Initial port of the authentication code from Commons HttpClient 3.x

git-svn-id: https://svn.apache.org/repos/asf/jakarta/httpcomponents/httpclient/trunk@538647 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2007-05-16 16:41:42 +00:00
parent c82115dd8c
commit 829caee0ec
14 changed files with 910 additions and 114 deletions

View File

@ -0,0 +1,68 @@
/*
* $HeadURL$
* $Revision$
* $Date$
*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.client;
import java.util.Map;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.protocol.HttpContext;
/**
* @author <a href="mailto:oleg at ural.ru">Oleg Kalnichevski</a>
*/
public interface AuthenticationHandler {
boolean isTargetAuthenticationRequested(
HttpResponse response,
HttpContext context);
boolean isProxyAuthenticationRequested(
HttpResponse response,
HttpContext context);
Map getTargetChallenges(
HttpResponse response,
HttpContext context) throws MalformedChallengeException;
Map getProxyChallenges(
HttpResponse response,
HttpContext context) throws MalformedChallengeException;
AuthScheme selectScheme(
Map challenges,
HttpResponse response,
HttpContext context) throws AuthenticationException;
}

View File

@ -68,12 +68,6 @@ public class HttpState {
*/
private HashMap credMap = new HashMap();
/**
* Map of {@link Credentials proxy credentials} by realm that this
* HTTP state contains
*/
private HashMap proxyCred = new HashMap();
/**
* Array of {@link Cookie cookies} that this HTTP state contains.
*/
@ -234,45 +228,6 @@ public class HttpState {
return matchCredentials(this.credMap, authscope);
}
/**
* Sets the {@link Credentials proxy credentials} for the given authentication
* realm. Any previous credentials for the given realm will be overwritten.
*
* @param authscope the {@link AuthScope authentication scope}
* @param credentials the authentication {@link Credentials credentials}
* for the given realm.
*
* @see #getProxyCredentials(AuthScope)
* @see #setCredentials(AuthScope, Credentials)
*
* @since 3.0
*/
public synchronized void setProxyCredentials(
final AuthScope authscope,
final Credentials credentials) {
if (authscope == null) {
throw new IllegalArgumentException("Authentication scope may not be null");
}
proxyCred.put(authscope, credentials);
}
/**
* Get the {@link Credentials proxy credentials} for the given authentication scope.
*
* @param authscope the {@link AuthScope authentication scope}
* @return the credentials
*
* @see #setProxyCredentials(AuthScope, Credentials)
*
* @since 3.0
*/
public synchronized Credentials getProxyCredentials(final AuthScope authscope) {
if (authscope == null) {
throw new IllegalArgumentException("Authentication scope may not be null");
}
return matchCredentials(this.proxyCred, authscope);
}
/**
* Returns a string representation of this HTTP state.
*
@ -282,7 +237,6 @@ public class HttpState {
*/
public synchronized String toString() {
StringBuffer buffer = new StringBuffer();
buffer.append(proxyCred);
buffer.append(credMap);
buffer.append(cookies);
return buffer.toString();
@ -295,13 +249,6 @@ public class HttpState {
this.credMap.clear();
}
/**
* Clears all proxy credentials.
*/
public synchronized void clearProxyCredentials() {
this.proxyCred.clear();
}
/**
* Clears all cookies.
*/
@ -315,7 +262,6 @@ public class HttpState {
public synchronized void clear() {
clearCookies();
clearCredentials();
clearProxyCredentials();
}
}

View File

@ -61,7 +61,7 @@ public interface RedirectHandler {
* @return <code>true</code> if the request should be redirected, <code>false</code>
* otherwise
*/
boolean isRedirectNeeded(HttpResponse response, HttpContext context);
boolean isRedirectRequested(HttpResponse response, HttpContext context);
/**
* Determines the location request is expected to be redirected to

