Skip to content

Commit 423887b

Browse files
author
Fridolin Jackstadt
committed
Add timeout parameter to critical remote http call in mutex section
1 parent 6f1232c commit 423887b

File tree

1 file changed

+18
-1
lines changed

1 file changed

+18
-1
lines changed

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@
4242
import com.nimbusds.jose.jwk.source.JWKSetSource;
4343
import com.nimbusds.jose.jwk.source.JWKSource;
4444
import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
45+
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
4546
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
4647
import com.nimbusds.jose.proc.JOSEObjectTypeVerifier;
4748
import com.nimbusds.jose.proc.JWSKeySelector;
@@ -66,6 +67,7 @@
6667
import org.springframework.http.MediaType;
6768
import org.springframework.http.RequestEntity;
6869
import org.springframework.http.ResponseEntity;
70+
import org.springframework.http.client.SimpleClientHttpRequestFactory;
6971
import org.springframework.security.oauth2.core.OAuth2Error;
7072
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
7173
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
@@ -293,7 +295,7 @@ public static final class JwkSetUriJwtDecoderBuilder {
293295

294296
private final Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>();
295297

296-
private RestOperations restOperations = new RestTemplate();
298+
private RestOperations restOperations = new RestTemplateWithTimeouts();
297299

298300
private Cache cache = new NoOpCache("default");
299301

@@ -545,6 +547,21 @@ public void close() {
545547

546548
}
547549

550+
/**
551+
* A RestTemplate with timeouts configured to avoid blocking indefinitely when
552+
* fetching JWK Sets while holding the reentrantLock.
553+
*/
554+
private static final class RestTemplateWithTimeouts extends RestTemplate {
555+
556+
private RestTemplateWithTimeouts () {
557+
SimpleClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory();
558+
requestFactory.setConnectTimeout(RemoteJWKSet.DEFAULT_HTTP_CONNECT_TIMEOUT);
559+
requestFactory.setReadTimeout(RemoteJWKSet.DEFAULT_HTTP_READ_TIMEOUT);
560+
setRequestFactory(requestFactory);
561+
}
562+
563+
}
564+
548565
/**
549566
* A builder for creating {@link NimbusJwtDecoder} instances based on a public key.
550567
*/

0 commit comments

Comments
 (0)