org.apache.commons.httpclient.auth.AuthPolicy Java Exaples

Source File: DavGatewayHttpClientFacade.java From davmail with GNU General Public License v2.0

6 votes

/**
 * Enable NTLM authentication on http client
 *
 * @param httpClient HttpClient instance
 */
public static void addNTLM(HttpClient httpClient) {
    // disable preemptive authentication
    httpClient.getParams().setParameter(HttpClientParams.PREEMPTIVE_AUTHENTICATION, false);

    ArrayList<String> authPrefs = new ArrayList<>();
    authPrefs.add(AuthPolicy.NTLM);
    authPrefs.add(AuthPolicy.DIGEST);
    authPrefs.add(AuthPolicy.BASIC);
    httpClient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs);

    // make sure NTLM is always active
    needNTLM = true;

    // separate domain from username in credentials
    AuthScope authScope = new AuthScope(null, -1);
    NTCredentials credentials = (NTCredentials) httpClient.getState().getCredentials(authScope);
    if (credentials != null && (credentials.getDomain() == null || credentials.getDomain().isEmpty())) {
        setCredentials(httpClient, credentials.getUserName(), credentials.getPassword());
    }
}

Source File: Http3Util.java From httpsig-java with The Unlicense

6 votes

public static void enableAuth(HttpClient client, Keychain keychain, KeyId keyId) {
    Signer signer = new Signer(keychain, keyId);
    CredentialsProvider credProvider =
        (CredentialsProvider) client.getParams()
                .getParameter(CredentialsProvider.PROVIDER);

    CredentialsProvider newProvider;
    if (credProvider instanceof SignerCredentialsProvider) {
        newProvider = new SignerCredentialsProvider(signer,
                                                    ((SignerCredentialsProvider) credProvider).getDelegatee());
    } else {
        newProvider = new SignerCredentialsProvider(signer, credProvider);
    }

    client.getParams().setParameter(CredentialsProvider.PROVIDER, newProvider);
    AuthPolicy.registerAuthScheme(Constants.SCHEME, Http3SignatureAuthScheme.class);
    List<String> schemes = new ArrayList<String>();
    schemes.add(Constants.SCHEME);

    Collection authSchemePriority = (Collection) DefaultHttpParams.getDefaultParams().getParameter(AuthPolicy.AUTH_SCHEME_PRIORITY);
    if (authSchemePriority != null) {
        schemes.addAll(authSchemePriority);
    }
    client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes);
}

Source File: RestConsumer.java From RestServices with Apache License 2.0

5 votes

public static void registerNTCredentials(String urlBasePath, String username, String password, String domain) throws MalformedURLException
{
	client.getParams().setAuthenticationPreemptive(true);
	URL url = new URL(urlBasePath);
	Core.getLogger("NTLM").info(url.getHost());
	Credentials defaultcreds = new NTCredentials(username, password, url.getHost(), domain);
	
	AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, restservices.util.JCIFS_NTLMScheme.class);
	
	List<String> authpref = new ArrayList<String>();
	authpref.add(AuthPolicy.NTLM);
	
	client.getParams().setParameter("http.auth.target-scheme-pref", authpref);
	client.getState().setCredentials(new AuthScope(AuthScope.ANY), defaultcreds);
}

Source File: CredentialsUtils.java From httpclientAuthHelper with Apache License 2.0

5 votes

private static void initNTLMv2() {
    if (!registeredNTLM) {
        try {
            logger.info(" adding NTLMv2 based   authentication schema for HttpClient");
            AuthPolicy.registerAuthScheme(AuthPolicy.NTLM,
                    com.jivesoftware.authHelper.customescheme.ntlm2.CustomNTLM2Scheme.class);
            registeredNTLM = true;
        } catch (Throwable e) {
            logger.log(java.util.logging.Level.SEVERE,
                    "Could not add NTLM based on JCIFS authentication schema for HttpClient.", e);

        }
    }
}

Source File: CredentialsUtils.java From httpclientAuthHelper with Apache License 2.0