View File

@ -112,6 +112,22 @@ public class HttpClientParams {
*/
public static final String PREEMPTIVE_AUTHENTICATION = "http.protocol.authentication-preemptive";
/**
* The key used to look up the list of IDs of supported {@link AuthScheme
* authentication schemes} in their order of preference. The scheme IDs are
* stored in a {@link java.util.Collection} as {@link java.lang.String}s.
*
* <p>
* If several schemes are returned in the <tt>WWW-Authenticate</tt>
* or <tt>Proxy-Authenticate</tt> header, this parameter defines which
* {@link AuthScheme authentication schemes} takes precedence over others.
* The first item in the collection represents the most preferred
* {@link AuthScheme authentication scheme}, the last item represents the ID
* of the least preferred one.
* </p>
*/
public static final String AUTH_SCHEME_PRIORITY = "http.protocol-auth-scheme-priority";
/**
* Defines the name of the cookie specification to be used for HTTP state management.
* <p>
@ -120,6 +136,14 @@ public class HttpClientParams {
*/
public static final String COOKIE_POLICY = "http.protocol.cookie-policy";
/**
* Defines the virtual host name.
* <p>
* This parameter expects a value of type {@link org.apache.http.HttpHost}.
* </p>
*/
public static final String VIRTUAL_HOST = "http.virtual-host";
/**
* Defines the request headers to be sent per default with each request.
* <p>
@ -133,7 +157,7 @@ public class HttpClientParams {
* Defines the default host. The default value will be used if the target host is
* not explicitly specified in the request URI.
* <p>
* This parameter expects a value of type {@link HttpHost}.
* This parameter expects a value of type {@link org.apache.http.HttpHost}.
* </p>
*/
public static final String DEFAULT_HOST = "http.default-host";
@ -142,7 +166,7 @@ public class HttpClientParams {
* Defines the default proxy. The default value will be used if the proxy
* information is not explicitly specified in the request route.
* <p>
* This parameter expects a value of type {@link HttpHost}.
* This parameter expects a value of type {@link org.apache.http.HttpHost}.
* </p>
*/
public static final String DEFAULT_PROXY = "http.default-proxy";
@ -179,6 +203,34 @@ public class HttpClientParams {
params.setLongParameter(CONNECTION_MANAGER_TIMEOUT, timeout);
}
public static boolean isRedirecting(final HttpParams params) {
if (params == null) {
throw new IllegalArgumentException("HTTP parameters may not be null");
}
return params.getBooleanParameter(HANDLE_REDIRECTS, true);
}
public static void setRedirecting(final HttpParams params, boolean value) {
if (params == null) {
throw new IllegalArgumentException("HTTP parameters may not be null");
}
params.setBooleanParameter(HANDLE_REDIRECTS, value);
}
public static boolean isAuthenticating(final HttpParams params) {
if (params == null) {
throw new IllegalArgumentException("HTTP parameters may not be null");
}
return params.getBooleanParameter(HANDLE_AUTHENTICATION, true);
}
public static void setAuthenticating(final HttpParams params, boolean value) {
if (params == null) {
throw new IllegalArgumentException("HTTP parameters may not be null");
}
params.setBooleanParameter(HANDLE_AUTHENTICATION, value);
}
/**
* Returns <tt>true</tt> if authentication should be attempted preemptively,
* <tt>false</tt> otherwise.

View File

@ -42,6 +42,8 @@ public class HttpClientContext extends HttpExecutionContext {
public static final String HTTP_STATE = "http.state";
public static final String COOKIE_SPEC = "http.cookie-spec";
public static final String COOKIE_ORIGIN = "http.cookie-origin";
public static final String TARGET_AUTH_STATE = "http.auth.target-scope";
public static final String PROXY_AUTH_STATE = "http.auth.proxy-scope";
public HttpClientContext(final HttpContext parentContext) {
super(parentContext);

