-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to disable Netty connection pool used by Spring security in Spring Cloud Gateway #1493
Comments
Please learn how to properly format code and logs. |
It seems that you are missing
Let me know if this is helpful. |
@OlgaMaciaszek, Thank you so much for your input. I have @configuration in my dev enviroment and also tried configure gateway http client pool as disable in applicaiton.yml but it seems does not impact the HTTP Client used by Spring Secuirty. I will try to update the GitHub demo project based on your input tonight and see how it goes and update the feedback by then. Again thanks a lot for looking into this issue. |
I wouldn't think it would since that client is specific to the gateway. Have you asked in spring security? |
That is what I suspect. The webclient is in Spring Security OAuth2 filter. We also post the question at Spring Security, Also on Reactor-Netty So far no solution or work around yet. We are pending to PROD, this issue makes our Spring Cloud Gateway application login throw 500 error sporadically. It becomes outstanding. We understand this is due to AWS Load Balancing dropping idle connections. I believe this issue will be faced by most of the gateway applications deployed to cloud. We are seeking all kinds of solution or workaround urgently. Your input is greatly appreciated. |
Having three open issues is not very good. Since the issue is in spring security that is the right place. The holidays are starting and many people are on leave. |
Yes, I fully understand. Due to the urgency, also they are quite related and impacted with each other. Each with different perspective. We hope Reactor Netty can solve the issue from the root but also hope Spring Security or Cloud Gateway can have some way to configure it with previous understanding both share the same WebClient configuration which maybe is incorrect. |
@clavinovahan did you ever get to the bottom of this? |
I am facing the exact same issue - @clavinovahan were you able to get this resolved? |
@matjamesymj @smalihaider I've also had problem with this so I've created an issue in the spring-security project: spring-projects/spring-security#12655. We have also worked around this problem, so I'll try to describe it in the issue, hopefully that will help any other folks that will run into this. |
SpringBoot version: 2.2.1
Spring Cloud version: Hoxton.Release
We use Spring cloud gateway with Spring security OAuth2. Spring security OAuth2 use Netty to post request to IDP. We try to disable Netty connection Pool which Spring security OAuth2 uses with the following class but it seems no effect on it.
Spring security OAuth Filter still use Netty connection pool. I still see logs showing r.n.resources.PooledConnectionProvider. How do we configure this in Spring Cloud Gateway Application?
I uploaded the simple demo project to Github at the link below,
https://github.com/hanscrg/Sample-SpringCloudGateway-UAA
It is very simple, UAA is just Identity Provider. Build and run command are listed on the home page. The Gateway project only has 3 files. One file is for Gateway, other two files are trying to customize WebClient or ClientHTTPConnector used by Spring Security filter.
When you hit URL, http://localhost:8080/, the gateway will go through OAuth2 flow and finally show Test OK page. See the logs in Gateway project sample.log, you will find line
[reactor-http-nio-2] r.n.resources.PooledConnectionProvider : Creating new client pool [http] for localhost:8090
That means whatever http client or server customization does not take effective on the reactor.netty.http.client.HttpClientConnect as it still use Pool.
So anyway to disable that Netty Pool and let it create new connection every time?
The text was updated successfully, but these errors were encountered: