Skip to content

Commit 8a8ed0a

Browse files
gnodetclaude
gnodet
and
claude
committed
Fix OAuth2 test flakiness caused by Response and WebClient resource leaks
Close Response objects in OAuth2TestUtils.getLocation() methods using try-finally blocks to prevent connection pool exhaustion under CI load. Close WebClient instances in AuthorizationGrantTest and PublicClientTest after use to release HTTP connections. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 6d3209a commit 8a8ed0a

3 files changed

Lines changed: 49 additions & 5 deletions

File tree

systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -125,8 +125,12 @@ public static String getLocation(WebClient client, AuthorizationCodeParameters p
125125

126126
client.path(parameters.getPath());
127127
Response response = client.get();
128-
129-
OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
128+
OAuthAuthorizationData authzData;
129+
try {
130+
authzData = response.readEntity(OAuthAuthorizationData.class);
131+
} finally {
132+
response.close();
133+
}
130134
return getLocation(client, authzData, parameters.getState());
131135
}
132136

@@ -159,7 +163,12 @@ public static String getLocation(WebClient client, OAuthAuthorizationData authzD
159163
form.param("oauthDecision", "allow");
160164

161165
Response response = client.post(form);
162-
String location = response.getHeaderString("Location");
166+
String location;
167+
try {
168+
location = response.getHeaderString("Location");
169+
} finally {
170+
response.close();
171+
}
163172
if (state != null) {
164173
Assert.assertTrue(location.contains("state=" + state));
165174
}

systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -126,13 +126,15 @@ public void testAuthorizationCodeGrant() throws Exception {
126126
// Get Authorization Code
127127
String code = OAuth2TestUtils.getAuthorizationCode(client);
128128
assertNotNull(code);
129+
client.close();
129130

130131
// Now get the access token
131132
client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
132133

133134
ClientAccessToken accessToken =
134135
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
135136
assertNotNull(accessToken.getTokenKey());
137+
client.close();
136138

137139
if (isAccessTokenInJWTFormat()) {
138140
validateAccessToken(accessToken.getTokenKey());
@@ -165,13 +167,15 @@ public void testAuthorizationCodeGrantPOST() throws Exception {
165167
String location = OAuth2TestUtils.getLocation(client, authzData, null);
166168
String code = OAuth2TestUtils.getSubstring(location, "code");
167169
assertNotNull(code);
170+
client.close();
168171

169172
// Now get the access token
170173
client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
171174

172175
ClientAccessToken accessToken =
173176
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
174177
assertNotNull(accessToken.getTokenKey());
178+
client.close();
175179

176180
if (isAccessTokenInJWTFormat()) {
177181
validateAccessToken(accessToken.getTokenKey());
@@ -190,6 +194,7 @@ public void testAuthorizationCodeGrantRefresh() throws Exception {
190194
// Get Authorization Code
191195
String code = OAuth2TestUtils.getAuthorizationCode(client);
192196
assertNotNull(code);
197+
client.close();
193198

194199
// Now get the access token
195200
client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
@@ -214,6 +219,7 @@ public void testAuthorizationCodeGrantRefresh() throws Exception {
214219
accessToken = client.post(form, ClientAccessToken.class);
215220
assertNotNull(accessToken.getTokenKey());
216221
assertNotNull(accessToken.getRefreshToken());
222+
client.close();
217223

218224
if (isAccessTokenInJWTFormat()) {
219225
validateAccessToken(accessToken.getTokenKey());
@@ -232,6 +238,7 @@ public void testAuthorizationCodeGrantRefreshWithScope() throws Exception {
232238
// Get Authorization Code
233239
String code = OAuth2TestUtils.getAuthorizationCode(client, "read_balance");
234240
assertNotNull(code);
241+
client.close();
235242

