Package org.mockserver.authentication
Class BoundedResourceRetriever
java.lang.Object
org.mockserver.authentication.BoundedResourceRetriever
Bounded
ResourceRetriever for control-plane JWK-set and OIDC
discovery-document fetches.
Nimbus's default RemoteJWKSet retriever uses an INFINITE connect/read timeout and NO
response size limit. These fetches happen on (or feed) the control-plane auth path, so an
unreachable or hostile JWKS/discovery endpoint could hang the fetch indefinitely or stream an
unbounded body — a DoS / SSRF-amplification vector. This retriever applies finite connect/read
timeouts and a sane response size cap so a slow or oversized endpoint fails fast instead.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final intConnect timeout in milliseconds for control-plane JWKS / OIDC discovery fetches.static final intRead timeout in milliseconds for control-plane JWKS / OIDC discovery fetches.static final intMaximum response body size in bytes; a real JWK set / discovery document is a few KB. -
Method Summary
Modifier and TypeMethodDescriptionstatic com.nimbusds.jose.util.DefaultResourceRetrievercreate()
-
Field Details
-
CONNECT_TIMEOUT_MILLIS
public static final int CONNECT_TIMEOUT_MILLISConnect timeout in milliseconds for control-plane JWKS / OIDC discovery fetches.- See Also:
-
READ_TIMEOUT_MILLIS
public static final int READ_TIMEOUT_MILLISRead timeout in milliseconds for control-plane JWKS / OIDC discovery fetches.- See Also:
-
SIZE_LIMIT_BYTES
public static final int SIZE_LIMIT_BYTESMaximum response body size in bytes; a real JWK set / discovery document is a few KB.- See Also:
-
-
Method Details
-
create
public static com.nimbusds.jose.util.DefaultResourceRetriever create()
-