * @ff.default 1 (for repeatable messages) else 0
-	 */
-	public void setMaxExecuteRetries(int i) {
-		maxExecuteRetries = i;
-	}
-
-	/** Authentication alias used for authentication to the host */
-	public void setAuthAlias(String string) {
-		authAlias = string;
-	}
-
-	/** Username used for authentication to the host */
-	public void setUsername(String username) {
-		this.username = username;
-	}
-
-	/**
-	 * Corporate domain name. Should only be used in combination with sAMAccountName, never with an UPN.<br/>
-	 * <br/>
-	 * Assuming the following user:<br/>
-	 * UPN: john.doe@CorpDomain.biz<br/>
-	 * sAMAccountName: CORPDOMAIN\john.doe<br/>
-	 * <br/>
-	 * The username attribute may be set to <code>john.doe</code><br/>
-	 * The AuthDomain attribute may be set to <code>CORPDOMAIN</code><br/>
-	 */
-	@Deprecated
-	@ConfigurationWarning("Please use the UPN or the full sAM-AccountName instead")
-	public void setAuthDomain(String string) {
-		authDomain = string;
-	}
-
-	/** Password used for authentication to the host */
-	public void setPassword(String string) {
-		password = string;
-	}
-
-	/**
-	 * Endpoint to obtain OAuth accessToken. If <code>authAlias</code> or <code>username</code>( and <code>password</code>) are specified,
-	 * then a PasswordGrant is used, otherwise a ClientCredentials grant. The obtained accessToken will be added to the regular requests
-	 * in an HTTP Header 'Authorization' with a 'Bearer' prefix.
-	 */
-	public void setTokenEndpoint(String string) {
-		tokenEndpoint = string;
-	}
-	/**
-	 * If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed. Otherwise the token
-	 * will be refreshed when it is half way its lifetime as defined by the <code>expires_in</code> clause of the token response,
-	 * or when the regular server returns a 401 status with a challenge.
-	 * If not specified, and the accessTokens lifetime is not found in the token response, the accessToken will not be refreshed preemptively.
-	 * @ff.default -1
-	 */
-	public void setTokenExpiry(int value) {
-		tokenExpiry = value;
-	}
-	/** Alias used to obtain client_id and client_secret for authentication to <code>tokenEndpoint</code> */
-	public void setClientAlias(String clientAuthAlias) {
-		this.clientAuthAlias = clientAuthAlias;
-	}
-	/** Client_id used in authentication to <code>tokenEndpoint</code> */
-	public void setClientId(String clientId) {
-		this.clientId = clientId;
-	}
-
-	/** Client_secret used in authentication to <code>tokenEndpoint</code> */
-	public void setClientSecret(String clientSecret) {
-		this.clientSecret = clientSecret;
-	}
-	/** Space or comma separated list of scope items requested for accessToken, e.g. <code>read write</code>. Only used when <code>tokenEndpoint</code> is specified */
-	public void setScope(String string) {
-		scope = string;
-	}
-	/** if set true, clientId and clientSecret will be added as Basic Authentication header to the tokenRequest, instead of as request parameters */
-	public void setAuthenticatedTokenRequest(boolean authenticatedTokenRequest) {
-		this.authenticatedTokenRequest = authenticatedTokenRequest;
-	}
-
-
-	/** Proxy host */
-	public void setProxyHost(String string) {
-		proxyHost = string;
-	}
-
-	/**
-	 * Proxy port
-	 * @ff.default 80
-	 */
-	public void setProxyPort(int i) {
-		proxyPort = i;
-	}
-
-	/** Alias used to obtain credentials for authentication to proxy */
-	public void setProxyAuthAlias(String string) {
-		proxyAuthAlias = string;
-	}
-
-	/**
-	 * Proxy username
-	 * @ff.default
-	 */
-	public void setProxyUsername(String string) {
-		proxyUsername = string;
-	}
-
-	/**
-	 * Proxy password
-	 * @ff.default
-	 */
-	public void setProxyPassword(String string) {
-		proxyPassword = string;
-	}
-
-	/**
-	 * Proxy realm
-	 * @ff.default
-	 */
-	public void setProxyRealm(String string) {
-		proxyRealm = StringUtils.isNotEmpty(string) ? string : null;
-	}
-
-	/**
-	 * Create a pre-emptive login context for the proxy connection(s).
