security work
This commit is contained in:
eugenp
parent
a7a0328b2d
commit
2b9f237c94
|
|
@ -0,0 +1,70 @@
|
|||
package org.baeldung.client;
|
||||
|
||||
import org.apache.http.HttpEntity;
|
||||
import org.apache.http.HttpHost;
|
||||
import org.apache.http.HttpResponse;
|
||||
import org.apache.http.auth.AuthScope;
|
||||
import org.apache.http.auth.UsernamePasswordCredentials;
|
||||
import org.apache.http.client.AuthCache;
|
||||
import org.apache.http.client.methods.HttpGet;
|
||||
import org.apache.http.client.protocol.ClientContext;
|
||||
import org.apache.http.impl.auth.DigestScheme;
|
||||
import org.apache.http.impl.client.BasicAuthCache;
|
||||
import org.apache.http.impl.client.DefaultHttpClient;
|
||||
import org.apache.http.protocol.BasicHttpContext;
|
||||
import org.apache.http.util.EntityUtils;
|
||||
|
||||
/**
|
||||
* An example of HttpClient can be customized to authenticate
|
||||
* preemptively using DIGEST scheme.
|
||||
* <b/>
|
||||
* Generally, preemptive authentication can be considered less
|
||||
* secure than a response to an authentication challenge
|
||||
* and therefore discouraged.
|
||||
*/
|
||||
public class ClientPreemptiveDigestAuthentication {
|
||||
|
||||
public static void main(final String[] args) throws Exception {
|
||||
final HttpHost targetHost = new HttpHost("localhost", 8080, "http");
|
||||
|
||||
final DefaultHttpClient httpclient = new DefaultHttpClient();
|
||||
try {
|
||||
httpclient.getCredentialsProvider().setCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort()), new UsernamePasswordCredentials("user1", "user1Pass"));
|
||||
|
||||
// Create AuthCache instance
|
||||
final AuthCache authCache = new BasicAuthCache();
|
||||
// Generate DIGEST scheme object, initialize it and add it to the local auth cache
|
||||
final DigestScheme digestAuth = new DigestScheme();
|
||||
// Suppose we already know the realm name
|
||||
digestAuth.overrideParamter("realm", "Custom Realm Name");
|
||||
|
||||
// digestAuth.overrideParamter("nonce", "whatever");
|
||||
authCache.put(targetHost, digestAuth);
|
||||
|
||||
// Add AuthCache to the execution context
|
||||
final BasicHttpContext localcontext = new BasicHttpContext();
|
||||
localcontext.setAttribute(ClientContext.AUTH_CACHE, authCache);
|
||||
|
||||
final HttpGet httpget = new HttpGet("http://localhost:8080/spring-security-rest-digest-auth/api/foos/1");
|
||||
|
||||
System.out.println("executing request: " + httpget.getRequestLine());
|
||||
System.out.println("to target: " + targetHost);
|
||||
|
||||
for (int i = 0; i < 3; i++) {
|
||||
final HttpResponse response = httpclient.execute(targetHost, httpget, localcontext);
|
||||
final HttpEntity entity = response.getEntity();
|
||||
|
||||
System.out.println("----------------------------------------");
|
||||
System.out.println(response.getStatusLine());
|
||||
if (entity != null) {
|
||||
System.out.println("Response content length: " + entity.getContentLength());
|
||||
}
|
||||
EntityUtils.consume(entity);
|
||||
}
|
||||
} finally {
|
||||
// When HttpClient instance is no longer needed, shut down the connection manager to ensure immediate deallocation of all system resources
|
||||
httpclient.getConnectionManager().shutdown();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -5,17 +5,17 @@ import java.net.URI;
|
|||
import org.apache.http.HttpHost;
|
||||
import org.apache.http.client.AuthCache;
|
||||
import org.apache.http.client.protocol.ClientContext;
|
||||
import org.apache.http.impl.auth.BasicScheme;
|
||||
import org.apache.http.impl.auth.DigestScheme;
|
||||
import org.apache.http.impl.client.BasicAuthCache;
|
||||
import org.apache.http.protocol.BasicHttpContext;
|
||||
import org.apache.http.protocol.HttpContext;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
||||
|
||||
public class HttpComponentsClientHttpRequestFactoryBasicAuth extends HttpComponentsClientHttpRequestFactory {
