This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push:
new cf0a9477510 Fix OAuth2 test flakiness caused by Response and WebClient
resource leaks (#2969)
cf0a9477510 is described below
commit cf0a947751006797e0b003c83687352816736107
Author: Guillaume Nodet <[email protected]>
AuthorDate: Thu May 7 11:41:36 2026 +0200
Fix OAuth2 test flakiness caused by Response and WebClient resource leaks
(#2969)
Close Response objects in OAuth2TestUtils.getLocation() methods using
try-finally blocks to prevent connection pool exhaustion under CI load.
Close WebClient instances in AuthorizationGrantTest and PublicClientTest
after use to release HTTP connections.
Co-authored-by: Claude Opus 4.6 <[email protected]>
---
.../security/oauth2/common/OAuth2TestUtils.java | 15 ++++++++---
.../oauth2/grants/AuthorizationGrantTest.java | 29 ++++++++++++++++++++--
.../security/oauth2/grants/PublicClientTest.java | 10 ++++++++
3 files changed, 49 insertions(+), 5 deletions(-)
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index ca99309632a..4f15cc0fafc 100644
---
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -125,8 +125,12 @@ public final class OAuth2TestUtils {
client.path(parameters.getPath());
Response response = client.get();
-
- OAuthAuthorizationData authzData =
response.readEntity(OAuthAuthorizationData.class);
+ OAuthAuthorizationData authzData;
+ try {
+ authzData = response.readEntity(OAuthAuthorizationData.class);
+ } finally {
+ response.close();
+ }
return getLocation(client, authzData, parameters.getState());
}
@@ -159,7 +163,12 @@ public final class OAuth2TestUtils {
form.param("oauthDecision", "allow");
Response response = client.post(form);
- String location = response.getHeaderString("Location");
+ String location;
+ try {
+ location = response.getHeaderString("Location");
+ } finally {
+ response.close();
+ }
if (state != null) {
Assert.assertTrue(location.contains("state=" + state));
}
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index 30faa1ba16d..e1b94ff43c1 100644
---
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -129,6 +129,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
// Get Authorization Code
String code = OAuth2TestUtils.getAuthorizationCode(client);
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
@@ -136,6 +137,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
ClientAccessToken accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
assertNotNull(accessToken.getTokenKey());
+ client.close();
if (isAccessTokenInJWTFormat()) {
validateAccessToken(accessToken.getTokenKey());
@@ -168,6 +170,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
String location = OAuth2TestUtils.getLocation(client, authzData, null);
String code = OAuth2TestUtils.getSubstring(location, "code");
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
@@ -175,6 +178,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
ClientAccessToken accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
assertNotNull(accessToken.getTokenKey());
+ client.close();
if (isAccessTokenInJWTFormat()) {
validateAccessToken(accessToken.getTokenKey());
@@ -193,6 +197,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
// Get Authorization Code
String code = OAuth2TestUtils.getAuthorizationCode(client);
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
@@ -217,6 +222,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
accessToken = client.post(form, ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
+ client.close();
if (isAccessTokenInJWTFormat()) {
validateAccessToken(accessToken.getTokenKey());
@@ -235,6 +241,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
// Get Authorization Code
String code = OAuth2TestUtils.getAuthorizationCode(client,
"read_balance");
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
@@ -261,6 +268,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
assertEquals("read_balance", accessToken.getApprovedScope());
+ client.close();
if (isAccessTokenInJWTFormat()) {
validateAccessToken(accessToken.getTokenKey());
@@ -280,6 +288,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
// Get Authorization Code
String code = OAuth2TestUtils.getAuthorizationCode(client,
"read_balance");
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
@@ -305,6 +314,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
// assertEquals("read_balance", accessToken.getApprovedScope());
+ client.close();
if (isAccessTokenInJWTFormat()) {
validateAccessToken(accessToken.getTokenKey());
@@ -323,6 +333,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
// Get Authorization Code
String code = OAuth2TestUtils.getAuthorizationCode(client,
"read_balance");
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
@@ -330,6 +341,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
