List of usage examples for org.apache.commons.httpclient URI setQuery
public void setQuery(String query) throws URIException
From source file:davmail.exchange.ExchangeSession.java
protected String getAbsoluteUri(HttpMethod method, String path) throws URIException { URI uri = method.getURI(); if (path != null) { // reset query string uri.setQuery(null); if (path.startsWith("/")) { // path is absolute, replace method path uri.setPath(path);//from www . j a v a 2s . co m } else if (path.startsWith("http://") || path.startsWith("https://")) { return path; } else { // relative path, build new path String currentPath = method.getPath(); int end = currentPath.lastIndexOf('/'); if (end >= 0) { uri.setPath(currentPath.substring(0, end + 1) + path); } else { throw new URIException(uri.getURI()); } } } return uri.getURI(); }
From source file:davmail.exchange.ExchangeSession.java
protected String getScriptBasedFormURL(HttpMethod initmethod, String pathQuery) throws URIException { URI initmethodURI = initmethod.getURI(); int queryIndex = pathQuery.indexOf('?'); if (queryIndex >= 0) { if (queryIndex > 0) { // update path String newPath = pathQuery.substring(0, queryIndex); if (newPath.startsWith("/")) { // absolute path initmethodURI.setPath(newPath); } else { String currentPath = initmethodURI.getPath(); int folderIndex = currentPath.lastIndexOf('/'); if (folderIndex >= 0) { // replace relative path initmethodURI.setPath(currentPath.substring(0, folderIndex + 1) + newPath); } else { // should not happen initmethodURI.setPath('/' + newPath); }/*from w w w . j a v a 2 s . c om*/ } } initmethodURI.setQuery(pathQuery.substring(queryIndex + 1)); } return initmethodURI.getURI(); }
From source file:org.eclipse.smarthome.binding.yahooweather.discovery.YahooWeatherDiscoveryService.java
/** * Retrieves the woeid (Where On Earth IDentifier) used for determining the location * used in the Yahoo Weather interface/*from ww w . j a va 2 s . c o m*/ * @param Coordinate in form latitude,longitude as String * @return Json text from woeid service as String */ private String getWoeidData(String coordinate) { String query = "SELECT * FROM geo.placefinder WHERE text='" + coordinate + "' and gflags='R'"; String url = null; try { URI uri = new URI("https://query.yahooapis.com/v1/public/yql", false); uri.setQuery("q=" + query + "&format=json"); url = uri.toString(); } catch (Exception e) { logger.debug("Error while getting location ID: {}", e.getMessage()); } return downloadData(url); }
From source file:org.glite.slcs.shibclient.ShibbolethClient.java
/** * Parses and processes Pubcookie or CAS login form. * /*from w w w .j av a 2 s .com*/ * @param idp * @param htmlForm * @throws IOException * @throws RemoteException * @throws ServiceException * @throws AuthException */ private URI processIdPLoginForm(IdentityProvider idp, URI ssoLoginURI, String ssoQuery, InputStream htmlForm) throws IOException, RemoteException, ServiceException, AuthException { LOG.info("Parse and process " + idp.getAuthTypeName() + " login form: " + ssoLoginURI); boolean formFound = false; URI idpLoginFormResponseURI = null; // Parse the FORM with Jericho HTML Parser Source source = new Source(htmlForm); List<Element> forms = source.findAllElements(Tag.FORM); for (Element form : forms) { String formName = form.getAttributeValue("NAME"); // BUG FIX: UniL use a CAS login form with NO NAME defined. // first try with the form ID as NAME, otherwise use an empty name. // the metadata should also define an empty name for this particular // form. LOG.debug("form name= " + formName); if (formName == null) { LOG.warn("form have no NAME, try form ID..."); String formId = form.getAttributeValue("ID"); if (formId == null) { LOG.warn("form have no NAME and no ID, using empty name..."); formName = ""; } else { formName = formId; } } if (formName.equals(idp.getAuthFormName())) { formFound = true; String formAction = form.getAttributeValue("ACTION"); LOG.debug("form action=" + formAction); if (formAction == null || formAction.equals("")) { // no form action to POST, use default