View File

@ -0,0 +1,104 @@
/*
* $HeadURL$
* $Revision$
* $Date$
*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.client.protocol;
import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AUTH;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
import org.apache.http.impl.client.AuthState;
import org.apache.http.protocol.HttpContext;
/**
* @author <a href="mailto:oleg at ural.ru">Oleg Kalnichevski</a>
*
* @version $Revision$
*
* @since 4.0
*/
public class RequestProxyAuthentication implements HttpRequestInterceptor {
private static final Log LOG = LogFactory.getLog(RequestProxyAuthentication.class);
public RequestProxyAuthentication() {
super();
}
public void process(final HttpRequest request, final HttpContext context)
throws HttpException, IOException {
if (request == null) {
throw new IllegalArgumentException("HTTP request may not be null");
}
if (context == null) {
throw new IllegalArgumentException("HTTP context may not be null");
}
if (request.containsHeader(AUTH.PROXY_AUTH_RESP)) {
return;
}
// Obtain authentication state
AuthState authState = (AuthState) context.getAttribute(
HttpClientContext.PROXY_AUTH_STATE);
if (authState == null) {
return;
}
AuthScheme authScheme = authState.getAuthScheme();
if (authScheme == null) {
return;
}
Credentials creds = authState.getCredentials();
if (creds == null) {
LOG.debug("User credentials not available");
return;
}
if (authState.getAuthScope() != null || !authScheme.isConnectionBased()) {
try {
request.addHeader(authScheme.authenticate(creds, request));
} catch (AuthenticationException ex) {
if (LOG.isErrorEnabled()) {
LOG.error("Proxy authentication error: " + ex.getMessage());
}
}
}
}
}

View File

@ -0,0 +1,105 @@
/*
* $HeadURL$
* $Revision$
* $Date$
*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.client.protocol;
import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AUTH;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
import org.apache.http.impl.client.AuthState;
import org.apache.http.protocol.HttpContext;
/**
* @author <a href="mailto:oleg at ural.ru">Oleg Kalnichevski</a>
*
* @version $Revision$
*
* @since 4.0
*/
public class RequestTargetAuthentication implements HttpRequestInterceptor {
private static final Log LOG = LogFactory.getLog(RequestTargetAuthentication.class);
public RequestTargetAuthentication() {
super();
}
public void process(final HttpRequest request, final HttpContext context)
throws HttpException, IOException {
if (request == null) {
throw new IllegalArgumentException("HTTP request may not be null");
}
if (context == null) {
throw new IllegalArgumentException("HTTP context may not be null");
}
if (request.containsHeader(AUTH.WWW_AUTH_RESP)) {
return;
}
// Obtain authentication state
AuthState authState = (AuthState) context.getAttribute(
HttpClientContext.TARGET_AUTH_STATE);
if (authState == null) {
return;
}
AuthScheme authScheme = authState.getAuthScheme();
if (authScheme == null) {
return;
}
Credentials creds = authState.getCredentials();
if (creds == null) {
LOG.debug("User credentials not available");
return;
}
if (authState.getAuthScope() != null || !authScheme.isConnectionBased()) {
try {
request.addHeader(authScheme.authenticate(creds, request));
} catch (AuthenticationException ex) {
if (LOG.isErrorEnabled()) {
LOG.error("Authentication error: " + ex.getMessage());
}
}
}
}
}

View File

@ -43,6 +43,7 @@ import org.apache.http.HttpRequestInterceptor;
import org.apache.http.HttpResponse;
import org.apache.http.HttpResponseInterceptor;
import org.apache.http.auth.AuthSchemeRegistry;
import org.apache.http.client.AuthenticationHandler;
import org.apache.http.client.ClientRequestDirector;
import org.apache.http.client.HttpClient;
import org.apache.http.client.HttpRequestRetryHandler;
@ -103,6 +104,9 @@ public abstract class AbstractHttpClient
/** The redirect handler. */
private RedirectHandler redirectHandler;
/** The authentication handler. */
private AuthenticationHandler authHandler;
/** The default HTTP state. */
private HttpState defaultState;
@ -147,6 +151,9 @@ public abstract class AbstractHttpClient
protected abstract RedirectHandler createRedirectHandler();
protected abstract AuthenticationHandler createAuthenticationHandler();
protected abstract HttpState createHttpState();
@ -251,6 +258,19 @@ public abstract class AbstractHttpClient
}
public synchronized final AuthenticationHandler getAuthenticationHandler() {
if (authHandler == null) {
authHandler = createAuthenticationHandler();
}
return authHandler;
}
public synchronized void setAuthenticationHandler(final AuthenticationHandler authHandler) {
this.authHandler = authHandler;
}
public synchronized final HttpState getState() {
if (defaultState == null) {
defaultState = createHttpState();
@ -418,6 +438,8 @@ public abstract class AbstractHttpClient
getHttpProcessor().copy(),
getHttpRequestRetryHandler(),
getRedirectHandler(),
getAuthenticationHandler(),
getState(),
getParams());
}

