List of usage examples for org.apache.http.auth AUTH PROXY_AUTH_RESP
String PROXY_AUTH_RESP
To view the source code for org.apache.http.auth AUTH PROXY_AUTH_RESP.
Click Source Link
From source file:org.apache.http.impl.auth.GGSSchemeBase.java
@Override public Header authenticate(final Credentials credentials, final HttpRequest request, final HttpContext context) throws AuthenticationException { Args.notNull(request, "HTTP request"); switch (state) { case UNINITIATED: throw new AuthenticationException(getSchemeName() + " authentication has not been initiated"); case FAILED://from w w w . j a va 2 s . c o m throw new AuthenticationException(getSchemeName() + " authentication has failed"); case CHALLENGE_RECEIVED: try { final HttpRoute route = (HttpRoute) context.getAttribute(HttpClientContext.HTTP_ROUTE); if (route == null) { throw new AuthenticationException("Connection route is not available"); } HttpHost host; if (isProxy()) { host = route.getProxyHost(); if (host == null) { host = route.getTargetHost(); } } else { host = route.getTargetHost(); } final String authServer; if (!this.stripPort && host.getPort() > 0) { authServer = host.toHostString(); } else { authServer = host.getHostName(); } if (log.isDebugEnabled()) { log.debug("init " + authServer); } token = generateToken(token, authServer); state = State.TOKEN_GENERATED; } catch (final GSSException gsse) { state = State.FAILED; if (gsse.getMajor() == GSSException.DEFECTIVE_CREDENTIAL || gsse.getMajor() == GSSException.CREDENTIALS_EXPIRED) { throw new InvalidCredentialsException(gsse.getMessage(), gsse); } if (gsse.getMajor() == GSSException.NO_CRED) { throw new InvalidCredentialsException(gsse.getMessage(), gsse); } if (gsse.getMajor() == GSSException.DEFECTIVE_TOKEN || gsse.getMajor() == GSSException.DUPLICATE_TOKEN || gsse.getMajor() == GSSException.OLD_TOKEN) { throw new AuthenticationException(gsse.getMessage(), gsse); } // other error throw new AuthenticationException(gsse.getMessage()); } case TOKEN_GENERATED: final String tokenstr = new String(base64codec.encode(token)); if (log.isDebugEnabled()) { log.debug("Sending response '" + tokenstr + "' back to the auth server"); } final CharArrayBuffer buffer = new CharArrayBuffer(32); if (isProxy()) { buffer.append(AUTH.PROXY_AUTH_RESP); } else { buffer.append(AUTH.WWW_AUTH_RESP); } buffer.append(": Negotiate "); buffer.append(tokenstr); return new BufferedHeader(buffer); default: throw new IllegalStateException("Illegal state: " + state); } }
From source file:org.apache.http.impl.auth.TestBasicScheme.java
@Test public void testBasicProxyAuthentication() throws Exception { final UsernamePasswordCredentials creds = new UsernamePasswordCredentials("testuser", "testpass"); final Header challenge = new BasicHeader(AUTH.PROXY_AUTH, "Basic realm=\"test\""); final BasicScheme authscheme = new BasicScheme(); authscheme.processChallenge(challenge); final HttpRequest request = new BasicHttpRequest("GET", "/"); final HttpContext context = new BasicHttpContext(); final Header authResponse = authscheme.authenticate(creds, request, context); final String expected = "Basic " + EncodingUtils .getAsciiString(Base64.encodeBase64(EncodingUtils.getAsciiBytes("testuser:testpass"))); Assert.assertEquals(AUTH.PROXY_AUTH_RESP, authResponse.getName()); Assert.assertEquals(expected, authResponse.getValue()); Assert.assertEquals("test", authscheme.getRealm()); Assert.assertTrue(authscheme.isComplete()); Assert.assertFalse(authscheme.isConnectionBased()); }
From source file:org.apache.http.impl.auth.win.WindowsNegotiateScheme.java
