Spring Boot 2.2, Spring Security and HTTPS Proxy issue

cmader · October 5, 2020, 8:03pm

I am configuring a REST app as a resource server. So following your blog/articles, I have integration with Okta working for a POC REST app, using Spring Boot 2.0.5 (w spring security 5.0.8), okta-spring-boot-starter 0.6.0, and spring-security-oauth2-autoconfigure 2.0.5. That’s what your example article is using, and I can get an access token from my okta developer auth service, and authenticate to the REST app with it, and everything works great.

I have to configure the https proxy host and port for the JVM, e.g. https.proxyHost, https.proxyPort, without setting those, i get connection failures hitting the okta auth service.

I’ve copied the app, upgraded to Spring boot 2.2.x (with spring security 5.2.2) and okta-spring-boot-start 1.3.0, and get connection timeout trying to hit the openid config, e.g. https://dev-nnnnnn.okta.com/oauth2/default/.well-known/openid-configuration

Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for “https://dev-nnnnnnn.okta.com/oauth2/default/.well-known/openid-configuration”: Connection timed out: connect; nested exception is java.net.ConnectException: Connection timed out: connect
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:748) ~[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:651) ~[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.oauth2.client.registration.ClientRegistrations.lambda$oidc$0(ClientRegistrations.java:147) ~[spring-security-oauth2-client-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at org.springframework.security.oauth2.client.registration.ClientRegistrations.getBuilder(ClientRegistrations.java:192) ~[spring-security-oauth2-client-5.2.2.RELEASE.jar:5.2.2.RELEASE]

It has to be the proxy config, seems the jvm system properties aren’t getting honored, the way they were with the older versions of boot and spring security. I suspect I’ve got to provide httpsProxy config to the RestTemplate being used by Spring Security’s Client Registration, but can’t seem to get it to work. Have tried using a RestTemplateCustomizer.

Do you have any examples of how to configure the proxy with these newer versions of Spring Boot and Spring Security?

cmader · October 6, 2020, 1:17am

update, found this spring security issue, apparently i’m not only run to run into this proxy isse: https://github.com/spring-projects/spring-security/issues/7027

but still a bit confused, would expect that maybe Okta is providing it’s own implementation, so maybe I’ve just got something wrong in the maven pom.

gpadma · October 7, 2020, 6:06pm

Hi @cmader,

This seems to be a known issue in Spring Security.

I hope the suggestion provided in Proxy/Netty: io.netty.channel.ConnectTimeoutException: connection timed out helps.

system · January 25, 2024, 12:42am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Unable to obtain new access token for resource 'null' Questions	4	7269	September 20, 2019
Login problem please help me Questions	9	10117	January 19, 2024
Proxy for Spring Security for React + OIDC Questions	2	4614	January 25, 2024
Cannot connect to issuer uri using spring boot application OAuth/OIDC	9	21543	May 27, 2020
Spring Boot Migration from 1.5.X to 2.1 Questions	2	4947	January 21, 2019

Spring Boot 2.2, Spring Security and HTTPS Proxy issue

Related topics