View File

@ -0,0 +1,145 @@
/*
* $HeadURL$
* $Revision$
* $Date$
*
* ====================================================================
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.impl.client;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.util.CharArrayBuffer;
/**
* This class provides detailed information about the state of the
* authentication process.
*
* @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
* @since 3.0
*/
public class AuthState {
/** Actual authentication scheme */
private AuthScheme authScheme = null;
/** Actual authentication scope */
private AuthScope authScope = null;
/** Credentials selected for authentication */
private Credentials credentials = null;
/**
* Default constructor.
*
*/
public AuthState() {
super();
}
/**
* Invalidates the authentication state by resetting its parameters.
*/
public void invalidate() {
this.authScheme = null;
this.authScope = null;
this.credentials = null;
}
/**
* Assigns the given {@link AuthScheme authentication scheme}.
*
* @param authScheme the {@link AuthScheme authentication scheme}
*/
public void setAuthScheme(final AuthScheme authScheme) {
if (authScheme == null) {
invalidate();
return;
}
this.authScheme = authScheme;
}
/**
* Returns the {@link AuthScheme authentication scheme}.
*
* @return {@link AuthScheme authentication scheme}
*/
public AuthScheme getAuthScheme() {
return this.authScheme;
}
/**
* Returns user {@link Credentials} selected for authentication if available
*
* @return user credentials if available, <code>null</code otherwise
*/
public Credentials getCredentials() {
return this.credentials;
}
/**
* Sets user {@link Credentials} to be used for authentication
*
* @param credentials User credentials
*/
public void setCredentials(final Credentials credentials) {
this.credentials = credentials;
}
/**
* Returns actual {@link AuthScope} if available
*
* @return actual authentication scope if available, <code>null</code otherwise
*/
public AuthScope getAuthScope() {
return this.authScope;
}
/**
* Sets actual {@link AuthScope}.
*
* @param authScope Authentication scope
*/
public void setAuthScope(final AuthScope authScope) {
this.authScope = authScope;
}
public String toString() {
CharArrayBuffer buffer = new CharArrayBuffer(64);
buffer.append("auth scope [");
buffer.append(this.authScope);
buffer.append("]; credentials set [");
buffer.append(this.credentials != null ? "true" : "false");
buffer.append("]");
return buffer.toString();
}
}