-	 */
-	public void setPrefillProxyAuthCache(boolean b) {
-		this.prefillProxyAuthCache = b;
-	}
-
-	/**
-	 * Disables the use of cookies, making the sender completely stateless
-	 * @ff.default false
-	 */
-	public void setDisableCookies(boolean disableCookies) {
-		this.disableCookies = disableCookies;
-	}
-	public boolean areCookiesDisabled() {
-		return disableCookies;
-	}
-
-
-	/** resource URL to keystore or certificate to be used for authentication. If none specified, the JVMs default keystore will be used. */
-	@Override
-	public void setKeystore(String string) {
-		keystore = string;
-	}
-
-	@Override
-	public void setKeystoreType(KeystoreType value) {
-		keystoreType = value;
-	}
-
-	@Override
-	public void setKeystoreAuthAlias(String string) {
-		keystoreAuthAlias = string;
-	}
-
-	@Override
-	public void setKeystorePassword(String string) {
-		keystorePassword = string;
-	}
-
-	@Override
-	public void setKeyManagerAlgorithm(String keyManagerAlgorithm) {
-		this.keyManagerAlgorithm = keyManagerAlgorithm;
-	}
-
-	@Override
-	public void setKeystoreAlias(String string) {
-		keystoreAlias = string;
-	}
-	@Override
-	public void setKeystoreAliasAuthAlias(String string) {
-		keystoreAliasAuthAlias = string;
-	}
-	@Override
-	public void setKeystoreAliasPassword(String string) {
-		keystoreAliasPassword = string;
-	}
-
-	@Override
-	/** Resource URL to truststore to be used for authenticating peer. If none specified, the JVMs default truststore will be used. */
-	public void setTruststore(String string) {
-		truststore = string;
-	}
-
-	@Override
-	public void setTruststoreAuthAlias(String string) {
-		truststoreAuthAlias = string;
-	}
-
-	@Override
-	public void setTruststorePassword(String string) {
-		truststorePassword = string;
-	}
-
-	@Override
-	public void setTruststoreType(KeystoreType value) {
-		truststoreType = value;
-	}
-
-	@Override
-	public void setTrustManagerAlgorithm(String trustManagerAlgorithm) {
-		this.trustManagerAlgorithm = trustManagerAlgorithm;
-	}
-
-	@Override
-	public void setVerifyHostname(boolean b) {
-		verifyHostname = b;
-	}
-
-	@Override
-	public void setAllowSelfSignedCertificates(boolean allowSelfSignedCertificates) {
-		this.allowSelfSignedCertificates = allowSelfSignedCertificates;
-	}
-
-	@Override
-	public void setIgnoreCertificateExpiredException(boolean b) {
-		ignoreCertificateExpiredException = b;
-	}
-
-	/**
-	 * If <code>true</code>, a redirect request will be honoured, e.g. to switch to HTTPS
-	 * @ff.default true
-	 */
-	public void setFollowRedirects(boolean b) {
-		followRedirects = b;
-	}
-
-	/**
-	 * If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successful
-	 * @ff.default false
-	 */
-	public void setIgnoreRedirects(boolean b) {
-		ignoreRedirects = b;
-	}
-
-
-	/**
-	 * Controls whether connections checked to be stale, i.e. appear open, but are not.
-	 * @ff.default true
-	 */
-	public void setStaleChecking(boolean b) {
-		staleChecking = b;
-	}
-
-	/**
-	 * Used when StaleChecking=<code>true</code>. Timeout after which an idle connection will be validated before being used.
-	 * @ff.default 5000 ms
-	 */
-	public void setStaleTimeout(int timeout) {
-		staleTimeout = timeout;
-	}
-
-	/**
-	 * Maximum Time to Live for connections in the pool. No connection will be re-used past its timeToLive value.
-	 * @ff.default 900 s
-	 */
-	public void setConnectionTimeToLive(int timeToLive) {
-		connectionTimeToLive = timeToLive;
-	}
-
-	/**
-	 * Maximum Time for connection to stay idle in the pool. Connections that are idle longer will periodically be evicted from the pool
-	 * @ff.default 10 s
-	 */
-	public void setConnectionIdleTimeout(int idleTimeout) {
-		connectionIdleTimeout = idleTimeout;
-	}
-
-	/**
-	 * Secure socket protocol (such as 'SSL' and 'TLS') to use when a SSLContext object is generated.
-	 * @ff.default SSL
-	 */
-	public void setProtocol(String protocol) {
-		this.protocol = protocol;
-	}
-}