@Override public Header authenticate(final Credentials credentials, final HttpRequest request, final HttpContext context) throws AuthenticationException { final String response; if (clientCred == null) { // ?? We don't use the credentials, should we allow anything? if (!(credentials instanceof CurrentWindowsCredentials)) { throw new InvalidCredentialsException("Credentials cannot be used for " + getSchemeName() + " authentication: " + credentials.getClass().getName()); }/* w ww . ja va 2s . co m*/ // client credentials handle try { final String username = CurrentWindowsCredentials.getCurrentUsername(); final TimeStamp lifetime = new TimeStamp(); clientCred = new CredHandle(); final int rc = Secur32.INSTANCE.AcquireCredentialsHandle(username, scheme, Sspi.SECPKG_CRED_OUTBOUND, null, null, null, null, clientCred, lifetime); if (WinError.SEC_E_OK != rc) { throw new Win32Exception(rc); } response = getToken(null, null, username); } catch (Throwable t) { dispose(); throw new AuthenticationException("Authentication Failed", t); } } else if (this.challenge == null || this.challenge.length() == 0) { dispose(); throw new AuthenticationException("Authentication Failed"); } else { try { final byte[] continueTokenBytes = Base64.decodeBase64(this.challenge); final SecBufferDesc continueTokenBuffer = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); response = getToken(this.sppicontext, continueTokenBuffer, "localhost"); } catch (Throwable t) { dispose(); throw new AuthenticationException("Authentication Failed", t); } } final CharArrayBuffer buffer = new CharArrayBuffer(scheme.length() + 30); if (isProxy()) { buffer.append(AUTH.PROXY_AUTH_RESP); } else { buffer.append(AUTH.WWW_AUTH_RESP); } buffer.append(": "); buffer.append(scheme); // NTLM or Negotiate buffer.append(" "); buffer.append(response); return new BufferedHeader(buffer); }
From source file:org.apache.http.impl.execchain.MainClientExec.java
public CloseableHttpResponse execute(final HttpRoute route, final HttpRequestWrapper request, final HttpClientContext context, final HttpExecutionAware execAware) throws IOException, HttpException { Args.notNull(route, "HTTP route"); Args.notNull(request, "HTTP request"); Args.notNull(context, "HTTP context"); AuthState targetAuthState = context.getTargetAuthState(); if (targetAuthState == null) { targetAuthState = new AuthState(); context.setAttribute(HttpClientContext.TARGET_AUTH_STATE, targetAuthState); }/*from w ww.j av a2 s . c o m*/ AuthState proxyAuthState = context.getProxyAuthState(); if (proxyAuthState == null) { proxyAuthState = new AuthState(); context.setAttribute(HttpClientContext.PROXY_AUTH_STATE, proxyAuthState); } if (request instanceof HttpEntityEnclosingRequest) { Proxies.enhanceEntity((HttpEntityEnclosingRequest) request); } Object userToken = context.getUserToken(); final ConnectionRequest connRequest = connManager.requestConnection(route, userToken); if (execAware != null) { if (execAware.isAborted()) { connRequest.cancel(); throw new RequestAbortedException("Request aborted"); } else { execAware.setCancellable(connRequest); } } final RequestConfig config = context.getRequestConfig(); final HttpClientConnection managedConn; try { final int timeout = config.getConnectionRequestTimeout(); managedConn = connRequest.get(timeout > 0 ? timeout : 0, TimeUnit.MILLISECONDS); } catch (final InterruptedException interrupted) { Thread.currentThread().interrupt(); throw new RequestAbortedException("Request aborted", interrupted); } catch (final ExecutionException ex) { Throwable cause = ex.getCause(); if (cause == null) { cause = ex; } throw new RequestAbortedException("Request execution failed", cause); } context.setAttribute(HttpCoreContext.HTTP_CONNECTION, managedConn); if (config.isStaleConnectionCheckEnabled()) { // validate connection if (managedConn.isOpen()) { this.log.debug("Stale connection check"); if (managedConn.isStale()) { this.log.debug("Stale connection detected"); managedConn.close(); } } } final ConnectionHolder connHolder = new ConnectionHolder(this.log, this.connManager, managedConn); try { if (execAware != null) { execAware.setCancellable(connHolder); } HttpResponse response; for (int execCount = 1;; execCount++) { if (execCount > 1 && !Proxies.isRepeatable(request)) { throw new NonRepeatableRequestException( "Cannot retry request " + "with a non-repeatable request entity."); } if (execAware != null && execAware.isAborted()) { throw new RequestAbortedException("Request aborted"); } if (!managedConn.isOpen()) { this.log.debug("Opening connection " + route); try { establishRoute(proxyAuthState, managedConn, route, request, context); } catch (final TunnelRefusedException ex) { if (this.log.isDebugEnabled()) { this.log.debug(ex.getMessage()); } response = ex.getResponse(); break; } } final int timeout = config.getSocketTimeout(); if (timeout >= 0) { managedConn.setSocketTimeout(timeout); } if (execAware != null && execAware.isAborted()) { throw new RequestAbortedException("Request aborted"); } if (this.log.isDebugEnabled()) { this.log.debug("Executing request " + request.getRequestLine()); } if (!request.containsHeader(AUTH.WWW_AUTH_RESP)) { if (this.log.isDebugEnabled()) { this.log.debug("Target auth state: " + targetAuthState.getState()); } this.authenticator.generateAuthResponse(request, targetAuthState, context); } if (!request.containsHeader(AUTH.PROXY_AUTH_RESP) && !route.isTunnelled()) { if (this.log.isDebugEnabled()) { this.log.debug("Proxy auth state: " + proxyAuthState.getState()); } this.authenticator.generateAuthResponse(request, proxyAuthState, context); } response = requestExecutor.execute(request, managedConn, context); // The connection is in or can be brought to a re-usable state. if (reuseStrategy.keepAlive(response, context)) { // Set the idle duration of this connection final long duration = keepAliveStrategy.getKeepAliveDuration(response, context); if (this.log.isDebugEnabled()) { final String s; if (duration > 0) { s = "for " + duration + " " + TimeUnit.MILLISECONDS; } else { s = "indefinitely"; } this.log.debug("Connection can be kept alive " + s); } connHolder.setValidFor(duration, TimeUnit.MILLISECONDS); connHolder.markReusable(); } else { connHolder.markNonReusable(); } if (needAuthentication(targetAuthState, proxyAuthState, route, response, context)) { // Make sure the response body is fully consumed, if present final HttpEntity entity = response.getEntity(); if (connHolder.isReusable()) { EntityUtils.consume(entity); } else { managedConn.close(); if (proxyAuthState.getState() == AuthProtocolState.SUCCESS && proxyAuthState.getAuthScheme() != null && proxyAuthState.getAuthScheme().isConnectionBased()) { this.log.debug("Resetting proxy auth state"); proxyAuthState.reset(); } if (targetAuthState.getState() == AuthProtocolState.SUCCESS && targetAuthState.getAuthScheme() != null && targetAuthState.getAuthScheme().isConnectionBased()) { this.log.debug("Resetting target auth state"); targetAuthState.reset(); } } // discard previous auth headers final HttpRequest original = request.getOriginal(); if (!original.containsHeader(AUTH.WWW_AUTH_RESP)) { request.removeHeaders(AUTH.WWW_AUTH_RESP); } if (!original.containsHeader(AUTH.PROXY_AUTH_RESP)) { request.removeHeaders(AUTH.PROXY_AUTH_RESP); } } else { break; } } if (userToken == null) { userToken = userTokenHandler.getUserToken(context); context.setAttribute(HttpClientContext.USER_TOKEN, userToken); } if (userToken != null) { connHolder.setState(userToken); } // check for entity, release connection if possible final HttpEntity entity = response.getEntity(); if (entity == null || !entity.isStreaming()) { // connection not needed and (assumed to be) in re-usable state connHolder.releaseConnection(); return Proxies.enhanceResponse(response, null); } else { return Proxies.enhanceResponse(response, connHolder); } } catch (final ConnectionShutdownException ex) { final InterruptedIOException ioex = new InterruptedIOException("Connection has been shut down"); ioex.initCause(ex); throw ioex; } catch (final HttpException ex) { connHolder.abortConnection(); throw ex; } catch (final IOException ex) { connHolder.abortConnection(); throw ex; } catch (final RuntimeException ex) { connHolder.abortConnection(); throw ex; } }
