KEYCLOAK-3016: BasicAuthRequestAuthenticator now consumes HttpEntity also on errors.

2016-05-18 10:22:56 +03:00 · 2016-05-18 10:22:56 +03:00 · babe94c50d
commit babe94c50d
parent 92db7b3618
4 changed files with 35 additions and 1 deletions
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java
@ -24,6 +24,7 @@ import org.apache.http.client.HttpClient;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.util.EntityUtils;
 import org.jboss.logging.Logger;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.adapters.authentication.ClientCredentialsProviderUtils;
@ -104,6 +105,7 @@ public class BasicAuthRequestAuthenticator extends BearerTokenRequestAuthenticat
        int status = response.getStatusLine().getStatusCode();
        HttpEntity entity = response.getEntity();
        if (status != 200) {
+            EntityUtils.consumeQuietly(entity);
            throw new java.io.IOException("Bad status: " + status);
        }
        if (entity == null) {
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
@ -144,6 +144,11 @@ public class AdapterTest {
        testStrategy.testNullBearerTokenCustomErrorPage();
    }

+    @Test
+    public void testBasicAuthErrorHandling() throws Exception {
+        testStrategy.testBasicAuthErrorHandling();
+    }
+
    /**
     * KEYCLOAK-518
     * @throws Exception
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java
@ -16,6 +16,7 @@
 */
 package org.keycloak.testsuite.adapter;

+import org.apache.http.conn.params.ConnManagerParams;
 import org.junit.Assert;
 import org.junit.rules.ExternalResource;
 import org.keycloak.OAuth2Constants;
@ -428,6 +429,29 @@ public class AdapterTestStrategy extends ExternalResource {

    }

+    /**
+     * KEYCLOAK-3016
+     * @throws Exception
+     */
+    public void testBasicAuthErrorHandling() throws Exception {
+        Client client = ClientBuilder.newClient();
+        WebTarget target = client.target(APP_SERVER_BASE_URL + "/customer-db/");
+        Response response = target.request().get();
+        Assert.assertEquals(401, response.getStatus());
+        response.close();
+
+        // The number of iterations should be HttpClient's connection pool size + 1.
+        final int LIMIT = ConnManagerParams.DEFAULT_MAX_TOTAL_CONNECTIONS + 1;
+        for (int i = 0; i < LIMIT; i++) {
+            System.out.println("Testing Basic Auth with bad credentials " + i);
+            response = target.request().header(HttpHeaders.AUTHORIZATION, "Basic dXNlcm5hbWU6cGFzc3dvcmQ=").get();
+            Assert.assertEquals(401, response.getStatus());
+            response.close();
+        }
+
+        client.close();
+    }
+
    /**
     * KEYCLOAK-518
     * @throws Exception
--- a/testsuite/integration/src/test/resources/log4j.properties
+++ b/testsuite/integration/src/test/resources/log4j.properties
@ -67,4 +67,7 @@ log4j.logger.org.hibernate=off
 log4j.logger.org.jboss.resteasy=warn
 log4j.logger.org.apache.directory.api=warn
 log4j.logger.org.apache.directory.server.core=warn
-log4j.logger.org.apache.directory.server.ldap.LdapProtocolHandler=error
+log4j.logger.org.apache.directory.server.ldap.LdapProtocolHandler=error
+
+# Enable to view HttpClient connection pool activity
+#log4j.logger.org.apache.http.impl.conn=debug