[ELY-2753] Add connection-timeout-millis, connection-ttl-millis and s…

…ocket-timeout-millis to OidcJsonConfiguration to allow oidc.json configuration to parse these attributes
wildfly-security · Nov 29, 2024 · 40a24c2 · 40a24c2
1 parent 25853e4
commit 40a24c2
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 0 deletions.
diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/HttpClientBuilder.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/HttpClientBuilder.java
@@ -275,6 +275,15 @@ public HttpClient build(OidcJsonConfiguration oidcClientConfig) {
         if (oidcClientConfig.getConnectionPoolSize() > 0) {
             size = oidcClientConfig.getConnectionPoolSize();
         }
+        if (oidcClientConfig.getConnectionTimeoutMillis() > 0) {
+            setEstablishConnectionTimeout(oidcClientConfig.getConnectionTimeoutMillis(), establishConnectionTimeoutUnits);
+        }
+        if (oidcClientConfig.getConnectionTtlMillis() > 0) {
+            setConnectionTimeToLive(oidcClientConfig.getConnectionTtlMillis(), connectionTimeToLiveUnit);
+        }
+        if (oidcClientConfig.getSocketTimeoutMillis() > 0) {
+            setSocketTimeout(oidcClientConfig.getSocketTimeoutMillis(), socketTimeoutUnits);
+        }
         HttpClientBuilder.HostnameVerificationPolicy policy = HttpClientBuilder.HostnameVerificationPolicy.WILDCARD;
         if (oidcClientConfig.isAllowAnyHostname()) {
             policy = HttpClientBuilder.HostnameVerificationPolicy.ANY;

diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java
@@ -66,6 +66,9 @@ public class Oidc {
     public static final String CORS_ALLOWED_METHODS = "cors-allowed-methods";
     public static final String CORS_EXPOSED_HEADERS = "cors-exposed-headers";
     public static final String CONNECTION_POOL_SIZE = "connection-pool-size";
+    public static final String CONNECTION_TIMEOUT_MILLIS = "connection-timeout-millis";
+    public static final String CONNECTION_TTL_MILLIS = "connection-ttl-millis";
+    public static final String SOCKET_TIMEOUT_MILLIS = "socket-timeout-millis";
     public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH = "clients-managements/register-node";
     public static final String CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH = "clients-managements/unregister-node";
     public static final String CREDENTIALS = "credentials";

diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java
@@ -18,6 +18,8 @@
 
 package org.wildfly.security.http.oidc;
 
+import static org.wildfly.security.http.oidc.Oidc.CONNECTION_TIMEOUT_MILLIS;
+import static org.wildfly.security.http.oidc.Oidc.CONNECTION_TTL_MILLIS;
 import static org.wildfly.security.http.oidc.Oidc.DEFAULT_TOKEN_SIGNATURE_ALGORITHM;
 import static org.wildfly.security.http.oidc.Oidc.ADAPTER_STATE_COOKIE_PATH;
 import static org.wildfly.security.http.oidc.Oidc.ALLOW_ANY_HOSTNAME;
@@ -64,6 +66,7 @@
 import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD;
 import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE;
 import static org.wildfly.security.http.oidc.Oidc.SCOPE;
+import static org.wildfly.security.http.oidc.Oidc.SOCKET_TIMEOUT_MILLIS;
 import static org.wildfly.security.http.oidc.Oidc.SSL_REQUIRED;
 import static org.wildfly.security.http.oidc.Oidc.TOKEN_MINIMUM_TIME_TO_LIVE;
 import static org.wildfly.security.http.oidc.Oidc.TOKEN_SIGNATURE_ALGORITHM;
@@ -94,6 +97,7 @@
         USE_RESOURCE_ROLE_MAPPINGS, USE_REALM_ROLE_MAPPINGS,
         ENABLE_CORS, CORS_MAX_AGE, CORS_ALLOWED_METHODS, CORS_EXPOSED_HEADERS,
         EXPOSE_TOKEN, BEARER_ONLY, AUTODETECT_BEARER_ONLY, CONNECTION_POOL_SIZE,
+        CONNECTION_TIMEOUT_MILLIS, CONNECTION_TTL_MILLIS, SOCKET_TIMEOUT_MILLIS,
         ALLOW_ANY_HOSTNAME, DISABLE_TRUST_MANAGER, TRUSTSTORE, TRUSTSTORE_PASSWORD,
         CLIENT_KEYSTORE, CLIENT_KEYSTORE_PASSWORD, CLIENT_KEY_PASSWORD,
         ALWAYS_REFRESH_TOKEN,
@@ -134,6 +138,12 @@ public class OidcJsonConfiguration {
     protected String requestObjectSigningKeyStoreType;
     @JsonProperty(CONNECTION_POOL_SIZE)
     protected int connectionPoolSize = 20;
+    @JsonProperty(CONNECTION_TIMEOUT_MILLIS)
+    protected int connectionTimeoutMillis = -1;
+    @JsonProperty(CONNECTION_TTL_MILLIS)
+    protected int connectionTtlMillis = -1;
+    @JsonProperty(SOCKET_TIMEOUT_MILLIS)
+    protected int socketTimeoutMillis = -1;
     @JsonProperty(ALWAYS_REFRESH_TOKEN)
     protected boolean alwaysRefreshToken = false;
     @JsonProperty(REGISTER_NODE_AT_STARTUP)
@@ -331,6 +341,30 @@ public void setConnectionPoolSize(int connectionPoolSize) {
         this.connectionPoolSize = connectionPoolSize;
     }
 
