Spring Boot 2.2, Spring Security and HTTPS Proxy issue

I am configuring a REST app as a resource server. So following your blog/articles, I have integration with Okta working for a POC REST app, using Spring Boot 2.0.5 (w spring security 5.0.8), okta-spring-boot-starter 0.6.0, and spring-security-oauth2-autoconfigure 2.0.5. That’s what your example article is using, and I can get an access token from my okta developer auth service, and authenticate to the REST app with it, and everything works great.

I have to configure the https proxy host and port for the JVM, e.g. https.proxyHost, https.proxyPort, without setting those, i get connection failures hitting the okta auth service.

I’ve copied the app, upgraded to Spring boot 2.2.x (with spring security 5.2.2) and okta-spring-boot-start 1.3.0, and get connection timeout trying to hit the openid config, e.g. https://dev-nnnnnn.okta.com/oauth2/default/.well-known/openid-configuration

Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for “https://dev-nnnnnnn.okta.com/oauth2/default/.well-known/openid-configuration”: Connection timed out: connect; nested exception is java.net.ConnectException: Connection timed out: connect
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:748) ~[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:651) ~[spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.security.oauth2.client.registration.ClientRegistrations.lambda$oidc$0(ClientRegistrations.java:147) ~[spring-security-oauth2-client-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at org.springframework.security.oauth2.client.registration.ClientRegistrations.getBuilder(ClientRegistrations.java:192) ~[spring-security-oauth2-client-5.2.2.RELEASE.jar:5.2.2.RELEASE]

It has to be the proxy config, seems the jvm system properties aren’t getting honored, the way they were with the older versions of boot and spring security. I suspect I’ve got to provide httpsProxy config to the RestTemplate being used by Spring Security’s Client Registration, but can’t seem to get it to work. Have tried using a RestTemplateCustomizer.

Do you have any examples of how to configure the proxy with these newer versions of Spring Boot and Spring Security?

update, found this spring security issue, apparently i’m not only run to run into this proxy isse: https://github.com/spring-projects/spring-security/issues/7027

but still a bit confused, would expect that maybe Okta is providing it’s own implementation, so maybe I’ve just got something wrong in the maven pom.

Hi @cmader,

This seems to be a known issue in Spring Security.

I hope the suggestion provided in Proxy/Netty: io.netty.channel.ConnectTimeoutException: connection timed out helps.