View File

@ -0,0 +1,201 @@
/*
* $HeadURL$
* $Revision$
* $Date$
*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.impl.client;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.auth.AUTH;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthSchemeRegistry;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.client.AuthenticationHandler;
import org.apache.http.client.params.HttpClientParams;
import org.apache.http.message.BufferedHeader;
import org.apache.http.params.HttpParams;
import org.apache.http.protocol.HTTP;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.CharArrayBuffer;
/**
* @author <a href="mailto:oleg at ural.ru">Oleg Kalnichevski</a>
*/
public class DefaultAuthenticationHandler implements AuthenticationHandler {
private static final Log LOG = LogFactory.getLog(DefaultAuthenticationHandler.class);
private static List DEFAULT_SCHEME_PRIORITY = Arrays.asList(new String[] {
"digest",
"basic"
});
private final AuthSchemeRegistry registry;
public DefaultAuthenticationHandler(final AuthSchemeRegistry registry) {
super();
if (registry == null) {
throw new IllegalArgumentException("AuthScheme registry may not be null");
}
this.registry = registry;
}
public boolean isTargetAuthenticationRequested(
final HttpResponse response,
final HttpContext context) {
if (response == null) {
throw new IllegalArgumentException("HTTP response may not be null");
}
int status = response.getStatusLine().getStatusCode();
return status == HttpStatus.SC_UNAUTHORIZED;
}
public boolean isProxyAuthenticationRequested(
final HttpResponse response,
final HttpContext context) {
if (response == null) {
throw new IllegalArgumentException("HTTP response may not be null");
}
int status = response.getStatusLine().getStatusCode();
return status == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED;
}
protected Map parseChallenges(
final Header[] headers) throws MalformedChallengeException {
Map map = new HashMap(headers.length);
for (int i = 0; i < headers.length; i++) {
Header header = headers[i];
CharArrayBuffer buffer;
int pos;
if (header instanceof BufferedHeader) {
buffer = ((BufferedHeader) header).getBuffer();
pos = ((BufferedHeader) header).getValuePos();
} else {
String s = header.getValue();
if (s == null) {
throw new MalformedChallengeException("Header value is null");
}
buffer = new CharArrayBuffer(s.length());
buffer.append(s);
pos = 0;
}
while (pos < buffer.length() && HTTP.isWhitespace(buffer.charAt(pos))) {
pos++;
}
int beginIndex = pos;
while (pos < buffer.length() && !HTTP.isWhitespace(buffer.charAt(pos))) {
pos++;
}
int endIndex = pos;
String s = buffer.substring(beginIndex, endIndex);
map.put(s.toLowerCase(), header);
}
return map;
}
public Map getTargetChallenges(
final HttpResponse response,
final HttpContext context) throws MalformedChallengeException {
if (response == null) {
throw new IllegalArgumentException("HTTP response may not be null");
}
Header[] headers = response.getHeaders(AUTH.WWW_AUTH);
return parseChallenges(headers);
}
public Map getProxyChallenges(
final HttpResponse response,
final HttpContext context) throws MalformedChallengeException {
if (response == null) {
throw new IllegalArgumentException("HTTP response may not be null");
}
Header[] headers = response.getHeaders(AUTH.PROXY_AUTH);
return parseChallenges(headers);
}
public AuthScheme selectScheme(
final Map challenges,
final HttpResponse response,
final HttpContext context) throws AuthenticationException {
HttpParams params = response.getParams();
Collection authPrefs = (Collection) params.getParameter(
HttpClientParams.AUTH_SCHEME_PRIORITY);
if (authPrefs == null || authPrefs.isEmpty()) {
authPrefs = DEFAULT_SCHEME_PRIORITY;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Supported authentication schemes in the order of preference: "
+ authPrefs);
}
AuthScheme authScheme = null;
for (Iterator it = authPrefs.iterator(); it.hasNext(); ) {
String id = (String) it.next();
Header challenge = (Header) challenges.get(id.toLowerCase());
if (challenge != null) {
if (LOG.isDebugEnabled()) {
LOG.debug(id + " authentication scheme selected");
}
try {
authScheme = this.registry.getAuthScheme(id, params);
} catch (IllegalStateException e) {
throw new AuthenticationException(e.getMessage());
}
break;
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Challenge for " + id + " authentication scheme not available");
// Try again
}
}
}
if (authScheme == null) {
// If none selected, something is wrong
throw new AuthenticationException(
"Unable to respond to any of these challenges: "
+ challenges);
}
return authScheme;
}
}

