HttpComponentsClientHttpRequestFactory does not set connection request timeout on request config [SPR-12166]

[spring-projects-issues]

Brandon Zeeb opened SPR-12166 and commented

The class HttpComponentsClientHttpRequestFactory in the createRequest method attempts to create a custom RequestConfig if one is not provided by the createHttpContext (by way of HttpContext). This custom RequestConfig is created with a connect timeout, a socket timeout, but not a timeout value for the connection pool. In a production application, this opens up the possibility for the clients of RestTemplate to hang indefinitely waiting for a connection from the connection pool if all connection leases from the pool are currently occupied. If a value is not provided for the connection request timeout value of RequestConfig, HttpClient will wait infinitely long for a connection from the connection pool.

The code in question is:

if (this.socketTimeout > 0 || this.connectTimeout > 0) {
    config = RequestConfig.custom()
                     .setConnectTimeout(this.connectTimeout)
                     .setSocketTimeout(this.socketTimeout)
                     .build();
}

When it should perhaps be:

if (this.socketTimeout > 0 || this.connectTimeout > 0) {
    config = RequestConfig.custom()
                     .setConnectTimeout(this.connectTimeout)
                     .setSocketTimeout(this.socketTimeout)
                     .setConnectionRequestTimeout(this.connectionRequestTimeout)
                     .build();
}

Aside: I'm not sure if the if statement is necessary, HttpClient might already sanitize the values, I leave this to you to decide. I have initially made this a Major bug given the behavior that can manifest in an application (particularly under heavy load), also leave this to you do properly prioritize.

I also understand that RequestConfig contains many attributes, and perhaps not all of them should be mirrored in the HttpComponentsClientHttpRequestFactory. To this end, it's possible that perhaps a client should be forced to always supply one for this class, and thereby this is not a thing Spring Framework needs to solve.

Let me know your thoughts, and thanks in advance.

---

Affects: 4.1 GA

Issue Links:

• Configured RequestConfig in HttpClient gets overwritten by default [SPR-12540] #17144 Configured RequestConfig in HttpClient gets overwritten by default

[spring-projects-issues]

Stéphane Nicoll commented

This is a very good point indeed. The real problem is that the factory used to configure the HttpClient directly so a good alternative if you wanted to configure more settings was to provide the HttpClient yourself. It turns out that as from HttpComponents 4.3, these customizations have been refactored to a RequestConfig object and we no longer can configure an HttpClient instance directly.

I think that this issue is actually a duplicate of #17144

There are three solutions on the table right now:

• When an HttpClient is provided, the customizations of the factory are ignored (either by default or when an additional flag is provided)
• We try to merge the default settings of the HttpClient with the customizations of the factory
• The user has to provide the defaultRequestConfig as an extra parameter and when it does that we merge the content with our customizations

The second solution seems quite nice to me but unfortunately the public API of HttpComponents does not provide such hook AFAIK. The last one would do that same but isn't very XML friendly

Can you confirm this issue is a duplicate of #17144? Thanks and sorry for the late reply!

[spring-projects-issues]

Stéphane Nicoll commented

Actually, discussing this further with Rossen Stoyanchev made me realize that it would be nice to be able to customize that in any case so we're going to do that. Thanks!

[spring-projects-issues]

Stéphane Nicoll commented

The connectionRequestTimeout attribute has been added. Please follow #17144 for the discussion on how we can better use the default settings of the client.

[spring-projects-issues]

Brandon Zeeb commented

Thanks!