<div dir="ltr">Hi!
<div><br></div><div>We have had a couple of strange issues where the HTTP connection pool for the HttpClient used by ServerRequest has been exhausted. Strange thing is, the thread dump on the JVM reports many threads waiting for a connection, but none actually using them.</div><div><br></div><div><div>"http-apr-8080-exec-1" #33 daemon prio=5 os_prio=0 tid=0x00007f5c3400b000 nid=0x723a waiting on condition [0x00007f5bff7f6000]</div><div> java.lang.Thread.State: WAITING (parking)</div><div> at sun.misc.Unsafe.park(Native Method)</div><div> - parking to wait for <0x00000000eb3edac0> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)</div><div> at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)</div><div> at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)</div><div> at org.apache.http.impl.conn.tsccm.WaitingThread.await(WaitingThread.java:159)</div><div> at org.apache.http.impl.conn.tsccm.ConnPoolByRoute.getEntryBlocking(ConnPoolByRoute.java:398)</div><div> at org.apache.http.impl.conn.tsccm.ConnPoolByRoute$1.getPoolEntry(ConnPoolByRoute.java:298)</div><div> at org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager$1.getConnection(ThreadSafeClientConnManager.java:238)</div><div> at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:423)</div><div> at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)</div><div> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)</div><div> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)</div><div> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)</div><div> at org.keycloak.adapters.ServerRequest.invokeRefresh(ServerRequest.java:149)</div><div> at org.keycloak.adapters.RefreshableKeycloakSecurityContext.refreshExpiredToken(RefreshableKeycloakSecurityContext.java:113)</div></div><div><br></div><div>I'm still trying to figure out what's going on here, but while digging around I noticed that the HttpClientBuilder[1] does not set a timeout for obtaining a connection from the pool. Wouldn't it be a good idea to set one? Maybe 30s or so, just to avoid waiting indefinitely. The same applies to socket timeout as well.</div><div><br></div><div>[1] <a href="https://github.com/keycloak/keycloak/blob/1.9.4.Final/services/src/main/java/org/keycloak/connections/httpclient/HttpClientBuilder.java">https://github.com/keycloak/keycloak/blob/1.9.4.Final/services/src/main/java/org/keycloak/connections/httpclient/HttpClientBuilder.java</a></div><div><br></div><div>Best regards,</div><div>Thomas</div></div>