List of usage examples for io.vertx.core MultiMap set
@GenIgnore(GenIgnore.PERMITTED_TYPE) @Fluent MultiMap set(CharSequence name, Iterable<CharSequence> values);
From source file:io.apiman.gateway.engine.vertx.polling.fetchers.auth.OAuth2Client.java
License:Apache License
@Override public Authenticator authenticate(Vertx vertx, Map<String, String> config, MultiMap headerMap, AsyncResultHandler<Void> resultHandler) { OAuth2ClientOptions credentials = new OAuth2ClientOptions(mapToJson(config)); if (config.get("oauthUri") != null) { credentials.setSite(config.get("oauthUri")); }/* ww w .ja v a 2 s . com*/ if (config.get("clientId") != null) { credentials.setClientID(config.get("clientId")); } OAuth2FlowType flowType = getFlowType(config.get("flowType")); JsonObject params = new JsonObject(); if (config.get("username") != null) { params.put("username", config.get("username")); } if (config.get("password") != null) { params.put("password", config.get("password")); } OAuth2Auth oauth2 = OAuth2Auth.create(vertx, flowType, credentials); oauth2.getToken(params, tokenResult -> { if (tokenResult.succeeded()) { log.debug("OAuth2 exchange succeeded."); AccessToken token = tokenResult.result(); headerMap.set("Authorization", "Bearer " + token.principal().getString("access_token")); resultHandler.handle(Future.succeededFuture()); } else { log.error("Access Token Error: {0}.", tokenResult.cause().getMessage()); resultHandler.handle(Future.failedFuture(tokenResult.cause())); } }); return this; }
From source file:io.github.bckfnn.actioner.AssetsHandler.java
License:Apache License
@Override public void handle(RoutingContext ctx) { String path = ctx.normalisedPath(); String prefix = ctx.currentRoute().getPath(); path = path.substring(prefix.length()); int dot = path.indexOf('.'); String artifact = path.substring(0, dot); String type = path.substring(dot + 1); if (assets.hasPath(artifact)) { byte[] data; try {/*from ww w . j av a 2 s . c o m*/ data = make(ctx, artifact, type); } catch (Exception e) { ctx.fail(e); return; } MultiMap headers = ctx.response().headers(); headers.set(HttpHeaders.CONTENT_TYPE, MimetypesFileTypeMap.getDefaultFileTypeMap().getContentType(path)); if (cachingEnabled) { // We use cache-control and last-modified // We *do not use* etags and expires (since they do the same thing - redundant) headers.set("cache-control", "public, max-age=" + maxAgeSeconds); headers.set("last-modified", lastRebootStr); } try { if (cachingEnabled) { if (shouldUseCached(ctx.request())) { ctx.response().setStatusCode(304).end(); return; } } ctx.response().end(Buffer.factory.buffer(data)); } catch (Exception e) { Utils.rethrow(e); } } else { ctx.next(); } }
From source file:io.github.bckfnn.actioner.WebjarsHandler.java
License:Apache License
@Override public void handle(RoutingContext ctx) { String path = ctx.normalisedPath(); String prefix = ctx.currentRoute().getPath(); path = path.substring(prefix.length()); InputStream stream = loadResource(path); if (stream != null) { MultiMap headers = ctx.response().headers(); headers.set(HttpHeaders.CONTENT_TYPE, MimetypesFileTypeMap.getDefaultFileTypeMap().getContentType(path)); if (cachingEnabled) { // We use cache-control and last-modified // We *do not use* etags and expires (since they do the same thing - redundant) headers.set("cache-control", "public, max-age=" + maxAgeSeconds); headers.set("last-modified", lastRebootStr); }//from w w w .java 2 s. c om try { if (cachingEnabled) { if (shouldUseCached(ctx.request())) { ctx.response().setStatusCode(304).end(); return; } } ctx.response().end(Buffer.factory.buffer(Utils.readAsBytes(stream))); } catch (Exception e) { Utils.rethrow(e); } } else { ctx.next(); } }