236243
// Now get the access token
237244
client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
@@ -258,6 +265,7 @@ public void testAuthorizationCodeGrantRefreshWithScope() throws Exception {
258265
assertNotNull(accessToken.getTokenKey());
259266
assertNotNull(accessToken.getRefreshToken());
260267
assertEquals("read_balance", accessToken.getApprovedScope());
268+
client.close();
261269

262270
if (isAccessTokenInJWTFormat()) {
263271
validateAccessToken(accessToken.getTokenKey());
@@ -277,6 +285,7 @@ public void testAuthorizationCodeGrantRefreshWithoutScope() throws Exception {
277285
// Get Authorization Code
278286
String code = OAuth2TestUtils.getAuthorizationCode(client, "read_balance");
279287
assertNotNull(code);
288+
client.close();
280289

281290
// Now get the access token
282291
client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
@@ -302,6 +311,7 @@ public void testAuthorizationCodeGrantRefreshWithoutScope() throws Exception {
302311
assertNotNull(accessToken.getTokenKey());
303312
assertNotNull(accessToken.getRefreshToken());
304313
// assertEquals("read_balance", accessToken.getApprovedScope());
314+
client.close();
305315

306316
if (isAccessTokenInJWTFormat()) {
307317
validateAccessToken(accessToken.getTokenKey());
@@ -320,13 +330,15 @@ public void testAuthorizationCodeGrantWithScope() throws Exception {
320330
// Get Authorization Code
321331
String code = OAuth2TestUtils.getAuthorizationCode(client, "read_balance");
322332
assertNotNull(code);
333+
client.close();
323334

324335
// Now get the access token
325336
client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
326337

327338
ClientAccessToken accessToken =
328339
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
329340
assertNotNull(accessToken.getTokenKey());
341+
client.close();
330342
}
331343

332344
@org.junit.Test
@@ -343,13 +355,15 @@ public void testAuthorizationCodeGrantWithState() throws Exception {
343355
String code = OAuth2TestUtils.getAuthorizationCode(client, "read_balance", "consumer-id",
344356
null, state);
345357
assertNotNull(code);
358+
client.close();
346359

347360
// Now get the access token
348361
client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
349362

350363
ClientAccessToken accessToken =
351364
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
352365
assertNotNull(accessToken.getTokenKey());
366+
client.close();
353367
}
354368

355369
@org.junit.Test
@@ -364,6 +378,7 @@ public void testAuthorizationCodeGrantWithAudience() throws Exception {
364378
// Get Authorization Code
365379
String code = OAuth2TestUtils.getAuthorizationCode(client, null, "consumer-id-aud");
366380
assertNotNull(code);
381+
client.close();
367382

368383
// Now get the access token
369384
client = WebClient.create(address, "consumer-id-aud", "this-is-a-secret", null);
@@ -383,6 +398,7 @@ public void testAuthorizationCodeGrantWithAudience() throws Exception {
383398
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code,
384399
"consumer-id-aud", audience);
385400
assertNotNull(accessToken.getTokenKey());
401+
client.close();
386402
}
387403

388404
@org.junit.Test
@@ -414,10 +430,15 @@ public void testImplicitGrant() throws Exception {
414430
form.param("oauthDecision", "allow");
415431

416432
Response response = client.post(form);
417-
418-
String location = response.getHeaderString("Location");
433+
String location;
434+
try {
435+
location = response.getHeaderString("Location");
436+
} finally {
437+
response.close();
438+
}
419439
String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
420440
assertNotNull(accessToken);
441+
client.close();
421442

422443
if (isAccessTokenInJWTFormat()) {
423444
validateAccessToken(accessToken);
@@ -442,6 +463,7 @@ public void testPasswordsCredentialsGrant() throws Exception {
442463
ClientAccessToken accessToken = client.post(form, ClientAccessToken.class);
443464
assertNotNull(accessToken.getTokenKey());
444465
assertNotNull(accessToken.getRefreshToken());
466+
client.close();
445467

