Enable custom configuration for HTTP client

Fixes gh-4477
2026-05-22 21:33:16 +00:00 · 2017-07-28 15:27:05 -04:00
parent 3b42323b6d
commit c872499eee
5 changed files with 154 additions and 11 deletions
@@ -21,6 +21,8 @@ import com.nimbusds.jose.jwk.source.RemoteJWKSet;
 import com.nimbusds.jose.proc.JWSKeySelector;
 import com.nimbusds.jose.proc.JWSVerificationKeySelector;
 import com.nimbusds.jose.proc.SecurityContext;
+import com.nimbusds.jose.util.DefaultResourceRetriever;
+import com.nimbusds.jose.util.ResourceRetriever;
 import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.JWTParser;
@@ -30,6 +32,7 @@ import org.springframework.security.jose.jws.JwsAlgorithm;
 import org.springframework.security.jwt.Jwt;
 import org.springframework.security.jwt.JwtDecoder;
 import org.springframework.security.jwt.JwtException;
+import org.springframework.security.oauth2.core.http.HttpClientConfig;
 import org.springframework.util.Assert;

 import java.net.MalformedURLException;
@@ -65,6 +68,10 @@ public class NimbusJwtDecoderJwkSupport implements JwtDecoder {
 	}

 	public NimbusJwtDecoderJwkSupport(String jwkSetUrl, String jwsAlgorithm) {
+		this(jwkSetUrl, jwsAlgorithm, null);
+	}
+
+	public NimbusJwtDecoderJwkSupport(String jwkSetUrl, String jwsAlgorithm, HttpClientConfig httpClientConfig) {
 		Assert.hasText(jwkSetUrl, "jwkSetUrl cannot be empty");
 		Assert.hasText(jwsAlgorithm, "jwsAlgorithm cannot be empty");
 		try {
@@ -74,10 +81,16 @@ public class NimbusJwtDecoderJwkSupport implements JwtDecoder {
 		}
 		this.jwsAlgorithm = JWSAlgorithm.parse(jwsAlgorithm);

-		this.jwtProcessor = new DefaultJWTProcessor<>();
-		JWKSource jwkSource = new RemoteJWKSet(this.jwkSetUrl);
+		int connectTimeout = (httpClientConfig != null ?
+			httpClientConfig.getConnectTimeout() : HttpClientConfig.DEFAULT_CONNECT_TIMEOUT);
+		int readTimeout = (httpClientConfig != null ?
+			httpClientConfig.getReadTimeout() : HttpClientConfig.DEFAULT_READ_TIMEOUT);
+		ResourceRetriever jwkSetRetriever = new DefaultResourceRetriever(connectTimeout, readTimeout);
+		JWKSource jwkSource = new RemoteJWKSet(this.jwkSetUrl, jwkSetRetriever);
 		JWSKeySelector<SecurityContext> jwsKeySelector =
 			new JWSVerificationKeySelector<SecurityContext>(this.jwsAlgorithm, jwkSource);
+
+		this.jwtProcessor = new DefaultJWTProcessor<>();
 		this.jwtProcessor.setJWSKeySelector(jwsKeySelector);
 	}

@@ -28,11 +28,13 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
 import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
 import org.springframework.security.oauth2.client.authentication.AuthorizationGrantTokenExchanger;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.http.HttpClientConfig;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AccessToken;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
+import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;

 import java.io.IOException;
@@ -61,6 +63,7 @@ import java.util.stream.Collectors;
 */
 public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> {
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
+	private HttpClientConfig httpClientConfig = new HttpClientConfig();

 	@Override
 	public TokenResponseAttributes exchange(AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken)
@@ -90,6 +93,8 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
 			TokenRequest tokenRequest = new TokenRequest(tokenUri, clientAuthentication, authorizationCodeGrant);
 			HTTPRequest httpRequest = tokenRequest.toHTTPRequest();
 			httpRequest.setAccept(MediaType.APPLICATION_JSON_VALUE);
+			httpRequest.setConnectTimeout(this.httpClientConfig.getConnectTimeout());
+			httpRequest.setReadTimeout(this.httpClientConfig.getReadTimeout());
 			tokenResponse = TokenResponse.parse(httpRequest.send());
 		} catch (ParseException pe) {
 			// This error occurs if the Access Token Response is not well-formed,
@@ -132,6 +137,11 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
 			.build();
 	}

