Set default timeout when fetching JWKSet for private_key_jwt

martinr0x · jgrandja · commit 8f6593ab2a15 · 2023-11-07T07:57:45.000-05:00
Closes spring-projectsgh-1413
diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionDecoderFactory.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionDecoderFactory.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,6 +28,7 @@
 
 import javax.crypto.spec.SecretKeySpec;
 
+import org.springframework.http.client.SimpleClientHttpRequestFactory;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -51,6 +52,7 @@
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
+import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponentsBuilder;
 
 /**
@@ -87,6 +89,15 @@ public final class JwtClientAssertionDecoderFactory implements JwtDecoderFactory
 		JCA_ALGORITHM_MAPPINGS = Collections.unmodifiableMap(mappings);
 	}
 
+	private static final RestTemplate restTemplate = new RestTemplate();
+
+	static {
+		SimpleClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory();
+		requestFactory.setConnectTimeout(15_000);
+		requestFactory.setReadTimeout(15_000);
+		restTemplate.setRequestFactory(requestFactory);
+	}
+
 	private final Map<String, JwtDecoder> jwtDecoders = new ConcurrentHashMap<>();
 	private Function<RegisteredClient, OAuth2TokenValidator<Jwt>> jwtValidatorFactory = DEFAULT_JWT_VALIDATOR_FACTORY;
 
@@ -124,7 +135,8 @@ private static NimbusJwtDecoder buildDecoder(RegisteredClient registeredClient)
 						JWT_CLIENT_AUTHENTICATION_ERROR_URI);
 				throw new OAuth2AuthenticationException(oauth2Error);
 			}
-			return NimbusJwtDecoder.withJwkSetUri(jwkSetUrl).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm).build();
+			return NimbusJwtDecoder.withJwkSetUri(jwkSetUrl).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm)
+					.restOperations(restTemplate).build();
 		}
 		if (jwsAlgorithm instanceof MacAlgorithm) {
 			String clientSecret = registeredClient.getClientSecret();