From source file:io.helixservice.feature.context.RequestContextAspect.java
License:Open Source License
/** * Weave in logic just before sending a request to copy any headers we should forward into the outgoing request *//* w ww .j av a 2 s. co m*/ @Around(value = "(execution(private void io.vertx.core.http.impl.HttpClientRequestImpl.prepareHeaders())) " + "&& this(httpClientRequestImpl)", argNames = "pjp, httpClientRequestImpl") public void aroundPrepareHeaders(ProceedingJoinPoint pjp, HttpClientRequestImpl httpClientRequestImpl) throws Throwable, SuspendExecution { RequestContext context = RequestContext.getContext(); if (context != null && !requestContextFeature.propagateHeaders.isEmpty()) { MultiMap headers = httpClientRequestImpl.headers(); for (Map.Entry<String, String> contextHeaderEntry : requestContextFeature.propagateHeaders.entrySet()) { String value = context.getValue(contextHeaderEntry.getKey()); if (value != null) { headers.set(contextHeaderEntry.getValue(), value); } } } pjp.proceed(); }
From source file:io.nitor.api.backend.auth.SetupAzureAdConnectAuth.java
License:Apache License
private static Handler<RoutingContext> authHandler(JsonObject adAuth, Set<String> forbiddenHeaders, HashMap<String, Pattern> requiredHeaderMatchers, String publicURI, boolean virtualHosting, CookieSessionHandler sessionHandler, String redirectUri, RedirectTokenService redirectTokenService) { String publicHost = getUriHostName(publicURI); return ctx -> { Optional<Map<String, String>> headers = ofNullable(sessionHandler.getSessionData(ctx)); if (headers.isPresent()) { MultiMap h = ctx.request().headers(); forbiddenHeaders.forEach(h::remove); headers.get().entrySet().stream().filter(e -> !e.getKey().startsWith(SECRET_DATA_PREFIX)) .forEach(e -> h.set(e.getKey(), e.getValue())); if (!requiredHeaderMatchers.entrySet().stream() .allMatch(e -> headerMatches(h.get(e.getKey()), e.getValue()))) { logger.info("Not authorised to view resource '" + ctx.request().path() + "' with session data: " + headers.get()); ctx.reroute(GET, FORBIDDEN_PATH); return; }//from www. j a v a2 s. c o m ctx.next(); return; } String publicURIWithoutProtocol = getUriHostName(publicURI); String host = getUriHostName(ctx.request().host()); if (virtualHosting && !publicURIWithoutProtocol.equals(host)) { // phase 1: executed iff authentication cookie is missing && the browser is not on the auth domain but on a virtual domain // -> jump to auth domain and pass the current url inside token String currentUri = forceHttps(replaceHostAndPort(ctx.request().absoluteURI(), host)); String token = redirectTokenService.createToken(ctx, singletonMap("u", currentUri)); ctx.response() .setStatusCode((ctx.request().method() == GET ? TEMPORARY_REDIRECT : SEE_OTHER).code()) // ask browser to turn POST etc into GET when redirecting .putHeader(CACHE_CONTROL, "no-cache, no-store, must-revalidate").putHeader(EXPIRES, "0") .putHeader(LOCATION, publicURI + PROXY_AUTH_REDIRECT_BEFORE + "?t=" + urlEncode(token)) .end(); return; } StringBuilder sb = new StringBuilder(); String currentUri = forceHttps(replaceHost(ctx.request().absoluteURI(), publicHost)); sb.append(adAuth.getJsonObject("openIdConfig").getString("authorization_endpoint")) .append("?domain_hint=organizations&response_type=code&response_mode=query") .append("&client_id=").append(urlEncode(adAuth.getString("clientId"))).append("&redirect_uri=") .append(urlEncode(redirectUri)).append("&scope=").append(urlEncode(adAuth.getString("scope"))) //.append("&login_hint=").append(urlEncode(previousKnownUserName)) -- could try to fetch it from expired session cookie? //.append("&prompt=").append("login") -- force login - maybe do if IP is from different country? .append("&state=") .append(urlEncode(redirectTokenService.createToken(ctx, singletonMap("a", currentUri)))); ctx.response().setStatusCode(TEMPORARY_REDIRECT.code()).putHeader(LOCATION, sb) .putHeader(CACHE_CONTROL, "no-cache, no-store, must-revalidate").putHeader(EXPIRES, "0").end(); }; }