+	public final void setHttpClientConfig(HttpClientConfig httpClientConfig) {
+		Assert.notNull(httpClientConfig, "httpClientConfig cannot be null");
+		this.httpClientConfig = httpClientConfig;
+	}
+
 	private URI toURI(String uriStr) {
 		try {
 			return new URI(uriStr);
@@ -31,6 +31,7 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.core.http.HttpClientConfig;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.user.OAuth2UserService;
 import org.springframework.security.oauth2.core.OAuth2Error;
@@ -72,6 +73,7 @@ public class NimbusOAuth2UserService implements OAuth2UserService {
 	private final HttpMessageConverter jackson2HttpMessageConverter = new MappingJackson2HttpMessageConverter();
 	private Map<URI, String> userNameAttributeNames = Collections.unmodifiableMap(Collections.emptyMap());
 	private Map<URI, Class<? extends OAuth2User>> customUserTypes = Collections.unmodifiableMap(Collections.emptyMap());
+	private HttpClientConfig httpClientConfig = new HttpClientConfig();

 	public NimbusOAuth2UserService() {
 	}
@@ -151,6 +153,8 @@ public class NimbusOAuth2UserService implements OAuth2UserService {
 		UserInfoRequest userInfoRequest = new UserInfoRequest(userInfoUri, accessToken);
 		HTTPRequest httpRequest = userInfoRequest.toHTTPRequest();
 		httpRequest.setAccept(MediaType.APPLICATION_JSON_VALUE);
+		httpRequest.setConnectTimeout(this.httpClientConfig.getConnectTimeout());
+		httpRequest.setReadTimeout(this.httpClientConfig.getReadTimeout());
 		HTTPResponse httpResponse;

 		try {
@@ -215,6 +219,11 @@ public class NimbusOAuth2UserService implements OAuth2UserService {
 		this.customUserTypes = Collections.unmodifiableMap(new HashMap<>(customUserTypes));
 	}

+	public final void setHttpClientConfig(HttpClientConfig httpClientConfig) {
+		Assert.notNull(httpClientConfig, "httpClientConfig cannot be null");
+		this.httpClientConfig = httpClientConfig;
+	}
+
 	private URI getUserInfoUri(OAuth2AuthenticationToken token) {
 		ClientRegistration clientRegistration = token.getClientRegistration();
 		try {
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.oauth2.core.http;
+
+import org.springframework.util.Assert;
+
+/**
+ * This class provides the capability for configuring the underlying HTTP client.
+ *
+ * <p>
+ * To customize the configuration of the underlying HTTP client, create/configure
+ * an instance of {@link HttpClientConfig} and register it with the <code>ApplicationContext</code>.
+ *
+ * <p>
+ * For example:
+ *
+ * <pre>
+ * &#064;Bean
+ * public HttpClientConfig httpClientConfig() {
+ *    HttpClientConfig httpClientConfig = new HttpClientConfig();
+ *    httpClientConfig.setConnectTimeout(60000);
+ *    httpClientConfig.setReadTimeout(60000);
+ *    return httpClientConfig;
+ * }
+ * </pre>
+ *
+ * @author Joe Grandja
+ * @since 5.0
+ */
+public class HttpClientConfig {
+	public static final int DEFAULT_CONNECT_TIMEOUT = 30000;
+	public static final int DEFAULT_READ_TIMEOUT = 30000;
+	private int connectTimeout = DEFAULT_CONNECT_TIMEOUT;
+	private int readTimeout = DEFAULT_READ_TIMEOUT;
+
+	/**
+	 * Returns the timeout in milliseconds until a connection is established.
+	 *
+	 * @return the connect timeout value in milliseconds
+	 */
+	public int getConnectTimeout() {
+		return this.connectTimeout;
+	}
+
+	/**
+	 * Sets the timeout in milliseconds until a connection is established.
+	 * A timeout value of 0 implies the option is disabled (timeout of infinity).
+	 *
+	 * @param connectTimeout the connect timeout value in milliseconds
+	 */
+	public void setConnectTimeout(int connectTimeout) {
+		Assert.isTrue(connectTimeout >= 0, "connectTimeout cannot be negative");
+		this.connectTimeout = connectTimeout;
+	}
+
+	/**
+	 * Returns the timeout in milliseconds for inactivity when reading from the <code>InputStream</code>.
+	 *
+	 * @return the read timeout value in milliseconds
+	 */
+	public int getReadTimeout() {
+		return this.readTimeout;
+	}
+
+	/**
+	 * Sets the timeout in milliseconds for inactivity when reading from the <code>InputStream</code>.
+	 * A timeout value of 0 implies the option is disabled (timeout of infinity).
+	 *
+	 * @param readTimeout the read timeout value in milliseconds
+	 */
+	public void setReadTimeout(int readTimeout) {
+		Assert.isTrue(readTimeout >= 0, "readTimeout cannot be negative");
+		this.readTimeout = readTimeout;
+	}
+
+}