View File

@ -37,6 +37,7 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -50,14 +51,22 @@ import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.HttpVersion;
import org.apache.http.ProtocolException;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.client.AuthenticationHandler;
import org.apache.http.client.ClientRequestDirector;
import org.apache.http.client.HttpRequestRetryHandler;
import org.apache.http.client.HttpState;
import org.apache.http.client.RedirectException;
import org.apache.http.client.RedirectHandler;
import org.apache.http.client.RoutedRequest;
import org.apache.http.client.methods.AbortableHttpRequest;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.params.HttpClientParams;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.conn.BasicManagedEntity;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.ConnectionPoolTimeoutException;
@ -113,6 +122,12 @@ public class DefaultClientRequestDirector
/** The redirect handler. */
protected final RedirectHandler redirectHandler;
/** The authentication handler. */
private final AuthenticationHandler authHandler;
/** The HTTP state */
private final HttpState state;
/** The HTTP parameters. */
protected final HttpParams params;
@ -123,12 +138,18 @@ public class DefaultClientRequestDirector
private int maxRedirects;
private final AuthState targetAuthState;
private final AuthState proxyAuthState;
public DefaultClientRequestDirector(
final ClientConnectionManager conman,
final ConnectionReuseStrategy reustrat,
final HttpProcessor httpProcessor,
final HttpRequestRetryHandler retryHandler,
final RedirectHandler redirectHandler,
final AuthenticationHandler authHandler,
final HttpState state,
final HttpParams params) {
if (conman == null) {
@ -146,6 +167,12 @@ public class DefaultClientRequestDirector
if (redirectHandler == null) {
throw new IllegalArgumentException("Redirect handler may not be null");
}
if (authHandler == null) {
throw new IllegalArgumentException("Authentication handler may not be null");
}
if (state == null) {
throw new IllegalArgumentException("HTTP state may not be null");
}
if (params == null) {
throw new IllegalArgumentException("HTTP parameters may not be null");
}
@ -154,6 +181,8 @@ public class DefaultClientRequestDirector
this.httpProcessor = httpProcessor;
this.retryHandler = retryHandler;
this.redirectHandler = redirectHandler;
this.authHandler = authHandler;
this.state = state;
this.params = params;
this.requestExec = new HttpRequestExecutor(params);
@ -161,9 +190,8 @@ public class DefaultClientRequestDirector
this.redirectCount = 0;
this.maxRedirects = this.params.getIntParameter(HttpClientParams.MAX_REDIRECTS, 100);
//@@@ authentication?
this.targetAuthState = new AuthState();
this.proxyAuthState = new AuthState();
} // constructor
@ -254,12 +282,8 @@ public class DefaultClientRequestDirector
try {
while (!done) {
RequestWrapper request = wrapRequest(roureq.getRequest());
HttpRoute route = roureq.getRoute();
// Re-write request URI if needed
rewriteRequestURI(request, route);
if (managedConn == null || !managedConn.isOpen()) {
managedConn = allocateConnection(route);
}
@ -273,21 +297,6 @@ public class DefaultClientRequestDirector
break;
}
context.setAttribute(HttpExecutionContext.HTTP_TARGET_HOST,
roureq.getRoute().getTargetHost());
context.setAttribute(HttpExecutionContext.HTTP_CONNECTION,
managedConn);
requestExec.preProcess(request, httpProcessor, context);
//@@@ handle authentication here or via interceptor?
if (request instanceof AbortableHttpRequest) {
((AbortableHttpRequest) request).setReleaseTrigger(managedConn);
}
context.setAttribute(HttpExecutionContext.HTTP_REQUEST,
request);
if (HttpConnectionParams.isStaleCheckingEnabled(params)) {
// validate connection
LOG.debug("Stale connection check");
@ -298,6 +307,43 @@ public class DefaultClientRequestDirector
}
}
// Wrap the original request
RequestWrapper request = wrapRequest(roureq.getRequest());
// Re-write request URI if needed
rewriteRequestURI(request, route);
// Use virtual host if set
HttpHost target = (HttpHost) request.getParams().getParameter(
HttpClientParams.VIRTUAL_HOST);
if (target == null) {
target = route.getTargetHost();
}
HttpHost proxy = route.getProxyHost();
// Populate the execution context
context.setAttribute(HttpExecutionContext.HTTP_TARGET_HOST,
target);
context.setAttribute(HttpExecutionContext.HTTP_PROXY_HOST,
proxy);
context.setAttribute(HttpExecutionContext.HTTP_CONNECTION,
managedConn);
context.setAttribute(HttpClientContext.TARGET_AUTH_STATE,
targetAuthState);
context.setAttribute(HttpClientContext.PROXY_AUTH_STATE,
proxyAuthState);
requestExec.preProcess(request, httpProcessor, context);
if (orig instanceof AbortableHttpRequest) {
((AbortableHttpRequest) orig).setReleaseTrigger(managedConn);
}
context.setAttribute(HttpExecutionContext.HTTP_REQUEST,
request);
execCount++;
try {
if (LOG.isDebugEnabled()) {
@ -330,6 +376,11 @@ public class DefaultClientRequestDirector
if (followup == null) {
done = true;
} else {
// Make sure the response body is fully consumed, if present
HttpEntity entity = response.getEntity();
