<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
Hello!
<div class=""><br class="">
</div>
<div class="">I’m using the Keycloak spring security adapter. My clients are using HTTP Basic Authentication, which will then result in a HTTP request to validate those credentials (from the adapter to the keycloak server).</div>
<div class=""><br class="">
</div>
<div class="">The problem is that the adapter does not have a timeout on these remote invocations towards the keycloak server.</div>
<div class=""><br class="">
</div>
<div class="">It only allows configuring the connection pool size, which is default = 100.</div>
<div class=""><br class="">
</div>
<div class="">I have on multiple occations had my main application exhausted of HTTP serving threads because all of them are waiting for keycloak adapter credentials validation (remote invocations). (why the server does not respond is another matter :)</div>
<div class=""><br class="">
</div>
<div class="">I.e. all my HTTP serving threads are stuck in this state:</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""> java.lang.Thread.State: WAITING (parking)</div>
<div class=""> at sun.misc.Unsafe.park(Native Method)</div>
<div class=""> - parking to wait for <0x00000000f15cd418> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)</div>
<div class=""> at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)</div>
<div class=""> at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)</div>
<div class=""> at org.apache.http.impl.conn.tsccm.WaitingThread.await(WaitingThread.java:162)</div>
<div class=""> at org.apache.http.impl.conn.tsccm.ConnPoolByRoute.getEntryBlocking(ConnPoolByRoute.java:400)</div>
<div class=""> at org.apache.http.impl.conn.tsccm.ConnPoolByRoute$1.getPoolEntry(ConnPoolByRoute.java:300)</div>
<div class=""> at org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager$1.getConnection(ThreadSafeClientConnManager.java:242)</div>
<div class=""> at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:424)</div>
<div class=""> at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)</div>
<div class=""> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)</div>
<div class=""> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)</div>
<div class=""> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)</div>
<div class=""><b class=""> at org.keycloak.adapters.BasicAuthRequestAuthenticator.getToken(BasicAuthRequestAuthenticator.java:103)</b></div>
<div class=""><b class=""> at org.keycloak.adapters.BasicAuthRequestAuthenticator.authenticate(BasicAuthRequestAuthenticator.java:75)</b></div>
<div class=""><b class=""> at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:83)</b></div>
<div class=""><b class=""> at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter.attemptAuthentication(KeycloakAuthenticationProcessingFilter.java:137)</b></div>
<div class=""> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)</div>
<div class=""> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)</div>
<div class=""> at no.datek.iot.home.security.InternalClientAuthenticationFilter.doFilterInternal(InternalClientAuthenticationFilter.java:38)</div>
<div class=""> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)</div>
<div class=""> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)</div>
<div class=""> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)</div>
<div class=""> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)</div>
<div class=""> at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:84)</div>
</div>
<div class="">
<div class=""><br class="webkit-block-placeholder">
</div>
<div class="">Is it possible to set a timeout (both for TCP connect and for socket read) on these keycloak adapter outgoing connections? (to prevent the connection pool from blocking)</div>
<div class="">It would also be really nice to be able to set the timeout on getting connections from that pool ("connection manager timeout"), to prevent connections from queueing up even if the other timeouts are set (important if there are lots of connections
coming in).</div>
<div class=""><br class="">
</div>
<div class="">I know apache http client has settings for all these three values.</div>
<div class=""><br class="">
</div>
<div class="">Keep up the good work!</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">Best regards,</div>
<div class=""><br class="">
</div>
<div class="">Christian Schwarz</div>
</div>
<br class="">
</div>
</body>
</html>