from metadata formAction = ssoLoginURI.getEscapedURI(); LOG.info("default form action=" + formAction); } else { URI formActionURI = new URI(formAction, false); if (formActionURI.isRelativeURI()) { // action URL is not absolute like: // http://localhost/cas/login?... formActionURI = new URI(ssoLoginURI, formActionURI.getPathQuery(), true); } formAction = formActionURI.getEscapedURI(); LOG.info("corrected form action=" + formAction); } String formMethod = form.getAttributeValue("METHOD"); LOG.debug("form name=" + formName + " action=" + formAction + " method=" + formMethod); if (!formAction.equals("") && formMethod.equalsIgnoreCase("POST")) { PostMethod postLoginFormMethod = new PostMethod(formAction); // add all HIDDEN fields to POST List<FormControl> formControls = form.findFormControls(); for (FormControl control : formControls) { FormControlType type = control.getFormControlType(); if (type.equals(FormControlType.HIDDEN)) { String name = control.getName(); Collection<String> values = control.getValues(); for (String value : values) { LOG.debug("add hidden: " + name + "=" + value); // add all hidden fields postLoginFormMethod.addParameter(name, value); } } } // add username field postLoginFormMethod.addParameter(idp.getAuthFormUsername(), this.credentials_.getUserName()); // add the PASSWORD field postLoginFormMethod.addParameter(idp.getAuthFormPassword(), this.credentials_.getPassword()); // execute the login POST LOG.info("POST LoginFormMethod: " + postLoginFormMethod.getURI()); int formLoginResponseStatus = executeMethod(postLoginFormMethod); LOG.debug(postLoginFormMethod.getStatusLine()); // XXX dumpHttpClientCookies(); // CAS, or FORM can, send a 302 + Location header back if (formLoginResponseStatus == 302 && (idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_CAS || idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_FORM)) { LOG.debug("Process " + idp.getAuthTypeName() + " redirect response (302 + Location header)..."); Header location = postLoginFormMethod.getResponseHeader("Location"); if (location != null) { String locationURL = location.getValue(); LOG.debug("302 Location: " + locationURL); // CAS: if location path (/cas/login) is not the IdP // 1.3 // SSO path (/shibboleth-idp/SSO) or the IdP 2.X // /Authn/RemoteUser // handler, then it's a wrong login URI locationURI = new URI(locationURL, false); String locationPath = locationURI.getPath(); String idpSSOURL = idp.getUrl(); URI idpSSOURI = new URI(idpSSOURL, false); String idpSSOPath = idpSSOURI.getPath(); if (LOG.isDebugEnabled()) { LOG.debug("location path: " + locationPath); LOG.debug("location is the /Authn/RemoteUser hanlder? " + locationPath.endsWith("/Authn/RemoteUser")); LOG.debug("IdP SSO path: " + idpSSOPath); } if (!locationPath.equals(idpSSOPath) && !locationPath.endsWith("/Authn/RemoteUser")) { LOG.error("Redirect response is not the SSO (" + idpSSOURL + ") or the /Authn/RemoteUser handler: " + locationURL); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } idpLoginFormResponseURI = new URI(locationURL, false); LOG.debug("(" + idp.getAuthTypeName() + ": 302 + Location) idpLoginFormReponseURI= " + idpLoginFormResponseURI); } else { LOG.error(idp.getAuthTypeName() + ": Status 302 but no redirect Location header"); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } } // IdP 2.1 FORM authN send 200 and directly the SAMLResponse // form else if (formLoginResponseStatus == 200 && idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_FORM) { // BUG FIX: check for Browser/POST hidden form element // SAMLResponse for valid authentication LOG.debug("check for SAMLResponse hidden element"); boolean samlResponseFound = false; InputStream authnLoginResponse = postLoginFormMethod.getResponseBodyAsStream(); Source authnSource = new Source(authnLoginResponse); List<Element> browserPOSTForms = authnSource.findAllElements(Tag.FORM); for (Element browserPOSTForm : browserPOSTForms) { List<FormControl> browserPOSTFormControls = browserPOSTForm.findFormControls(); for (FormControl control : browserPOSTFormControls) { FormControlType