From source file:org.apache.http.impl.execchain.MainClientExec.java
/** * Creates a tunnel to the target server. * The connection must be established to the (last) proxy. * A CONNECT request for tunnelling through the proxy will * be created and sent, the response received and checked. * This method does <i>not</i> update the connection with * information about the tunnel, that is left to the caller. */// w w w . jav a2 s.c o m private boolean createTunnelToTarget(final AuthState proxyAuthState, final HttpClientConnection managedConn, final HttpRoute route, final HttpRequest request, final HttpClientContext context) throws HttpException, IOException { final RequestConfig config = context.getRequestConfig(); final int timeout = config.getConnectTimeout(); final HttpHost target = route.getTargetHost(); final HttpHost proxy = route.getProxyHost(); HttpResponse response; final String authority = target.toHostString(); final HttpRequest connect = new BasicHttpRequest("CONNECT", authority, request.getProtocolVersion()); this.requestExecutor.preProcess(connect, this.proxyHttpProcessor, context); for (;;) { if (!managedConn.isOpen()) { this.connManager.connect(managedConn, route, timeout > 0 ? timeout : 0, context); } connect.removeHeaders(AUTH.PROXY_AUTH_RESP); this.authenticator.generateAuthResponse(connect, proxyAuthState, context); response = this.requestExecutor.execute(connect, managedConn, context); final int status = response.getStatusLine().getStatusCode(); if (status < 200) { throw new HttpException("Unexpected response to CONNECT request: " + response.getStatusLine()); } if (config.isAuthenticationEnabled()) { if (this.authenticator.isAuthenticationRequested(proxy, response, this.proxyAuthStrategy, proxyAuthState, context)) { if (this.authenticator.handleAuthChallenge(proxy, response, this.proxyAuthStrategy, proxyAuthState, context)) { // Retry request if (this.reuseStrategy.keepAlive(response, context)) { this.log.debug("Connection kept alive"); // Consume response content final HttpEntity entity = response.getEntity(); EntityUtils.consume(entity); } else { managedConn.close(); } } else { break; } } else { break; } } } final int status = response.getStatusLine().getStatusCode(); if (status > 299) { // Buffer response content final HttpEntity entity = response.getEntity(); if (entity != null) { response.setEntity(new BufferedHttpEntity(entity)); } managedConn.close(); throw new TunnelRefusedException("CONNECT refused by proxy: " + response.getStatusLine(), response); } // How to decide on security of the tunnelled connection? // The socket factory knows only about the segment to the proxy. // Even if that is secure, the hop to the target may be insecure. // Leave it to derived classes, consider insecure by default here. return false; }
From source file:org.apache.http.impl.nio.client.MainClientExec.java
@Override public HttpRequest generateRequest(final InternalState state, final AbstractClientExchangeHandler<?