Affects: 5.1.10

Hello,

I needed to configure connectionTimeout and readTimeout for access token providers that are used in OAuth2RestTemplate (by default both those values ar set to hang for ever waiting for either connection or read to succeed). In order to set some values to those timeouts I had to create my own OAuth2RestTemplate deriving from org.springframework.security.oauth2.client.OAuth2RestTemplate that provided possibility to set them up (code pasted below).

I'm using spring-security-oauth2 in version 2.0.10.RELEASE.

Is there a better way to do it?

If not could you provide such possibility?

class OAuth2RestTemplate extends org.springframework.security.oauth2.client.OAuth2RestTemplate {
    private Integer accessProviderConnectionTimeout;
    private Integer accessProviderReadTimeout;

    public OAuth2RestTemplate(OAuth2ProtectedResourceDetails resource) {
        this(resource, new DefaultOAuth2ClientContext());
    }

    public OAuth2RestTemplate(OAuth2ProtectedResourceDetails resource, OAuth2ClientContext context) {
        this(resource, context, null, null);
    }

    public OAuth2RestTemplate(OAuth2ProtectedResourceDetails resource, OAuth2ClientContext context,
                              Integer accessProviderConnectionTimeout, Integer accessProviderReadTimeout) {
        super(resource, context);
        this.accessProviderConnectionTimeout = accessProviderConnectionTimeout;
        this.accessProviderReadTimeout = accessProviderReadTimeout;
        setupRequestFactory();
    }


    private void setupProvidersRequestFactory(OAuth2AccessTokenSupport provider) {
        SimpleClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory() {
            protected void prepareConnection(HttpURLConnection connection, String httpMethod) throws IOException {
                super.prepareConnection(connection, httpMethod);
                connection.setInstanceFollowRedirects(false);
                connection.setUseCaches(false);
            }
        };

        if(accessProviderConnectionTimeout !=null)
            requestFactory.setConnectTimeout(accessProviderConnectionTimeout);
        if(accessProviderReadTimeout !=null)
            requestFactory.setReadTimeout(accessProviderReadTimeout);

        provider.setRequestFactory(requestFactory);
    }

    private void setupRequestFactory() {

        List<? extends AccessTokenProvider> providersList = Stream.of(
                new AuthorizationCodeAccessTokenProvider(),
                new ImplicitAccessTokenProvider(),
                new ResourceOwnerPasswordAccessTokenProvider(),
                new ClientCredentialsAccessTokenProvider()
        )
                .peek(this::setupProvidersRequestFactory)
                .collect(Collectors.toList());

        this.setAccessTokenProvider(new AccessTokenProviderChain(providersList));
    }

}

Comment From: sbrannen

This issue tracker is for the core Spring Framework.

Please open issues specific to Spring Security in the respective issue tracker: https://github.com/spring-projects/spring-security/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc

Alternatively, @rwinch, can you transfer this issue?

(leaving this issue open until the above is confirmed)