From source file:io.nitor.api.backend.proxy.Proxy.java
License:Apache License
public void handle(RoutingContext routingContext) { final HttpServerRequest sreq = routingContext.request(); final boolean isTls = isOrigReqHttps || "https".equals(routingContext.request().scheme()); final boolean isHTTP2 = routingContext.request().version() == HTTP_2; final String chost = getRemoteAddress(routingContext); final ProxyTracer tracer = tracerFactory.get(); String reqId = sreq.headers().get(requestIdHeader); boolean hadRequestId = reqId != null; if (reqId == null) { reqId = Long.toString(requestId.getAndIncrement()); }//from ww w. j a v a2 s. c om tracer.incomingRequestStart(routingContext, isTls, isHTTP2, chost, reqId); if (!hadRequestId) { sreq.headers().add(requestIdHeader, reqId); } HttpServerResponse sres = sreq.response(); sres.exceptionHandler(tracer::outgoingResponseException); routingContext.addHeadersEndHandler(tracer::outgoingResponseHeadersEnd); sres.bodyEndHandler(tracer::outgoingResponseBodyEnd); if (!isHTTP2) { sres.headers().add("keep-alive", keepAliveHeaderValue); sres.headers().add("connection", "keep-alive"); } sreq.exceptionHandler(t -> { tracer.incomingRequestException(t); routingContext.fail(new ProxyException(500, RejectReason.incomingRequestFail, t)); }); final State state = new State(); targetResolver.resolveNextHop(routingContext, nextHop -> { if (nextHop == null) { NullPointerException e = new NullPointerException("nextHop must not be null"); tracer.incomingRequestException(e); throw e; } tracer.nextHopResolved(nextHop); MultiMap sreqh = sreq.headers(); String origHost = null; if (isHTTP2) { origHost = sreqh.get(":authority"); } if (origHost == null) { origHost = sreqh.get("Host"); } if (origHost == null) { ProxyException e = new ProxyException(400, RejectReason.noHostHeader, null); tracer.incomingRequestException(e); routingContext.fail(e); return; } boolean isWebsocket = !isHTTP2 && "websocket".equals(sreqh.get("upgrade")); if (isWebsocket) { MultiMap creqh = new CaseInsensitiveHeaders(); propagateRequestHeaders(isTls, chost, sreqh, origHost, creqh); if (nextHop.hostHeader != null) { creqh.set("Host", nextHop.hostHeader); } else { creqh.remove("Host"); } tracer.outgoingWebsocketInitial(creqh); client.websocket(nextHop.socketPort, nextHop.socketHost, nextHop.uri, creqh, cws -> { // lol no headers copied final boolean[] isClosed = { false }; ServerWebSocket sws = sreq.upgrade(); tracer.websocketEstablished(); for (final WebSocketBase[] pair : new WebSocketBase[][] { { sws, cws }, { cws, sws } }) { pair[0].frameHandler(pair[1]::writeFrame).closeHandler(v -> { if (!isClosed[0]) { tracer.establishedWebsocketClosed(); isClosed[0] = true; pair[1].close(); } }).exceptionHandler(t -> { tracer.establishedWebsocketException(t); t.printStackTrace(); if (!isClosed[0]) { isClosed[0] = true; try { pair[1].close(); } catch (IllegalStateException e) { // whatever } } }); } }, t -> { tracer.outgoingWebsocketException(t); t.printStackTrace(); sres.setStatusCode(HttpResponseStatus.BAD_GATEWAY.code()); if (t instanceof WebSocketHandshakeRejectedException) { WebSocketHandshakeRejectedException