> handler) throws IOException, HttpException { final HttpRoute route = handler.getRoute(); handler.verifytRoute();/*from ww w. j a v a2 s . c o m*/ if (!handler.isRouteEstablished()) { int step; loop: do { final HttpRoute fact = handler.getActualRoute(); step = this.routeDirector.nextStep(route, fact); switch (step) { case HttpRouteDirector.CONNECT_TARGET: handler.onRouteToTarget(); break; case HttpRouteDirector.CONNECT_PROXY: handler.onRouteToProxy(); break; case HttpRouteDirector.TUNNEL_TARGET: if (this.log.isDebugEnabled()) { this.log.debug("[exchange: " + state.getId() + "] Tunnel required"); } final HttpRequest connect = createConnectRequest(route, state); handler.setCurrentRequest(HttpRequestWrapper.wrap(connect)); break loop; case HttpRouteDirector.TUNNEL_PROXY: throw new HttpException("Proxy chains are not supported"); case HttpRouteDirector.LAYER_PROTOCOL: handler.onRouteUpgrade(); break; case HttpRouteDirector.UNREACHABLE: throw new HttpException( "Unable to establish route: " + "planned = " + route + "; current = " + fact); case HttpRouteDirector.COMPLETE: handler.onRouteComplete(); this.log.debug("Connection route established"); break; default: throw new IllegalStateException("Unknown step indicator " + step + " from RouteDirector."); } } while (step > HttpRouteDirector.COMPLETE); } final HttpClientContext localContext = state.getLocalContext(); HttpRequestWrapper currentRequest = handler.getCurrentRequest(); if (currentRequest == null) { currentRequest = state.getMainRequest(); handler.setCurrentRequest(currentRequest); } if (handler.isRouteEstablished()) { state.incrementExecCount(); if (state.getExecCount() > 1) { final HttpAsyncRequestProducer requestProducer = state.getRequestProducer(); if (!requestProducer.isRepeatable() && state.isRequestContentProduced()) { throw new NonRepeatableRequestException( "Cannot retry request " + "with a non-repeatable request entity."); } requestProducer.resetRequest(); } if (this.log.isDebugEnabled()) { this.log.debug("[exchange: " + state.getId() + "] Attempt " + state.getExecCount() + " to execute request"); } if (!currentRequest.containsHeader(AUTH.WWW_AUTH_RESP)) { final AuthState targetAuthState = localContext.getTargetAuthState(); if (this.log.isDebugEnabled()) { this.log.debug("Target auth state: " + targetAuthState.getState()); } this.authenticator.generateAuthResponse(currentRequest, targetAuthState, localContext); } if (!currentRequest.containsHeader(AUTH.PROXY_AUTH_RESP) && !route.isTunnelled()) { final AuthState proxyAuthState = localContext.getProxyAuthState(); if (this.log.isDebugEnabled()) { this.log.debug("Proxy auth state: " + proxyAuthState.getState()); } this.authenticator.generateAuthResponse(currentRequest, proxyAuthState, localContext); } } else { if (!currentRequest.containsHeader(AUTH.PROXY_AUTH_RESP)) { final AuthState proxyAuthState = localContext.getProxyAuthState(); if (this.log.isDebugEnabled()) { this.log.debug("Proxy auth state: " + proxyAuthState.getState()); } this.authenticator.generateAuthResponse(currentRequest, proxyAuthState, localContext); } } final NHttpClientConnection managedConn = handler.getConnection(); localContext.setAttribute(HttpCoreContext.HTTP_CONNECTION, managedConn); final RequestConfig config = localContext.getRequestConfig(); if (config.getSocketTimeout() > 0) { managedConn.setSocketTimeout(config.getSocketTimeout()); } return currentRequest; }
From source file:org.apache.http.impl.nio.client.MainClientExec.java
private boolean handleResponse(final InternalState state, final AbstractClientExchangeHandler<?> handler) throws HttpException { final HttpClientContext localContext = state.getLocalContext(); final RequestConfig config = localContext.getRequestConfig(); if (config.isAuthenticationEnabled()) { if (needAuthentication(state, handler)) { // discard previous auth headers final HttpRequestWrapper currentRequest = handler.getCurrentRequest(); final HttpRequest original = currentRequest.getOriginal(); if (!original.containsHeader(AUTH.WWW_AUTH_RESP)) { currentRequest.removeHeaders(AUTH.WWW_AUTH_RESP); }//from w w w .ja v a2 s . c o m if (!original.containsHeader(AUTH.PROXY_AUTH_RESP)) { currentRequest.removeHeaders(AUTH.PROXY_AUTH_RESP); } return true; } } if (config.isRedirectsEnabled()) { final HttpRequest currentRequest = handler.getCurrentRequest(); final HttpResponse currentResponse = handler.getCurrentResponse(); if (this.redirectStrategy.isRedirected(currentRequest, currentResponse, localContext)) { final int maxRedirects = config.getMaxRedirects() >= 0 ? config.getMaxRedirects() : 100; if (state.getRedirectCount() >= maxRedirects) { throw new RedirectException("Maximum redirects (" + maxRedirects + ") exceeded"); } state.incrementRedirectCount(); final HttpUriRequest redirect = this.redirectStrategy.getRedirect(currentRequest, currentResponse, localContext); state.setRedirect(redirect); return true; } } return false; }
From source file:org.jboss.as.test.integration.security.common.negotiation.JBossNegotiateScheme.java
/** * Produces Negotiate authorization Header based on token created by processChallenge. * * @param credentials Never used be the Negotiate scheme but must be provided to satisfy common-httpclient API. Credentials * from JAAS will be used instead. * @param request The request being authenticated * * @throws AuthenticationException if authorization string cannot be generated due to an authentication failure * * @return an Negotiate authorization Header *//* w ww . j a va2 s .c o m*/ @Override public Header authenticate(final Credentials credentials, final HttpRequest request, final HttpContext context) throws AuthenticationException { if (request == null) { throw new IllegalArgumentException("HTTP request may not be null"); } if (state == State.TOKEN_GENERATED) { // hack for auto redirects return new BasicHeader("X-dummy", "Token already generated"); } if (state != State.CHALLENGE_RECEIVED) { throw new IllegalStateException("Negotiation authentication process has not been initiated"); } try { String key = HttpCoreContext.HTTP_TARGET_HOST; HttpHost host = (HttpHost) context.getAttribute(key); if (host == null) { throw new AuthenticationException("Authentication host is not set " + "in the execution context"); } String authServer; if (!this.stripPort && host.getPort() > 0) { authServer = host.toHostString(); } else { authServer = host.getHostName(); } if (LOGGER.isDebugEnabled()) { LOGGER.debug("init " + authServer); } final Oid negotiationOid = new Oid(SPNEGO_OID); final GSSManager manager = GSSManager.getInstance(); final GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE); final GSSContext gssContext = manager.createContext(serverName.canonicalize(negotiationOid), negotiationOid, null, DEFAULT_LIFETIME); gssContext.requestMutualAuth(true); gssContext.requestCredDeleg(true); if (token == null) { token = new byte[0]; } token = gssContext.initSecContext(token, 0, token.length); if (token == null) { state = State.FAILED; throw new AuthenticationException("GSS security context initialization failed"); } state = State.TOKEN_GENERATED; String tokenstr = new String(base64codec.encode(token)); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Sending response '" + tokenstr + "' back to the auth server"); } CharArrayBuffer buffer = new CharArrayBuffer(32); if (isProxy()) { buffer.append(AUTH.PROXY_AUTH_RESP); } else { buffer.append(AUTH.WWW_AUTH_RESP); } buffer.append(": Negotiate "); buffer.append(tokenstr); return new BufferedHeader(buffer); } catch (GSSException gsse) { state = State.FAILED; if (gsse.getMajor() == GSSException.DEFECTIVE_CREDENTIAL || gsse.getMajor() == GSSException.CREDENTIALS_EXPIRED) throw new InvalidCredentialsException(gsse.getMessage(), gsse); if (gsse.getMajor() == GSSException.NO_CRED) throw new InvalidCredentialsException(gsse.getMessage(), gsse); if (gsse.getMajor() == GSSException.DEFECTIVE_TOKEN || gsse.getMajor() == GSSException.DUPLICATE_TOKEN || gsse.getMajor() == GSSException.OLD_TOKEN) throw new AuthenticationException(gsse.getMessage(), gsse); // other error throw new AuthenticationException(gsse.getMessage()); } }