|
||||
public class HttpComponentsClientHttpRequestFactoryDigestAuth extends HttpComponentsClientHttpRequestFactory {
|
||||
HttpHost host;
|
||||
|
||||
public HttpComponentsClientHttpRequestFactoryBasicAuth(final HttpHost host) {
|
||||
public HttpComponentsClientHttpRequestFactoryDigestAuth(final HttpHost host) {
|
||||
super();
|
||||
this.host = host;
|
||||
}
|
||||
|
|
@ -30,9 +30,14 @@ public class HttpComponentsClientHttpRequestFactoryBasicAuth extends HttpCompone
|
|||
private HttpContext createHttpContext() {
|
||||
// Create AuthCache instance
|
||||
final AuthCache authCache = new BasicAuthCache();
|
||||
// Generate BASIC scheme object and add it to the local auth cache
|
||||
final BasicScheme basicAuth = new BasicScheme();
|
||||
authCache.put(host, basicAuth);
|
||||
// Generate DIGEST scheme object, initialize it and add it to the local auth cache
|
||||
final DigestScheme digestAuth = new DigestScheme();
|
||||
// If we already know the realm name
|
||||
digestAuth.overrideParamter("realm", "Custom Realm Name");
|
||||
|
||||
// digestAuth.overrideParamter("nonce", "MTM3NTU2OTU4MDAwNzoyYWI5YTQ5MTlhNzc5N2UxMGM5M2Y5M2ViOTc4ZmVhNg==");
|
||||
authCache.put(host, digestAuth);
|
||||
|
||||
// Add AuthCache to the execution context
|
||||
final BasicHttpContext localcontext = new BasicHttpContext();
|
||||
localcontext.setAttribute(ClientContext.AUTH_CACHE, authCache);
|
||||
|
|
@ -1,58 +0,0 @@
|
|||
package org.baeldung.client;
|
||||
|
||||
import org.apache.http.HttpHost;
|
||||
import org.apache.http.client.HttpClient;
|
||||
import org.apache.http.params.HttpConnectionParams;
|
||||
import org.apache.http.params.HttpParams;
|
||||
import org.springframework.beans.factory.FactoryBean;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
@Component
|
||||
public class RestTemplateFactory implements FactoryBean<RestTemplate>, InitializingBean {
|
||||
private RestTemplate restTemplate;
|
||||
|
||||
public RestTemplateFactory() {
|
||||
super();
|
||||
}
|
||||
|
||||
// API
|
||||
|
||||
@Override
|
||||
public RestTemplate getObject() {
|
||||
return restTemplate;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Class<RestTemplate> getObjectType() {
|
||||
return RestTemplate.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSingleton() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void afterPropertiesSet() {
|
||||
final HttpHost host = new HttpHost("localhost", 8080, "http");
|
||||
final HttpComponentsClientHttpRequestFactoryBasicAuth requestFactory = new HttpComponentsClientHttpRequestFactoryBasicAuth(host);
|
||||
restTemplate = new RestTemplate(requestFactory);
|
||||
|
||||
final int timeout = 5;
|
||||
final HttpClient httpClient = requestFactory.getHttpClient();
|
||||
// - note: timeout via raw String parameters
|
||||
// httpClient.getParams().setParameter("http.connection.timeout", timeout * 1000);
|
||||
// httpClient.getParams().setParameter("http.socket.timeout", timeout * 1000);
|
||||
|
||||
// httpClient.getParams().setParameter("http.connection-manager.timeout", new Long(timeout * 1000));
|
||||
// httpClient.getParams().setParameter("http.protocol.head-body-timeout", timeout * 1000);
|
||||
|
||||
// - note: timeout via the API
|
||||
final HttpParams httpParams = httpClient.getParams();
|
||||
HttpConnectionParams.setConnectionTimeout(httpParams, timeout * 1000); // http.connection.timeout
|
||||
HttpConnectionParams.setSoTimeout(httpParams, timeout * 1000); // http.socket.timeout
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,10 +1,16 @@
|
|||
package org.baeldung.client.spring;
|
||||
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.apache.http.HttpHost;
|
||||
import org.apache.http.client.HttpClient;
|
||||
import org.apache.http.params.HttpConnectionParams;
|
||||
import org.apache.http.params.HttpParams;