type = control.getFormControlType(); if (type.equals(FormControlType.HIDDEN)) { String name = control.getName(); if (name.equals("SAMLResponse")) { LOG.debug("Hidden element found: " + control.getName()); samlResponseFound = true; } } } } if (!samlResponseFound) { LOG.error( idp.getAuthTypeName() + ": no Browser/POST SAMLResponse hidden element found"); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } LOG.debug("Process FORM (200 + full Browser/POST profile) response..."); idpLoginFormResponseURI = new URI(idp.getUrl(), false); // re-set the original SSO query params idpLoginFormResponseURI.setQuery(ssoQuery); LOG.debug("(FORM: 200 + Browser/POST) idpLoginFormReponseURI= " + idpLoginFormResponseURI); } // Pubcookie send 200 + fucking HTML form relay with hidden // fields!!! // <form method=post // action="https://aai-login.ethz.ch/PubCookie.reply" // name=relay> // then reply a redirect 302 + Location header else if (formLoginResponseStatus == 200 && idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_PUBCOOKIE) { LOG.debug("Process Pubcookie (200 + relay FORM) response..."); InputStream pubcookieLoginResponse = postLoginFormMethod.getResponseBodyAsStream(); Source pubcookieSource = new Source(pubcookieLoginResponse); PostMethod postPubcookieRelayMethod = null; List<Element> relayForms = pubcookieSource.findAllElements(Tag.FORM); for (Element relayForm : relayForms) { String relayFormAction = relayForm.getAttributeValue("ACTION"); LOG.debug("Pubcookie relay form action= " + relayFormAction); if (relayFormAction == null) { LOG.error("Pubcookie relay form action not found."); throw new RemoteException("Pubcookie relay form action not found"); } // create PubCookie relay POST postPubcookieRelayMethod = new PostMethod(relayFormAction); // add all HIDDEN fields to POST List<FormControl> relayFormControls = relayForm.findFormControls(); for (FormControl control : relayFormControls) { FormControlType type = control.getFormControlType(); if (type.equals(FormControlType.HIDDEN)) { String name = control.getName(); Collection<String> values = control.getValues(); for (String value : values) { LOG.debug("add hidden: " + name + "=" + value); // add all hidden fields postPubcookieRelayMethod.addParameter(name, value); } } } // add hidden fields } // for all relay forms if (postPubcookieRelayMethod != null) { LOG.debug("POST postPubcookieRelayMethod: " + postPubcookieRelayMethod.getURI()); int pubcookieRelayStatus = executeMethod(postPubcookieRelayMethod); LOG.debug(postPubcookieRelayMethod.getStatusLine()); Header location = postPubcookieRelayMethod.getResponseHeader("Location"); LOG.debug("postPubcookieRelayMethod.releaseConnection()"); postPubcookieRelayMethod.releaseConnection(); if (location != null) { String locationURL = location.getValue(); LOG.debug("302 Location: " + locationURL); // parse Location idpLoginFormResponseURI = new URI(locationURL, false); LOG.debug("(PubCookie: 302 + Location header) idpLoginFormReponseURI= " + idpLoginFormResponseURI); } else { LOG.error("Pubcookie relay response 302 + Location header not found"); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } } else { LOG.error("Pubcookie relay form not found"); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } // XXX dumpHttpClientCookies(); } else { LOG.error("Unexpected response status: " + formLoginResponseStatus + " AuthType:" + idp.getAuthTypeName()); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } LOG.debug("POSTLoginFormMethod.releaseConnection()"); postLoginFormMethod.releaseConnection(); } // end if form action is set and method is POST } // end if form name match metadata } // end for all forms if (!formFound) { LOG.error("FORM name=" + idp.getAuthFormName() + " not found"); throw new ServiceException("FORM name=" + idp.getAuthFormName() + " not found"); } return idpLoginFormResponseURI; }
From source file:org.parosproxy.paros.core.scanner.Analyser.java
