-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add HTTP Proxy support #233
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO, both the “standard” Java proxy props should work, and the ones used by the Okta SDK.
that way a user only has to specify the props once 🤔
@VitaliiTytarenko-okta You might want to check out https://github.com/okta/okta-spring-boot#proxy to see if it helps. In theory, setting these JVM properties should work. |
As I mentioned here #57, I think, it's a bad idea to mix these properties. |
We should standardize on Re: the property names, other libraries use the Java proxy properties or directly use the ProxySelector (IIRC OK HTTP uses the ProxySelector). HttpClient also has this implementation: https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/client/SystemDefaultHttpClient.html |
217f87a
to
53d736b
Compare
@bdemers |
Authenticator.setDefault(new ProxyPasswordAuthentication(proxyProperties.getUsername(), | ||
proxyProperties.getPassword().toCharArray())); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't set the default authenticator, this needs to be scoped to this RestTemplate instance
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
public void setHost(String host) { | ||
this.host = host; | ||
} | ||
|
||
public int getPort() { | ||
return port; | ||
} | ||
|
||
public void setPort(int port) { | ||
this.port = port; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: consider validating the Proxy
object above you have an if statement that both host
and port
either both required or both should be missing, but there is no validation, if one of them is missing
@@ -0,0 +1,108 @@ | |||
/* | |||
* Copyright 2020-Present Okta, Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Copyright 2020-Present Okta, Inc. | |
* Copyright 2021-Present Okta, Inc. |
Check other files added in this commit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👌
assertThat "Wrong user", Authenticator.theAuthenticator.getAt("proxyUser"), is("foo") | ||
assertThat "Wrong password", Authenticator.theAuthenticator.getAt("proxyPassword").toString(), is("bar") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: add the word proxy
here
|
||
class OktaOAuth2AutoConfigRestTemplateTest { | ||
private static final String LOCALHOST = "localhost" | ||
private static final int PORT = 7000 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't use a static port for testing, use a random free port, this mockserver should support this out of the box, but if not, just lookup a free port first
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
RestTemplate restTemplate = new OktaOAuth2AutoConfig().restTemplate(properties) | ||
def headers = new HttpHeaders(singletonMap("Cookie", "sessionId=" + sessionId)) | ||
ResponseEntity<OAuth2AccessTokenResponse> response = restTemplate | ||
.exchange("http://base_url.com", HttpMethod.GET, new HttpEntity<String>(headers), OAuth2AccessTokenResponse) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use example.com
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🆗
README.md
Outdated
-Dhttps.proxyPort=port | ||
-Dhttps.proxyUser="user" # optional | ||
-Dhttps.proxyPassword="password". # optional | ||
-Dokta.oauth2.proxy.host=host |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add username
and password
properties here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🆗
README.md
Outdated
``` | ||
|
||
or, you could set it programmatically like: | ||
|
||
```java | ||
System.setProperty("https.proxyHost", "https://example-proxy.com"); | ||
System.setProperty("https.proxyPort", "443"); | ||
System.setProperty("okta.oauth2.proxy.host", "example-proxy.com"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same as above comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🆗
README.md
Outdated
okta: | ||
oauth2: | ||
proxy: | ||
host: "example-proxy.com" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use proxy.example.com
(when possible use example.com
as this is the intended use for this domain)
README.md
Outdated
-Dokta.oauth2.proxy.username=username | ||
-Dokta.oauth2.proxy.password=password |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-Dokta.oauth2.proxy.username=username | |
-Dokta.oauth2.proxy.password=password | |
-Dokta.oauth2.proxy.username=your-username # optional | |
-Dokta.oauth2.proxy.password=your-secret-password # optional |
README.md
Outdated
System.setProperty("okta.oauth2.proxy.host", "proxy.example.com"); | ||
System.setProperty("okta.oauth2.proxy.port", "7000"); | ||
System.setProperty("okta.oauth2.proxy.username", "username"); | ||
System.setProperty("okta.oauth2.proxy.password", "password"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see above suggestion
9472f33
to
ba8f17c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
|
||
OktaOAuth2Properties.Proxy proxyProperties = oktaOAuth2Properties.getProxy(); | ||
Optional<BasicAuthenticationInterceptor> basicAuthenticationInterceptor = Optional.empty(); | ||
if (proxyProperties != null && Strings.hasText(proxyProperties.getHost()) && proxyProperties.getPort() != 0) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit
if (proxyProperties != null && Strings.hasText(proxyProperties.getHost()) && proxyProperties.getPort() != 0) { | |
if (proxyProperties != null && Strings.hasText(proxyProperties.getHost()) && proxyProperties.getPort() > 0) { |
NimbusJwtDecoder decoder = builder.build(); | ||
decoder.setJwtValidator(TokenUtil.jwtValidator(oktaOAuth2Properties.getIssuer(), oktaOAuth2Properties.getAudience())); | ||
return decoder; | ||
} | ||
|
||
private RestTemplate restTemplate() { | ||
private RestTemplate restTemplate(OktaOAuth2Properties oktaOAuth2Properties) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove the duplicate code from: OktaOidcUserService
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After removing the duplicate code, it looks like it's ready to go
143d403
to
9742f52
Compare
9742f52
to
aa2b8a0
Compare
OKTA-336114