+    public int getConnectionTimeoutMillis() {
+        return connectionTimeoutMillis;
+    }
+
+    public void setConnectionTimeoutMillis(int connectionTimeoutMillis) {
+        this.connectionTimeoutMillis = connectionTimeoutMillis;
+    }
+
+    public int getConnectionTtlMillis() {
+        return connectionTtlMillis;
+    }
+
+    public void setConnectionTtlMillis(int connectionTtlMillis) {
+        this.connectionTtlMillis = connectionTtlMillis;
+    }
+
+    public int getSocketTimeoutMillis() {
+        return socketTimeoutMillis;
+    }
+
+    public void setSocketTimeoutMillis(int socketTimeoutMillis) {
+        this.socketTimeoutMillis = socketTimeoutMillis;
+    }
+
     public boolean isAlwaysRefreshToken() {
         return alwaysRefreshToken;
     }

diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java
@@ -192,6 +192,11 @@ public void testMissingRequiredConfigurationOption() {
         OidcClientConfigurationBuilder.build(getOidcConfigurationMissingRequiredOption());
     }
 
+    @Test
+    public void testTimeoutConfigurationOptions() throws Exception {
+        OidcClientConfigurationBuilder.build(getOidcConfigurationInputStreamWithTimeoutOptions(5000, 5000, 5000));
+    }
+
     @Test
     public void testSucessfulAuthenticationWithAuthServerUrl() throws Exception {
         performAuthentication(getOidcConfigurationInputStream(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD,
@@ -696,6 +701,23 @@ private InputStream getOidcConfigurationInputStream(String clientSecret, String
         return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
     }
 
+    private InputStream getOidcConfigurationInputStreamWithTimeoutOptions(int connectionTimeoutMillis, int connectionTtlMillis, int socketTimeoutMillis) {
+        String oidcConfig = "{\n" +
+                "    \"realm\" : \"" + TEST_REALM + "\",\n" +
+                "    \"resource\" : \"" + CLIENT_ID + "\",\n" +
+                "    \"public-client\" : \"false\",\n" +
+                "    \"connection-timeout-millis\" : \"" + connectionTimeoutMillis + "\",\n" +
+                "    \"connection-ttl-millis\" : \"" + connectionTtlMillis + "\",\n" +
+                "    \"socket-timeout-millis\" : \"" + socketTimeoutMillis + "\",\n" +
+                "    \"auth-server-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "\",\n" +
+                "    \"ssl-required\" : \"EXTERNAL\",\n" +
+                "    \"credentials\" : {\n" +
+                "        \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+                "    }\n" +
+                "}";
+        return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
+    }
+
     private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpression() {
         String oidcConfig = "{\n" +
                 "    \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" +