Request to expose HttpClient config parameters in ScriptCondition
- Recreation Steps
1. login to admin console
2. select realm -> "Authorization" -> "Policy Sets" -> iPlanetAMWebAgentService -> "+Add a Policy"
3. create a policy called "TestPolicy001" and add environment condition type "Script"
Script Name "Scripted Policy Condition"
4. fill in other config parameters and click "Save Changes"
5. select realm -> "Scripts" -> "Scripted Policy Condition"
notice script is using httpClient variable passed from ScriptCondition.
ScriptingGuiceModule binds CloseableHttpClientProvider without any options so this provider is using all default such as pool size of 64, soTimeout 10 sec etc.
This causes issues on environment where backend application sits behind Firewall etc and stale connections get disconnected. It will be nice if ScriptCondition exposed parameters where timeout, pool size can be configurable.
The options for customer is to either implement custom Policy Condition class which extends/replace ScriptCondition
And call Apache's HTTP core classes directly or use ForgeRock CHF library in groovy script "Scripted Policy Condition" under "realm"-> [Scripts] menu and send request rather than using httpClient variable passed to the script. :
With the above script, you need to set the following class in whitelist.