ClientAccessToken accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
assertNotNull(accessToken.getTokenKey());
+ client.close();
}
@org.junit.Test
@@ -346,6 +358,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
String code = OAuth2TestUtils.getAuthorizationCode(client,
"read_balance", "consumer-id",
null, state);
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
@@ -353,6 +366,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
ClientAccessToken accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
assertNotNull(accessToken.getTokenKey());
+ client.close();
}
@org.junit.Test
@@ -367,6 +381,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
// Get Authorization Code
String code = OAuth2TestUtils.getAuthorizationCode(client, null,
"consumer-id-aud");
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(address, "consumer-id-aud",
"this-is-a-secret", null);
@@ -386,6 +401,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code,
"consumer-id-aud", audience);
assertNotNull(accessToken.getTokenKey());
+ client.close();
}
@org.junit.Test
@@ -417,10 +433,15 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
form.param("oauthDecision", "allow");
Response response = client.post(form);
-
- String location = response.getHeaderString("Location");
+ String location;
+ try {
+ location = response.getHeaderString("Location");
+ } finally {
+ response.close();
+ }
String accessToken = OAuth2TestUtils.getSubstring(location,
"access_token");
assertNotNull(accessToken);
+ client.close();
if (isAccessTokenInJWTFormat()) {
validateAccessToken(accessToken);
@@ -445,6 +466,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
ClientAccessToken accessToken = client.post(form,
ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
+ client.close();
if (isAccessTokenInJWTFormat()) {
validateAccessToken(accessToken.getTokenKey());
@@ -467,6 +489,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
ClientAccessToken accessToken = client.post(form,
ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
+ client.close();
if (isAccessTokenInJWTFormat()) {
validateAccessToken(accessToken.getTokenKey());
@@ -494,6 +517,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
ClientAccessToken accessToken = client.post(form,
ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
+ client.close();
if (isAccessTokenInJWTFormat()) {
validateAccessToken(accessToken.getTokenKey());
@@ -522,6 +546,7 @@ public class AuthorizationGrantTest extends
AbstractBusClientServerTestBase {
ClientAccessToken accessToken = client.post(form,
ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
+ client.close();
if (isAccessTokenInJWTFormat()) {
validateAccessToken(accessToken.getTokenKey());
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
index c1d4d1dfbf0..a5f758b0c4d 100644
---
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
@@ -112,6 +112,8 @@ public class PublicClientTest extends
AbstractClientServerTestBase {
fail("Failure expected on a missing (registered) redirectURI");
} catch (Exception ex) {
// expected
+ } finally {
+ client.close();
}
}
@@ -167,12 +169,14 @@ public class PublicClientTest extends
AbstractClientServerTestBase {
String location = OAuth2TestUtils.getLocation(client, parameters);
String code = OAuth2TestUtils.getSubstring(location, "code");
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(tokenServiceAddress, busFile.toString());
ClientAccessToken accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code,
"consumer-id", null, codeVerifier);
assertNotNull(accessToken.getTokenKey());
+ client.close();
}
private void testPKCEMissingVerifier(CodeVerifierTransformer transformer) {
@@ -197,6 +201,7 @@ public class PublicClientTest extends
AbstractClientServerTestBase {
String location = OAuth2TestUtils.getLocation(client, parameters);
String code = OAuth2TestUtils.getSubstring(location, "code");
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(tokenServiceAddress, busFile.toString());
@@ -205,6 +210,8 @@ public class PublicClientTest extends
AbstractClientServerTestBase {
fail("Failure expected on a missing verifier");
} catch (OAuthServiceException ex) {
assertFalse(ex.getError().getError().isEmpty());
+ } finally {
+ client.close();
}
}
@@ -230,6 +237,7 @@ public class PublicClientTest extends
AbstractClientServerTestBase {
String location = OAuth2TestUtils.getLocation(client, parameters);
String code = OAuth2TestUtils.getSubstring(location, "code");
assertNotNull(code);
+ client.close();
// Now get the access token
client = WebClient.create(tokenServiceAddress, busFile.toString());
@@ -240,6 +248,8 @@ public class PublicClientTest extends
AbstractClientServerTestBase {
fail("Failure expected on a different verifier");
} catch (OAuthServiceException ex) {
assertFalse(ex.getError().getError().isEmpty());
+ } finally {
+ client.close();
}
}