This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/main by this push:
     new cf0a9477510 Fix OAuth2 test flakiness caused by Response and WebClient 
resource leaks (#2969)
cf0a9477510 is described below

commit cf0a947751006797e0b003c83687352816736107
Author: Guillaume Nodet <[email protected]>
AuthorDate: Thu May 7 11:41:36 2026 +0200

    Fix OAuth2 test flakiness caused by Response and WebClient resource leaks 
(#2969)
    
    Close Response objects in OAuth2TestUtils.getLocation() methods using
    try-finally blocks to prevent connection pool exhaustion under CI load.
    Close WebClient instances in AuthorizationGrantTest and PublicClientTest
    after use to release HTTP connections.
    
    Co-authored-by: Claude Opus 4.6 <[email protected]>
---
 .../security/oauth2/common/OAuth2TestUtils.java    | 15 ++++++++---
 .../oauth2/grants/AuthorizationGrantTest.java      | 29 ++++++++++++++++++++--
 .../security/oauth2/grants/PublicClientTest.java   | 10 ++++++++
 3 files changed, 49 insertions(+), 5 deletions(-)

diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index ca99309632a..4f15cc0fafc 100644
--- 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -125,8 +125,12 @@ public final class OAuth2TestUtils {
 
         client.path(parameters.getPath());
         Response response = client.get();
-
-        OAuthAuthorizationData authzData = 
response.readEntity(OAuthAuthorizationData.class);
+        OAuthAuthorizationData authzData;
+        try {
+            authzData = response.readEntity(OAuthAuthorizationData.class);
+        } finally {
+            response.close();
+        }
         return getLocation(client, authzData, parameters.getState());
     }
 
@@ -159,7 +163,12 @@ public final class OAuth2TestUtils {
         form.param("oauthDecision", "allow");
 
         Response response = client.post(form);
-        String location = response.getHeaderString("Location");
+        String location;
+        try {
+            location = response.getHeaderString("Location");
+        } finally {
+            response.close();
+        }
         if (state != null) {
             Assert.assertTrue(location.contains("state=" + state));
         }
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index 30faa1ba16d..e1b94ff43c1 100644
--- 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -129,6 +129,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         // Get Authorization Code
         String code = OAuth2TestUtils.getAuthorizationCode(client);
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(address, "consumer-id", "this-is-a-secret", 
null);
@@ -136,6 +137,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
         assertNotNull(accessToken.getTokenKey());
+        client.close();
 
         if (isAccessTokenInJWTFormat()) {
             validateAccessToken(accessToken.getTokenKey());
@@ -168,6 +170,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         String location = OAuth2TestUtils.getLocation(client, authzData, null);
         String code =  OAuth2TestUtils.getSubstring(location, "code");
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(address, "consumer-id", "this-is-a-secret", 
null);
@@ -175,6 +178,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
         assertNotNull(accessToken.getTokenKey());
+        client.close();
 
         if (isAccessTokenInJWTFormat()) {
             validateAccessToken(accessToken.getTokenKey());
@@ -193,6 +197,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         // Get Authorization Code
         String code = OAuth2TestUtils.getAuthorizationCode(client);
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
@@ -217,6 +222,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         accessToken = client.post(form, ClientAccessToken.class);
         assertNotNull(accessToken.getTokenKey());
         assertNotNull(accessToken.getRefreshToken());
+        client.close();
 
         if (isAccessTokenInJWTFormat()) {
             validateAccessToken(accessToken.getTokenKey());
@@ -235,6 +241,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         // Get Authorization Code
         String code = OAuth2TestUtils.getAuthorizationCode(client, 
"read_balance");
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
@@ -261,6 +268,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         assertNotNull(accessToken.getTokenKey());
         assertNotNull(accessToken.getRefreshToken());
         assertEquals("read_balance", accessToken.getApprovedScope());
+        client.close();
 
         if (isAccessTokenInJWTFormat()) {
             validateAccessToken(accessToken.getTokenKey());
@@ -280,6 +288,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         // Get Authorization Code
         String code = OAuth2TestUtils.getAuthorizationCode(client, 
"read_balance");
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
@@ -305,6 +314,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         assertNotNull(accessToken.getTokenKey());
         assertNotNull(accessToken.getRefreshToken());
 //        assertEquals("read_balance", accessToken.getApprovedScope());
+        client.close();
 
         if (isAccessTokenInJWTFormat()) {
             validateAccessToken(accessToken.getTokenKey());
@@ -323,6 +333,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         // Get Authorization Code
         String code = OAuth2TestUtils.getAuthorizationCode(client, 
"read_balance");
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(address, "consumer-id", "this-is-a-secret", 
null);
@@ -330,6 +341,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
         assertNotNull(accessToken.getTokenKey());
+        client.close();
     }
 