if (entity != null) {
entity.consumeContent();
}
// check if we can use the same connection for the followup
if ((managedConn != null) &&
!followup.getRoute().equals(roureq.getRoute())) {
@ -556,9 +607,14 @@ public class DefaultClientRequestDirector
HttpContext context)
throws HttpException, IOException {
HttpRoute route = roureq.getRoute();
HttpHost target = route.getTargetHost();
HttpHost proxy = route.getProxyHost();
InetAddress localAddress = route.getLocalAddress();
HttpParams params = request.getParams();
if (params.getBooleanParameter(HttpClientParams.HANDLE_REDIRECTS, true) &&
this.redirectHandler.isRedirectNeeded(response, context)) {
if (HttpClientParams.isRedirecting(params) &&
this.redirectHandler.isRedirectRequested(response, context)) {
if (redirectCount >= maxRedirects) {
throw new RedirectException("Maximum redirects ("
@ -576,8 +632,6 @@ public class DefaultClientRequestDirector
return null;
}
HttpRoute oldRoute = roureq.getRoute();
HttpHost newTarget = new HttpHost(
uri.getHost(),
uri.getPort(),
@ -586,9 +640,6 @@ public class DefaultClientRequestDirector
Scheme schm = connManager.getSchemeRegistry().
getScheme(newTarget.getSchemeName());
InetAddress localAddress = oldRoute.getLocalAddress();
HttpHost proxy = oldRoute.getProxyHost();
HttpRoute newRoute = new HttpRoute(
newTarget,
localAddress,
@ -597,12 +648,6 @@ public class DefaultClientRequestDirector
(proxy != null),
(proxy != null));
// Make sure redirect response body is fully consumed, if present
HttpEntity entity = response.getEntity();
if (entity != null) {
entity.consumeContent();
}
HttpGet redirect = new HttpGet(uri);
if (LOG.isDebugEnabled()) {
@ -611,6 +656,64 @@ public class DefaultClientRequestDirector
return new RoutedRequest.Impl(redirect, newRoute);
}
if (HttpClientParams.isAuthenticating(params)) {
if (this.authHandler.isTargetAuthenticationRequested(response, context)) {
target = (HttpHost) context.getAttribute(HttpExecutionContext.HTTP_TARGET_HOST);
if (target == null) {
target = route.getTargetHost();
}
LOG.debug("Target requested authentication");
Map challenges = this.authHandler.getTargetChallenges(response, context);
try {
processChallenges(challenges, this.targetAuthState, response, context);
} catch (AuthenticationException ex) {
if (LOG.isWarnEnabled()) {
LOG.warn("Authentication error: " + ex.getMessage());
return null;
}
}
updateAuthState(this.targetAuthState, target);
if (this.targetAuthState.getCredentials() != null) {
// Re-try the same request via the same route
return roureq;
} else {
return null;
}
} else {
// Reset target auth scope
this.targetAuthState.setAuthScope(null);
}
if (this.authHandler.isProxyAuthenticationRequested(response, context)) {
LOG.debug("Proxy requested authentication");
Map challenges = this.authHandler.getProxyChallenges(response, context);
try {
processChallenges(challenges, this.proxyAuthState, response, context);
} catch (AuthenticationException ex) {
if (LOG.isWarnEnabled()) {
LOG.warn("Authentication error: " + ex.getMessage());
return null;
}
}
updateAuthState(this.proxyAuthState, proxy);
if (this.proxyAuthState.getCredentials() != null) {
// Re-try the same request via the same route
return roureq;
} else {
return null;
}
} else {
// Reset proxy auth scope
this.proxyAuthState.setAuthScope(null);
}
}
return null;
} // handleResponse
@ -671,6 +774,63 @@ public class DefaultClientRequestDirector
} // cleanupConnection
private void processChallenges(
final Map challenges,
final AuthState authState,
final HttpResponse response,
final HttpContext context)
throws MalformedChallengeException, AuthenticationException {
AuthScheme authScheme = authState.getAuthScheme();
if (authScheme == null) {
// Authentication not attempted before
authScheme = this.authHandler.selectScheme(challenges, response, context);
authState.setAuthScheme(authScheme);
}
AuthScheme authscheme = authState.getAuthScheme();
String id = authscheme.getSchemeName();
Header challenge = (Header) challenges.get(id.toLowerCase());
if (challenge == null) {
throw new AuthenticationException(id +
" authorization challenge expected, but not found");
}
authscheme.processChallenge(challenge);
LOG.debug("Authorization challenge processed");
}
private void updateAuthState(final AuthState authState, final HttpHost host) {
AuthScheme authScheme = authState.getAuthScheme();
AuthScope authScope = new AuthScope(
host.getHostName(),
host.getPort(),
authScheme.getRealm(),
authScheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authentication scope: " + authScope);
}
Credentials creds = authState.getCredentials();
if (creds == null) {
creds = this.state.getCredentials(authScope);
if (LOG.isDebugEnabled()) {
if (creds != null) {
LOG.debug("Found credentials");
} else {
LOG.debug("Credentials not found");
}
}
} else {
if (authScheme.isComplete()) {
LOG.debug("Authentication failed");
creds = null;
}
}
authState.setAuthScope(authScope);
authState.setCredentials(creds);
}
/**
* Prepares the entity in the ultimate response being returned.
* The default implementation here installs an entity with auto-release