446468
if (isAccessTokenInJWTFormat()) {
447469
validateAccessToken(accessToken.getTokenKey());
@@ -464,6 +486,7 @@ public void testClientCredentialsGrant() throws Exception {
464486
ClientAccessToken accessToken = client.post(form, ClientAccessToken.class);
465487
assertNotNull(accessToken.getTokenKey());
466488
assertNotNull(accessToken.getRefreshToken());
489+
client.close();
467490

468491
if (isAccessTokenInJWTFormat()) {
469492
validateAccessToken(accessToken.getTokenKey());
@@ -491,6 +514,7 @@ public void testSAMLAuthorizationGrant() throws Exception {
491514
ClientAccessToken accessToken = client.post(form, ClientAccessToken.class);
492515
assertNotNull(accessToken.getTokenKey());
493516
assertNotNull(accessToken.getRefreshToken());
517+
client.close();
494518

495519
if (isAccessTokenInJWTFormat()) {
496520
validateAccessToken(accessToken.getTokenKey());
@@ -519,6 +543,7 @@ public void testJWTAuthorizationGrant() throws Exception {
519543
ClientAccessToken accessToken = client.post(form, ClientAccessToken.class);
520544
assertNotNull(accessToken.getTokenKey());
521545
assertNotNull(accessToken.getRefreshToken());
546+
client.close();
522547

523548
if (isAccessTokenInJWTFormat()) {
524549
validateAccessToken(accessToken.getTokenKey());

systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,8 @@ public void testAuthorizationCodeGrantNoRedirectURI() throws Exception {
111111
fail("Failure expected on a missing (registered) redirectURI");
112112
} catch (Exception ex) {
113113
// expected
114+
} finally {
115+
client.close();
114116
}
115117
}
116118

@@ -166,12 +168,14 @@ private void testPKCE(CodeVerifierTransformer transformer) {
166168
String location = OAuth2TestUtils.getLocation(client, parameters);
167169
String code = OAuth2TestUtils.getSubstring(location, "code");
168170
assertNotNull(code);
171+
client.close();
169172

170173
// Now get the access token
171174
client = WebClient.create(tokenServiceAddress, busFile.toString());
172175
ClientAccessToken accessToken =
173176
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier);
174177
assertNotNull(accessToken.getTokenKey());
178+
client.close();
175179
}
176180

177181
private void testPKCEMissingVerifier(CodeVerifierTransformer transformer) {
@@ -196,6 +200,7 @@ private void testPKCEMissingVerifier(CodeVerifierTransformer transformer) {
196200
String location = OAuth2TestUtils.getLocation(client, parameters);
197201
String code = OAuth2TestUtils.getSubstring(location, "code");
198202
assertNotNull(code);
203+
client.close();
199204

200205
// Now get the access token
201206
client = WebClient.create(tokenServiceAddress, busFile.toString());
@@ -204,6 +209,8 @@ private void testPKCEMissingVerifier(CodeVerifierTransformer transformer) {
204209
fail("Failure expected on a missing verifier");
205210
} catch (OAuthServiceException ex) {
206211
assertFalse(ex.getError().getError().isEmpty());
212+
} finally {
213+
client.close();
207214
}
208215
}
209216

@@ -229,6 +236,7 @@ private void testPKCEDifferentVerifier(CodeVerifierTransformer transformer) {
229236
String location = OAuth2TestUtils.getLocation(client, parameters);
230237
String code = OAuth2TestUtils.getSubstring(location, "code");
231238
assertNotNull(code);
239+
client.close();
232240

233241
// Now get the access token
234242
client = WebClient.create(tokenServiceAddress, busFile.toString());
@@ -239,6 +247,8 @@ private void testPKCEDifferentVerifier(CodeVerifierTransformer transformer) {
239247
fail("Failure expected on a different verifier");
240248
} catch (OAuthServiceException ex) {
241249
assertFalse(ex.getError().getError().isEmpty());
250+
} finally {
251+
client.close();
242252
}
243253
}
244254

0 commit comments

Comments
 (0)