     @org.junit.Test
@@ -346,6 +358,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         String code = OAuth2TestUtils.getAuthorizationCode(client, 
"read_balance", "consumer-id",
                                                            null, state);
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(address, "consumer-id", "this-is-a-secret", 
null);
@@ -353,6 +366,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
         assertNotNull(accessToken.getTokenKey());
+        client.close();
     }
 
     @org.junit.Test
@@ -367,6 +381,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         // Get Authorization Code
         String code = OAuth2TestUtils.getAuthorizationCode(client, null, 
"consumer-id-aud");
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(address, "consumer-id-aud", 
"this-is-a-secret", null);
@@ -386,6 +401,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code,
                                                                 
"consumer-id-aud", audience);
         assertNotNull(accessToken.getTokenKey());
+        client.close();
     }
 
     @org.junit.Test
@@ -417,10 +433,15 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         form.param("oauthDecision", "allow");
 
         Response response = client.post(form);
-
-        String location = response.getHeaderString("Location");
+        String location;
+        try {
+            location = response.getHeaderString("Location");
+        } finally {
+            response.close();
+        }
         String accessToken = OAuth2TestUtils.getSubstring(location, 
"access_token");
         assertNotNull(accessToken);
+        client.close();
 
         if (isAccessTokenInJWTFormat()) {
             validateAccessToken(accessToken);
@@ -445,6 +466,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         ClientAccessToken accessToken = client.post(form, 
ClientAccessToken.class);
         assertNotNull(accessToken.getTokenKey());
         assertNotNull(accessToken.getRefreshToken());
+        client.close();
 
         if (isAccessTokenInJWTFormat()) {
             validateAccessToken(accessToken.getTokenKey());
@@ -467,6 +489,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         ClientAccessToken accessToken = client.post(form, 
ClientAccessToken.class);
         assertNotNull(accessToken.getTokenKey());
         assertNotNull(accessToken.getRefreshToken());
+        client.close();
 
         if (isAccessTokenInJWTFormat()) {
             validateAccessToken(accessToken.getTokenKey());
@@ -494,6 +517,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         ClientAccessToken accessToken = client.post(form, 
ClientAccessToken.class);
         assertNotNull(accessToken.getTokenKey());
         assertNotNull(accessToken.getRefreshToken());
+        client.close();
 
         if (isAccessTokenInJWTFormat()) {
             validateAccessToken(accessToken.getTokenKey());
@@ -522,6 +546,7 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
         ClientAccessToken accessToken = client.post(form, 
ClientAccessToken.class);
         assertNotNull(accessToken.getTokenKey());
         assertNotNull(accessToken.getRefreshToken());
+        client.close();
 
         if (isAccessTokenInJWTFormat()) {
             validateAccessToken(accessToken.getTokenKey());
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
index c1d4d1dfbf0..a5f758b0c4d 100644
--- 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
@@ -112,6 +112,8 @@ public class PublicClientTest extends 
AbstractClientServerTestBase {
             fail("Failure expected on a missing (registered) redirectURI");
         } catch (Exception ex) {
             // expected
+        } finally {
+            client.close();
         }
     }
 
@@ -167,12 +169,14 @@ public class PublicClientTest extends 
AbstractClientServerTestBase {
         String location = OAuth2TestUtils.getLocation(client, parameters);
         String code = OAuth2TestUtils.getSubstring(location, "code");
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(tokenServiceAddress, busFile.toString());
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, 
"consumer-id", null, codeVerifier);
         assertNotNull(accessToken.getTokenKey());
+        client.close();
     }
 
     private void testPKCEMissingVerifier(CodeVerifierTransformer transformer) {
@@ -197,6 +201,7 @@ public class PublicClientTest extends 
AbstractClientServerTestBase {
         String location = OAuth2TestUtils.getLocation(client, parameters);
         String code = OAuth2TestUtils.getSubstring(location, "code");
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(tokenServiceAddress, busFile.toString());
@@ -205,6 +210,8 @@ public class PublicClientTest extends 
AbstractClientServerTestBase {
             fail("Failure expected on a missing verifier");
         } catch (OAuthServiceException ex) {
             assertFalse(ex.getError().getError().isEmpty());
+        } finally {
+            client.close();
         }
     }
 
@@ -230,6 +237,7 @@ public class PublicClientTest extends 
AbstractClientServerTestBase {
         String location = OAuth2TestUtils.getLocation(client, parameters);
         String code = OAuth2TestUtils.getSubstring(location, "code");
         assertNotNull(code);
+        client.close();
 
         // Now get the access token
         client = WebClient.create(tokenServiceAddress, busFile.toString());
@@ -240,6 +248,8 @@ public class PublicClientTest extends 
AbstractClientServerTestBase {
             fail("Failure expected on a different verifier");
         } catch (OAuthServiceException ex) {
             assertFalse(ex.getError().getError().isEmpty());
+        } finally {
+            client.close();
         }
     }
 

Reply via email to