|
||||
import org.baeldung.client.HttpComponentsClientHttpRequestFactoryDigestAuth;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
@Configuration
|
||||
@ComponentScan("org.baeldung.client")
|
||||
public class ClientConfig {
|
||||
|
||||
public ClientConfig() {
|
||||
|
|
@ -13,4 +19,33 @@ public class ClientConfig {
|
|||
|
||||
// beans
|
||||
|
||||
@Bean
|
||||
public RestTemplate restTemplate() {
|
||||
final HttpHost host = new HttpHost("localhost", 8080, "http");
|
||||
final HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactoryDigestAuth(host);
|
||||
final RestTemplate restTemplate = new RestTemplate(requestFactory);
|
||||
|
||||
final int timeout = 5;
|
||||
configureTimeouts(requestFactory, timeout);
|
||||
|
||||
return restTemplate;
|
||||
}
|
||||
|
||||
// util
|
||||
|
||||
private final void configureTimeouts(final HttpComponentsClientHttpRequestFactory requestFactory, final int timeout) {
|
||||
final HttpClient httpClient = requestFactory.getHttpClient();
|
||||
// - note: timeout via raw String parameters
|
||||
// httpClient.getParams().setParameter("http.connection.timeout", timeout * 1000);
|
||||
// httpClient.getParams().setParameter("http.socket.timeout", timeout * 1000);
|
||||
|
||||
// httpClient.getParams().setParameter("http.connection-manager.timeout", new Long(timeout * 1000));
|
||||
// httpClient.getParams().setParameter("http.protocol.head-body-timeout", timeout * 1000);
|
||||
|
||||
// - note: timeout via the API
|
||||
final HttpParams httpParams = httpClient.getParams();
|
||||
HttpConnectionParams.setConnectionTimeout(httpParams, timeout * 1000); // http.connection.timeout
|
||||
HttpConnectionParams.setSoTimeout(httpParams, timeout * 1000); // http.socket.timeout
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -11,7 +11,7 @@
|
|||
<beans:property name="authenticationEntryPoint" ref="digestEntryPoint" />
|
||||
</beans:bean>
|
||||
<beans:bean id="digestEntryPoint" class="org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint">
|
||||
<beans:property name="realmName" value="Contacts Realm via Digest Authentication" />
|
||||
<beans:property name="realmName" value="Custom Realm Name" />
|
||||
<beans:property name="key" value="uniqueAndSecret" />
|
||||
</beans:bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -29,9 +29,10 @@ public class ClientLiveTest {
|
|||
public final void whenSecuredRestApiIsConsumed_then200OK() {
|
||||
final HttpComponentsClientHttpRequestFactory requestFactory = (HttpComponentsClientHttpRequestFactory) restTemplate.getRequestFactory();
|
||||
final DefaultHttpClient httpClient = (DefaultHttpClient) requestFactory.getHttpClient();
|
||||
httpClient.getCredentialsProvider().setCredentials(new AuthScope("localhost", 8080, AuthScope.ANY_REALM), new UsernamePasswordCredentials("user", "userPass"));
|
||||
httpClient.getCredentialsProvider().setCredentials(new AuthScope("localhost", 8080, AuthScope.ANY_REALM), new UsernamePasswordCredentials("user1", "user1Pass"));
|
||||
|
||||
final ResponseEntity<Foo> responseEntity = restTemplate.exchange("http://localhost:8080/spring-security-rest-digest-auth/api/foos/1", HttpMethod.GET, null, Foo.class);
|
||||
final String uri = "http://localhost:8080/spring-security-rest-digest-auth/api/foos/1";
|
||||
final ResponseEntity<Foo> responseEntity = restTemplate.exchange(uri, HttpMethod.GET, null, Foo.class);
|
||||
System.out.println(responseEntity.getStatusCode());
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,3 +6,5 @@
|
|||
### Relevant Articles:
|
||||
- [RestTemplate with Basic Authentication in Spring](http://www.baeldung.com/2012/04/16/how-to-use-resttemplate-with-basic-authentication-in-spring-3-1)
|
||||
- [HttpClient Timeout](http://www.baeldung.com/httpclient-timeout)
|
||||
|
||||
TODO: rename to: spring-security-rest-basic-auth
|
||||
Loading…
Reference in New Issue