Merge pull request #2855 from raehalme/KEYCLOAK-3016-master

KEYCLOAK-3016: BasicAuthRequestAuthenticator consumes HttpEntity on errors

adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java

@@ -24,6 +24,7 @@ import org.apache.http.client.HttpClient;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.util.EntityUtils;
 import org.jboss.logging.Logger;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.adapters.authentication.ClientCredentialsProviderUtils;
@@ -104,6 +105,7 @@ public class BasicAuthRequestAuthenticator extends BearerTokenRequestAuthenticat
         int status = response.getStatusLine().getStatusCode();
         HttpEntity entity = response.getEntity();
         if (status != 200) {
+            EntityUtils.consumeQuietly(entity);
             throw new java.io.IOException("Bad status: " + status);
         }
         if (entity == null) {

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java

@@ -144,6 +144,11 @@ public class AdapterTest {
         testStrategy.testNullBearerTokenCustomErrorPage();
     }
 
+    @Test
+    public void testBasicAuthErrorHandling() throws Exception {
+        testStrategy.testBasicAuthErrorHandling();
+    }
+
     /**
      * KEYCLOAK-518
      * @throws Exception

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java

@@ -16,6 +16,7 @@
  */
 package org.keycloak.testsuite.adapter;
 
+import org.apache.http.conn.params.ConnManagerParams;
 import org.junit.Assert;
 import org.junit.rules.ExternalResource;
 import org.keycloak.OAuth2Constants;
@@ -428,6 +429,29 @@ public class AdapterTestStrategy extends ExternalResource {
 
     }
 
+    /**
+     * KEYCLOAK-3016
+     * @throws Exception
+     */
+    public void testBasicAuthErrorHandling() throws Exception {
+        Client client = ClientBuilder.newClient();
+        WebTarget target = client.target(APP_SERVER_BASE_URL + "/customer-db/");
+        Response response = target.request().get();
+        Assert.assertEquals(401, response.getStatus());
+        response.close();
+
+        // The number of iterations should be HttpClient's connection pool size + 1.
+        final int LIMIT = ConnManagerParams.DEFAULT_MAX_TOTAL_CONNECTIONS + 1;
+        for (int i = 0; i < LIMIT; i++) {
+            System.out.println("Testing Basic Auth with bad credentials " + i);
+            response = target.request().header(HttpHeaders.AUTHORIZATION, "Basic dXNlcm5hbWU6cGFzc3dvcmQ=").get();
+            Assert.assertEquals(401, response.getStatus());
+            response.close();
+        }
+
+        client.close();
+    }
+
     /**
      * KEYCLOAK-518
      * @throws Exception

testsuite/integration/src/test/resources/log4j.properties

@@ -68,3 +68,6 @@ log4j.logger.org.jboss.resteasy=warn
 log4j.logger.org.apache.directory.api=warn
 log4j.logger.org.apache.directory.server.core=warn
 log4j.logger.org.apache.directory.server.ldap.LdapProtocolHandler=error
+
+# Enable to view HttpClient connection pool activity
+#log4j.logger.org.apache.http.impl.conn=debug