Java tutorial
/* * Copyright 2009 John Kristian * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package glaze.oauth; import java.io.IOException; import org.apache.http.HttpException; import org.apache.http.HttpHost; import org.apache.http.HttpRequest; import org.apache.http.HttpRequestInterceptor; import org.apache.http.auth.AuthScheme; import org.apache.http.auth.AuthSchemeRegistry; import org.apache.http.auth.AuthScope; import org.apache.http.auth.AuthState; import org.apache.http.auth.Credentials; import org.apache.http.auth.params.AuthPNames; import org.apache.http.client.CredentialsProvider; import org.apache.http.client.protocol.ClientContext; import org.apache.http.params.HttpParams; import org.apache.http.protocol.ExecutionContext; import org.apache.http.protocol.HttpContext; /** * An interceptor that initiates authorization without waiting for a challenge * from the server. This avoids a response/request exchange (for the challenge), * but it doesn't give the server a chance to select the authorization scheme or * realm. * * Here's an example using OAuth: * * <pre> * Client client = (Client) impl; * AbstractHttpClient httpClient = (AbstractHttpClient) client.getHttpClient(); * httpClient.getAuthSchemes().register(OAuthSchemeFactory.SCHEME_NAME, new OAuthSchemeFactory()); * * OAuthCredentialsProvider provider = Registry.lookup(OAuthCredentialsProvider.class); * provider.visit(httpClient.getCredentialsProvider()); * client.proxyAuthPref("oauth", "basic", "digest"); * * httpClient.addRequestInterceptor(new PreemptiveAuthorizer(), 0); * </pre> * * @author John Kristian * @author mfornos */ public class PreemptiveAuthorizer implements HttpRequestInterceptor { /** * If no auth scheme has been selected for the given context, consider each * of the preferred auth schemes and select the first one for which an * AuthScheme and matching Credentials are available. */ @SuppressWarnings("unchecked") public void process(HttpRequest request, HttpContext context) throws HttpException, IOException { AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE); if (authState != null && authState.getAuthScheme() != null) { return; } HttpHost target = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST); CredentialsProvider provider = (CredentialsProvider) context.getAttribute(ClientContext.CREDS_PROVIDER); AuthSchemeRegistry schemes = (AuthSchemeRegistry) context.getAttribute(ClientContext.AUTHSCHEME_REGISTRY); HttpParams params = request.getParams(); for (String schemeName : (Iterable<String>) params.getParameter(AuthPNames.PROXY_AUTH_PREF)) { AuthScheme scheme = schemes.getAuthScheme(schemeName, params); if (scheme != null) { AuthScope targetScope = new AuthScope(target.getHostName(), target.getPort(), scheme.getRealm(), scheme.getSchemeName()); Credentials creds = provider.getCredentials(targetScope); if (creds != null) { authState.update(scheme, creds); return; } } } } }