e = (WebSocketHandshakeRejectedException) t; sres.setStatusCode(e.resp.status().code()); sres.setStatusMessage(e.resp.status().reasonPhrase()); MultiMap cresh = new HeadersAdaptor(e.resp.headers()); copyEndToEndHeaders(cresh, sres.headers()); sres.headers().add("keep-alive", keepAliveHeaderValue); sres.headers().add("connection", "keep-alive"); sres.headers().set("content-length", "0"); } tracer.outgoingResponseInitial(); tracer.outgoingResponseHeadersEnd(null); sres.end(); tracer.outgoingResponseBodyEnd(null); }); return; } String expectStr; state.expecting100 = null != (expectStr = sreq.headers().get("expect")) && expectStr.equalsIgnoreCase("100-continue"); HttpClientRequest creq = client.request(sreq.method(), nextHop.socketPort, nextHop.socketHost, nextHop.uri); creq.setTimeout(SECONDS.toMillis(clientReceiveTimeout)); creq.handler(cres -> { cres.exceptionHandler(t -> { tracer.incomingResponseException(t); if (!state.serverFinished) { state.clientFinished = true; state.serverFinished = true; routingContext.fail(new ProxyException(502, RejectReason.incomingResponseFail, t)); } }); tracer.incomingResponseStart(cres); sres.setStatusCode(cres.statusCode()); sres.setStatusMessage(cres.statusMessage()); MultiMap headers = cres.headers(); copyEndToEndHeaders(headers, sres.headers()); final boolean reqCompletedBeforeResponse = state.requestComplete; if (state.expecting100) { log.info("Got " + cres.statusCode() + " instead of 100 Continue"); if (!isHTTP2) { if (/* state.receivedRequestBodyBefore100 && */ !reqCompletedBeforeResponse) { // TODO investigate whether vertx is able to handle the server request correctly without us closing the conn // but actually the client might have data in transit.. log.info( "Client might have started streaming data anyway, so request message boundary is lost. Continue streaming, but close server connection after response complete."); sres.headers().set("connection", "close"); } else { log.info( "Client had streamed the complete data anyway. Can carry on without closing server conn."); } } } if (!isHTTP2) { if (!sres.headers().contains("connection") || !sres.headers().get("connection").contains("close")) { sres.headers().add("keep-alive", keepAliveHeaderValue); sres.headers().add("connection", "keep-alive"); } } if (!headers.contains("content-length")) { sres.setChunked(true); } tracer.outgoingResponseInitial(); cres.endHandler(v -> { tracer.incomingResponseEnd(); state.clientFinished = true; if (!state.serverFinished) { state.serverFinished = true; sres.end(); } if (state.expecting100 && /* state.receivedRequestBodyBefore100 && */ !reqCompletedBeforeResponse) { log.info( "Client had started streaming data anyway, so request message boundary is lost. Close client connection."); creq.connection().close(); } }); pump.start(cres, sres, tracer); }); creq.exceptionHandler(t -> { tracer.outgoingRequestException(t); if (!state.serverFinished) { state.clientFinished = true; state.serverFinished = true; routingContext.fail(new ProxyException(502, RejectReason.outgoingRequestFail, t)); } }); MultiMap creqh = creq.headers(); propagateRequestHeaders(isTls, chost, sreqh, origHost, creqh); creq.headers().addAll(addHeaders); if (nextHop.hostHeader != null) { creq.setHost(nextHop.hostHeader); } else { creqh.remove("host"); } if (sreqh.getAll("transfer-encoding").stream().anyMatch(v -> v.equals("chunked"))) { creq.setChunked(true); } sres.closeHandler(v -> { if (!state.clientFinished) { state.clientFinished = true; tracer.incomingConnectionPrematurelyClosed(); HttpConnection connection = creq.connection(); if (connection != null) { connection.close(); } // else TODO } if (!state.serverFinished) { state.serverFinished = true; routingContext.fail(new ProxyException(0, RejectReason.outgoingResponseFail, null)); } }); tracer.outgoingRequestInitial(creq); if (sreq.isEnded()) { state.requestComplete = true; Buffer body = routingContext.getBody(); if (body == null || body.length() == 0) { creq.end(); } else { if (!creq.isChunked()) { creq.putHeader("content-length", Integer.toString(body.length())); } creq.end(routingContext.getBody()); } tracer.incomingRequestEnd(); } else { sreq.endHandler(v -> { state.requestComplete = true; try { creq.end(); } catch (IllegalStateException ex) { // ignore - nothing can be done - the request is already complete/closed - TODO log? } tracer.incomingRequestEnd(); }); ReadStream<Buffer> sreqStream; if (state.expecting100) { log.debug("Expect: 100"); creq.continueHandler(v -> { // no longer expecting 100, it's like a normal not-expecting-100 request from now on state.expecting100 = false; // since we received 100 Continue, we know the server agrees to accept all the request body, so we can assume we are forgiven for sending data early state.receivedRequestBodyBefore100 = false; log.info("Got 100, propagating"); sres.writeContinue(); }); // in this case we must flush request headers before the body is sent creq.sendHead(); sreqStream = new ReadStreamWrapper<Buffer>(sreq) { final LazyHandlerWrapper<Buffer> handlerWrapper = new LazyHandlerWrapper<Buffer>( super::handler, null) { @Override public void handle(Buffer event) { log.info("Got first request body chunk"); if (state.expecting100) { log.info("Got request body before '100 Continue'"); // data received despite not having yet recived 100-continue state.receivedRequestBodyBefore100 = true; } deactivate(); wrapped.handle(event); } }; @Override public ReadStream<Buffer> handler(Handler<Buffer> handler) { return handlerWrapper.handler(handler, this); } }; } else { log.debug("Not expect-100"); sreqStream = sreq; } pump.start(sreqStream, creq, tracer); } }); }
From source file:io.nitor.api.backend.proxy.Proxy.java
License:Apache License
private void propagateRequestHeaders(boolean isTls, String chost, MultiMap sreqh, String origHost, MultiMap creqh) { copyEndToEndHeaders(sreqh, creqh);//from w ww . j a va2 s . co m creqh.set("X-Host", origHost); creqh.set("X-Forwarded-For", chost); creqh.set("X-Forwarded-Proto", isTls ? "https" : "http"); }
From source file:io.nitor.api.backend.s3.AWSRequestSigner.java
License:Apache License
public void copyHeadersAndSign(HttpServerRequest sreq, HttpClientRequest creq, byte[] body) { MessageDigest sha256 = SHA256_POOL.get(); String contentHash;/* w w w . j a v a 2 s. c o m*/ if (body == null) { contentHash = UNSIGNED_PAYLOAD; } else { sha256.reset(); contentHash = hexDump(sha256.digest(body)); } MultiMap headers = creq.headers(); String dateTime = dateTimeFormat.format(clock.instant()); String date = dateTime.substring(0, 8); AwsCredentials secrets = secretsProvider.resolveCredentials(); StringBuilder signedHeaders = new StringBuilder(64); StringBuilder sb = new StringBuilder(256); sb.append(creq.method().name()).append('\n'); uriEncode(creq.path(), false, sb); sb.append('\n'); String query = creq.query(); if (query != null) { String[] split = query.split("&"); Arrays.sort(split); query = String.join("&", split); sb.append(query); } sb.append('\n'); putHeader(headers, sb, signedHeaders, "date", sreq); putHeader(headers, sb, signedHeaders, "host", serviceHost); putHeader(headers, sb, signedHeaders, "if-modified-since", sreq); putHeader(headers, sb, signedHeaders, "if-none-match", sreq); putHeader(headers, sb, signedHeaders, "range", sreq); putHeader(headers, sb, signedHeaders, "x-amz-content-sha256", contentHash); putHeader(headers, sb, signedHeaders, "x-amz-date", dateTime); if (secrets instanceof AwsSessionCredentials) { putHeader(headers, sb, signedHeaders, "x-amz-security-token", ((AwsSessionCredentials) secrets).sessionToken()); } putHeader(headers, sb, signedHeaders, "x-amz-storage-class", sreq); signedHeaders.setLength(signedHeaders.length() - 1); sb.append('\n').append(signedHeaders).append('\n'); sb.append(contentHash); sha256.reset(); String hashedCanonicalRequest = hexDump(sha256.digest(sb.toString().getBytes(ISO_8859_1))); sb.setLength(0); sb.append("AWS4-HMAC-SHA256\n").append(dateTime).append('\n').append(date).append(signingRegion) .append('\n').append(hashedCanonicalRequest); Mac hmac = HMACSHA256_POOL.get(); String signature = hexDump(hmacSHA256(hmac, signingKey(hmac, date, secrets), sb.toString())); sb.setLength(0); sb.append("AWS4-HMAC-SHA256 ").append("Credential=").append(secrets.accessKeyId()).append('/').append(date) .append(signingRegion).append(",SignedHeaders=").append(signedHeaders).append(",Signature=") .append(signature); headers.set(AUTHORIZATION, sb.toString()); }
From source file:io.nitor.api.backend.s3.AWSRequestSigner.java
License:Apache License
private void putHeader(MultiMap headers, StringBuilder canonicalHeaders, StringBuilder signedHeaders, String name, String value) { headers.set(name, value); canonicalHeaders.append(name).append(':').append(value).append('\n'); signedHeaders.append(name).append(';'); }
From source file:org.sfs.nodes.compute.container.VerifyRepairContainerExecute.java
License:Apache License
@Override public void handle(final SfsRequest httpServerRequest) { VertxContext<Server> vertxContext = httpServerRequest.vertxContext(); Defer.aVoid().flatMap(new Authenticate(httpServerRequest)) .flatMap(new ValidateActionAdminOrSystem(httpServerRequest)).map(aVoid -> httpServerRequest) .map(new ValidateHeaderBetweenLong(Jobs.Parameters.TIMEOUT, 100, Long.MAX_VALUE)) .map(new ToVoid<>()).map(aVoid -> ObjectPath.fromSfsRequest(httpServerRequest)) .map(new ValidateContainerPath()).flatMap(objectPath -> { ClusterInfo clusterInfo = vertxContext.verticle().getClusterInfo(); Nodes nodes = vertxContext.verticle().nodes(); MultiMap headers = httpServerRequest.headers(); long timeout = headers.contains(Jobs.Parameters.TIMEOUT) ? Long.parseLong(headers.get(Jobs.Parameters.TIMEOUT)) : 100;//from w w w . j a v a 2 s.co m String unparsedForceRemoveVolumes = headers.contains(Jobs.Parameters.FORCE_REMOVE_VOLUMES) ? headers.get(Jobs.Parameters.FORCE_REMOVE_VOLUMES) : null; MultiMap params = MultiMap.caseInsensitiveMultiMap(); if (unparsedForceRemoveVolumes != null) { params.add(Jobs.Parameters.FORCE_REMOVE_VOLUMES, unparsedForceRemoveVolumes); } params.set(Jobs.Parameters.CONTAINER_ID, objectPath.containerPath().get()); TransientServiceDef transientServiceDef = clusterInfo.getCurrentMasterNode(); MasterNode masterNode = nodes.remoteMasterNode(vertxContext, transientServiceDef); httpServerRequest.startProxyKeepAlive(); return masterNode.executeJob(Jobs.ID.VERIFY_REPAIR_CONTAINER_OBJECTS, params, timeout, TimeUnit.MILLISECONDS); }).single().subscribe(new ConnectionCloseTerminus<Void>(httpServerRequest) { @Override public void onNext(Void aVoid) { JsonObject responseJson = new JsonObject().put("code", HTTP_OK).put("message", "Success"); httpServerRequest.response().write(responseJson.encode(), StandardCharsets.UTF_8.toString()) .write(DELIMITER_BUFFER); } }); }