/** * Analyse a single folder entity. Results are stored into * mAnalysedEntityTable./* w w w .ja v a2s . co m*/ */ private void analyse(StructuralNode node) throws Exception { // if analysed already, return; // move to host part if (node.getHistoryReference() == null) { return; } if (!parent.nodeInScope(node.getName())) { return; } // ZAP: Removed unnecessary cast. HttpMessage baseMsg = node.getHistoryReference().getHttpMessage(); URI baseUri = (URI) baseMsg.getRequestHeader().getURI().clone(); baseUri.setQuery(null); //System.out.println("analysing: " + baseUri.toString()); // already exist one. no need to test if (mapVisited.get(baseUri.toString()) != null) { return; } String path = getRandomPathSuffix(node, baseUri); HttpMessage msg = baseMsg.cloneRequest(); URI uri = (URI) baseUri.clone(); uri.setPath(path); msg.getRequestHeader().setURI(uri); //System.out.println("analysing 2: " + uri); sendAndReceive(msg); // standard RFC response, no further check is needed if (msg.getResponseHeader().getStatusCode() == HttpStatusCode.NOT_FOUND) { addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_RFC); return; } if (HttpStatusCode.isRedirection(msg.getResponseHeader().getStatusCode())) { addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_REDIRECT); return; } if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.OK) { addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_NON_RFC); return; } HttpMessage msg2 = baseMsg.cloneRequest(); URI uri2 = msg2.getRequestHeader().getURI(); String path2 = getRandomPathSuffix(node, uri2); uri2 = (URI) baseUri.clone(); uri2.setPath(path2); msg2.getRequestHeader().setURI(uri2); sendAndReceive(msg2); // remove HTML HEAD as this may contain expiry time which dynamic changes String resBody1 = msg.getResponseBody().toString().replaceAll(p_REMOVE_HEADER, ""); String resBody2 = msg2.getResponseBody().toString().replaceAll(p_REMOVE_HEADER, ""); // check if page is static. If so, remember this static page if (resBody1.equals(resBody2)) { msg.getResponseBody().setBody(resBody1); addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_STATIC); return; } // else check if page is dynamic but deterministic resBody1 = resBody1.replaceAll(getPathRegex(uri), "").replaceAll("\\s[012]\\d:[0-5]\\d:[0-5]\\d\\s", ""); resBody2 = resBody2.replaceAll(getPathRegex(uri2), "").replaceAll("\\s[012]\\d:[0-5]\\d:[0-5]\\d\\s", ""); if (resBody1.equals(resBody2)) { msg.getResponseBody().setBody(resBody1); addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_DYNAMIC_BUT_DETERMINISTIC); return; } // else mark app "undeterministic". addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_UNDETERMINISTIC); }
From source file:org.parosproxy.paros.core.scanner.Analyser.java
private String getPathRegex(URI uri) throws URIException { URI newUri; // ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient try {/*from w w w. j a v a2s. co m*/ newUri = (URI) uri.clone(); } catch (CloneNotSupportedException e) { throw new URIException(e.getMessage()); } String query = newUri.getQuery(); StringBuilder sb = new StringBuilder(100); // case should be sensitive //sb.append("(?i)"); newUri.setQuery(null); sb.append(newUri.toString().replaceAll("\\.", "\\.")); if (query != null) { String queryPattern = "(\\?" + query + ")?"; sb.append(queryPattern); } return sb.toString(); }
From source file:org.parosproxy.paros.core.scanner.Analyser.java
public boolean isFileExist(HttpMessage msg) { if (msg.getResponseHeader().isEmpty()) { return false; }/*from ww w. j ava 2 s.co m*/ // RFC if (msg.getResponseHeader().getStatusCode() == HttpStatusCode.NOT_FOUND) { return false; } // ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient URI uri = null; String sUri = null; try { uri = (URI) msg.getRequestHeader().getURI().clone(); // strip off last part of path - use folder only uri.setQuery(null); String path = uri.getPath(); path = path.replaceAll("/[^/]*$", ""); uri.setPath(path); } catch (Exception e) { } finally { if (uri != null) { sUri = uri.toString(); } } // get sample with same relative path position when possible. // if not exist, use the host only // ZAP: Removed unnecessary cast. SampleResponse sample = mapVisited.get(sUri); if (sample == null) { try { uri.setPath(null); } catch (URIException e2) { } String sHostOnly = uri.toString(); // ZAP: Removed unnecessary cast. sample = mapVisited.get(sHostOnly); } // check if any analysed result. if (sample == null) { if (msg.getResponseHeader().getStatusCode() == HttpStatusCode.OK) { // no anlaysed result to confirm, assume file exist and return return true; } else { return false; } } // check for redirect response. If redirect to same location, then file does not exist if (HttpStatusCode.isRedirection(msg.getResponseHeader().getStatusCode())) { try { if (sample.getMessage().getResponseHeader().getStatusCode() == msg.getResponseHeader() .getStatusCode()) { String location = msg.getResponseHeader().getHeader(HttpHeader.LOCATION); if (location != null && location .equals(sample.getMessage().getResponseHeader().getHeader(HttpHeader.LOCATION))) { return false; } } } catch (Exception e) { logger.error(e.getMessage(), e); } return true; } // Not success code if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.OK) { return false; } // remain only OK response here // nothing more to determine. Check for possible not found page pattern. Matcher matcher = patternNotFound.matcher(msg.getResponseBody().toString()); if (matcher.find()) { return false; } // static response String body = msg.getResponseBody().toString().replaceAll(p_REMOVE_HEADER, ""); if (sample.getErrorPageType() == SampleResponse.ERROR_PAGE_STATIC) { try { if (sample.getMessage().getResponseBody().toString().equals(body)) { return false; } } catch (HttpMalformedHeaderException | DatabaseException e) { logger.error("Failed to read the message: " + e.getMessage(), e); } return true; } uri = msg.getRequestHeader().getURI(); try { if (sample.getErrorPageType() == SampleResponse.ERROR_PAGE_DYNAMIC_BUT_DETERMINISTIC) { body = msg.getResponseBody().toString().replaceAll(getPathRegex(uri), "") .replaceAll("\\s[012]\\d:[0-5]\\d:[0-5]\\d\\s", ""); // ZAP: FindBugs fix - added call to HttpBody.toString() if (sample.getMessage().getResponseBody().toString().equals(body)) { return false; } return true; } } catch (Exception e) { logger.error(e.getMessage(), e); } return true; }
From source file:org.parosproxy.paros.core.scanner.Kb.java
public synchronized void add(URI uri, String key, Object value) { // ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient try {/*w ww . ja va2 s . co m*/ uri = (URI) uri.clone(); } catch (CloneNotSupportedException e1) { return; } // ZAP: Removed variable (TreeMap map). try { uri.setQuery(null); } catch (URIException e) { // ZAP: Added logging. logger.error(e.getMessage(), e); return; } // ZAP: Moved to after the try catch block. String uriKey = uri.toString(); // ZAP: Added the type arguments. TreeMap<String, Object> map = mapURI.get(uriKey); if (map == null) { // ZAP: Added the type argument. map = new TreeMap<>(); mapURI.put(uriKey, map); } // ZAP: Removed else branch. add(map, key, value); }
From source file:org.parosproxy.paros.core.scanner.Kb.java
public synchronized Vector<Object> getList(URI uri, String key) { // ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient try {/*from ww w. j ava 2 s . co m*/ uri = (URI) uri.clone(); } catch (CloneNotSupportedException e1) { return null; } // ZAP: Removed variable (TreeMap map). try { uri.setQuery(null); } catch (URIException e) { // ZAP: Added logging. logger.error(e.getMessage(), e); return null; } // ZAP: Moved to after the try catch block. String uriKey = uri.toString(); // ZAP: Added the type argument and removed the instanceof. TreeMap<String, Object> map = mapURI.get(uriKey); if (map == null) { return null; } // ZAP: Removed else branch. return getList(map, key); }
From source file:org.parosproxy.paros.core.scanner.plugin.TestDirectoryBrowsing.java
private void checkIfDirectory(HttpMessage msg) throws URIException { URI uri = msg.getRequestHeader().getURI(); uri.setQuery(null); String sUri = uri.toString(); if (!sUri.endsWith("/")) { sUri = sUri + "/"; }/*w w w . jav a2 s . co m*/ msg.getRequestHeader().setURI(new URI(sUri, true)); }