Add HTTP Proxy support #233
Conversation
VitaliiTytarenko-okta
requested review from
arvindkrishnakumar-okta,
sergiishamrai-okta and
bdemers
@VitaliiTytarenko-okta You might want to check out https://github.com/okta/okta-spring-boot#proxy to see if it helps. In theory, setting these JVM properties should work. |
As I mentioned here #57, I think, it's a bad idea to mix these properties. |
|
We should standardize on Re: the property names, other libraries use the Java proxy properties or directly use the ProxySelector (IIRC OK HTTP uses the ProxySelector). HttpClient also has this implementation: https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/client/SystemDefaultHttpClient.html |
VitaliiTytarenko-okta
force-pushed
the
add-proxy_support
branch
from
217f87a
to
53d736b
Compare
|
@bdemers |
| Authenticator.setDefault(new ProxyPasswordAuthentication(proxyProperties.getUsername(), | ||
| proxyProperties.getPassword().toCharArray())); |
There was a problem hiding this comment.
Don't set the default authenticator, this needs to be scoped to this RestTemplate instance
| public void setHost(String host) { | ||
| this.host = host; | ||
| } | ||
|
|
||
| public int getPort() { | ||
| return port; | ||
| } | ||
|
|
||
| public void setPort(int port) { | ||
| this.port = port; | ||
| } |
There was a problem hiding this comment.
nit: consider validating the Proxy object above you have an if statement that both host and port either both required or both should be missing, but there is no validation, if one of them is missing
| @@ -0,0 +1,108 @@ | |||
| /* | |||
| * Copyright 2020-Present Okta, Inc. | |||
There was a problem hiding this comment.
| * Copyright 2020-Present Okta, Inc. | |
| * Copyright 2021-Present Okta, Inc. |
Check other files added in this commit
| assertThat "Wrong user", Authenticator.theAuthenticator.getAt("proxyUser"), is("foo") | ||
| assertThat "Wrong password", Authenticator.theAuthenticator.getAt("proxyPassword").toString(), is("bar") |
There was a problem hiding this comment.
nit: add the word proxy here
|
|
||
| class OktaOAuth2AutoConfigRestTemplateTest { | ||
| private static final String LOCALHOST = "localhost" | ||
| private static final int PORT = 7000 |
There was a problem hiding this comment.
Don't use a static port for testing, use a random free port, this mockserver should support this out of the box, but if not, just lookup a free port first
| RestTemplate restTemplate = new OktaOAuth2AutoConfig().restTemplate(properties) | ||
| def headers = new HttpHeaders(singletonMap("Cookie", "sessionId=" + sessionId)) | ||
| ResponseEntity<OAuth2AccessTokenResponse> response = restTemplate | ||
| .exchange("http://base_url.com", HttpMethod.GET, new HttpEntity<String>(headers), OAuth2AccessTokenResponse) |
README.md
Outdated
| -Dhttps.proxyPort=port | ||
| -Dhttps.proxyUser="user" # optional | ||
| -Dhttps.proxyPassword="password". # optional | ||
| -Dokta.oauth2.proxy.host=host |
There was a problem hiding this comment.
Please add username and password properties here.
README.md
Outdated
| ``` | ||
|
|
||
| or, you could set it programmatically like: | ||
|
|
||
| ```java | ||
| System.setProperty("https.proxyHost", "https://example-proxy.com"); | ||
| System.setProperty("https.proxyPort", "443"); | ||
| System.setProperty("okta.oauth2.proxy.host", "example-proxy.com"); |
There was a problem hiding this comment.
same as above comment.
README.md
Outdated
| okta: | ||
| oauth2: | ||
| proxy: | ||
| host: "example-proxy.com" |
There was a problem hiding this comment.
use proxy.example.com (when possible use example.com as this is the intended use for this domain)
README.md
Outdated
| -Dokta.oauth2.proxy.username=username | ||
| -Dokta.oauth2.proxy.password=password |
There was a problem hiding this comment.
| -Dokta.oauth2.proxy.username=username | |
| -Dokta.oauth2.proxy.password=password | |
| -Dokta.oauth2.proxy.username=your-username # optional | |
| -Dokta.oauth2.proxy.password=your-secret-password # optional |
README.md
Outdated
| System.setProperty("okta.oauth2.proxy.host", "proxy.example.com"); | ||
| System.setProperty("okta.oauth2.proxy.port", "7000"); | ||
| System.setProperty("okta.oauth2.proxy.username", "username"); | ||
| System.setProperty("okta.oauth2.proxy.password", "password"); |
VitaliiTytarenko-okta
force-pushed
the
add-proxy_support
branch
from
9472f33
to
ba8f17c
Compare
|
|
||
| OktaOAuth2Properties.Proxy proxyProperties = oktaOAuth2Properties.getProxy(); | ||
| Optional<BasicAuthenticationInterceptor> basicAuthenticationInterceptor = Optional.empty(); | ||
| if (proxyProperties != null && Strings.hasText(proxyProperties.getHost()) && proxyProperties.getPort() != 0) { |
There was a problem hiding this comment.
nit
| if (proxyProperties != null && Strings.hasText(proxyProperties.getHost()) && proxyProperties.getPort() != 0) { | |
| if (proxyProperties != null && Strings.hasText(proxyProperties.getHost()) && proxyProperties.getPort() > 0) { |
| NimbusJwtDecoder decoder = builder.build(); | ||
| decoder.setJwtValidator(TokenUtil.jwtValidator(oktaOAuth2Properties.getIssuer(), oktaOAuth2Properties.getAudience())); | ||
| return decoder; | ||
| } | ||
|
|
||
| private RestTemplate restTemplate() { | ||
| private RestTemplate restTemplate(OktaOAuth2Properties oktaOAuth2Properties) { |
There was a problem hiding this comment.
Remove the duplicate code from: OktaOidcUserService
VitaliiTytarenko-okta
force-pushed
the
add-proxy_support
branch
2 times, most recently
from
143d403
to
9742f52
Compare
VitaliiTytarenko-okta
force-pushed
the
add-proxy_support
branch
from
9742f52
to
aa2b8a0
Compare
OKTA-336114