View File

@ -37,6 +37,7 @@ import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpVersion;
import org.apache.http.auth.AuthSchemeRegistry;
import org.apache.http.client.AuthenticationHandler;
import org.apache.http.client.HttpRequestRetryHandler;
import org.apache.http.client.HttpState;
import org.apache.http.client.RedirectHandler;
@ -46,6 +47,8 @@ import org.apache.http.client.params.CookiePolicy;
import org.apache.http.client.params.HttpClientParams;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.protocol.RequestAddCookies;
import org.apache.http.client.protocol.RequestProxyAuthentication;
import org.apache.http.client.protocol.RequestTargetAuthentication;
import org.apache.http.client.protocol.ResponseProcessCookies;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.ClientConnectionManagerFactory;
@ -203,6 +206,9 @@ public class DefaultHttpClient extends AbstractHttpClient {
// HTTP state management interceptors
httpproc.addInterceptor(new RequestAddCookies());
httpproc.addInterceptor(new ResponseProcessCookies());
// HTTP authentication interceptors
httpproc.addInterceptor(new RequestTargetAuthentication());
httpproc.addInterceptor(new RequestProxyAuthentication());
return httpproc;
}
@ -217,6 +223,11 @@ public class DefaultHttpClient extends AbstractHttpClient {
}
protected AuthenticationHandler createAuthenticationHandler() {
return new DefaultAuthenticationHandler(getAuthSchemes());
}
protected HttpState createHttpState() {
return new HttpState();
}

View File

@ -70,7 +70,7 @@ public class DefaultRedirectHandler implements RedirectHandler {
super();
}
public boolean isRedirectNeeded(
public boolean isRedirectRequested(
final HttpResponse response,
final HttpContext context) {
if (response == null) {

View File

@ -103,26 +103,6 @@ public class TestHttpState extends TestCase {
assertEquals(CREDS1, state.getCredentials(BOGUS));
}
public void testHttpStateProxyCredentials() {
HttpState state = new HttpState();
state.setProxyCredentials(SCOPE1, CREDS1);
state.setProxyCredentials(SCOPE2, CREDS2);
assertEquals(CREDS1, state.getProxyCredentials(SCOPE1));
assertEquals(CREDS2, state.getProxyCredentials(SCOPE2));
}
public void testHttpStateProxyNoCredentials() {
HttpState state = new HttpState();
assertEquals(null, state.getProxyCredentials(BOGUS));
}
public void testHttpStateProxyDefaultCredentials() {
HttpState state = new HttpState();
state.setProxyCredentials(AuthScope.ANY, CREDS1);
state.setProxyCredentials(SCOPE2, CREDS2);
assertEquals(CREDS1, state.getProxyCredentials(BOGUS));
}
// --------------------------------- Test Methods for Selecting Credentials
public void testDefaultCredentials() throws Exception {