5 votes

private static void initKERBEROS(HttpClient httpClient) {
    if (!registeredKERBEROS) {
        try {
            logger.info("Globally adding KERBEROS ");
            System.setProperty(USE_SUBJECT_CREDS, "false");

            AuthPolicy.registerAuthScheme(NEGOTIATE,
                    com.jivesoftware.authHelper.customescheme.negotiate.CustomNegotiateScheme.class);
            registeredKERBEROS = true;
        } catch (Throwable e) {
            logger.log(java.util.logging.Level.SEVERE, "Could not add KERBEROS  for HttpClient.", e);
        }

    }
}

Source File: EsHadoopAuthPolicies.java From elasticsearch-hadoop with Apache License 2.0

5 votes

public synchronized static void registerAuthSchemes() {
    if (!REGISTERED) {
        REGISTERED = true;
        AuthPolicy.registerAuthScheme(NEGOTIATE, SpnegoAuthScheme.class);
        AuthPolicy.registerAuthScheme(APIKEY, EsApiKeyAuthScheme.class);
    }
}

Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0

4 votes

@Test
public void testAuth() throws Exception {
    // Configure logins
    Configuration configuration = new Configuration();
    SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
    UserGroupInformation.setConfiguration(configuration);

    // Login as Client and Execute Test
    UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());

    client.doAs(new PrivilegedExceptionAction<Void>() {
        @Override
        public Void run() throws Exception {
            HttpParams params = new HttpClientParams();

            // Order auth schemes
            EsHadoopAuthPolicies.registerAuthSchemes();
            List<String> authPreferences = new ArrayList<String>();
            authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
            params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);

            AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
            TestMethod method = new TestMethod();
            method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});

            Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), KerberosSuite.PRINCIPAL_SERVER);

            // Parse Challenge
            Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
            assertThat(challenges.isEmpty(), not(true));
            assertThat(challenges.containsKey("negotiate"), is(true));
            assertThat(challenges.get("negotiate"), is("Negotiate"));
            AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);

            assertNotNull(scheme);
            assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
            method.getHostAuthState().setAuthAttempted(true);

            // Execute Auth
            Header[] authHeaders = method.getRequestHeaders("Authorization");
            for (Header authHeader : authHeaders) {
                if (authHeader.isAutogenerated()) {
                    method.removeRequestHeader(authHeader);
                }
            }
            AuthState authState = method.getHostAuthState();
            AuthScheme authScheme = authState.getAuthScheme();
            assertNotNull(authScheme);
            assertThat(authScheme.isConnectionBased(), is(not(true)));
            String authString = authScheme.authenticate(credentials, method);

            assertNotNull(authString);
            assertThat(authString, startsWith("Negotiate "));
            method.addRequestHeader(new Header("Authorization", authString, true));

            return null;
        }
    });
}

Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0

4 votes

@Test
public void testAuthWithHostBasedServicePrincipal() throws Exception {
    // Configure logins
    Configuration configuration = new Configuration();
    SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
    UserGroupInformation.setConfiguration(configuration);

    // Login as Client and Execute Test
    UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());

    client.doAs(new PrivilegedExceptionAction<Void>() {
        @Override
        public Void run() throws Exception {
            HttpParams params = new HttpClientParams();

            // Order auth schemes
            EsHadoopAuthPolicies.registerAuthSchemes();
            List<String> authPreferences = new ArrayList<String>();
            authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
            params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);

            AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);

            Map<String, String> dnsMappings = new HashMap<String, String>();
            dnsMappings.put("es.build.elastic.co", "127.0.0.1");

            TestMethod method = new TestMethod();
            method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
            method.setURI(new org.apache.commons.httpclient.URI("http", null, "es.build.elastic.co", 9200));

            Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");

            // Parse Challenge
            Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
            assertThat(challenges.isEmpty(), not(true));
            assertThat(challenges.containsKey("negotiate"), is(true));
            assertThat(challenges.get("negotiate"), is("Negotiate"));
            AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);

            assertNotNull(scheme);
            assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
            method.getHostAuthState().setAuthAttempted(true);

            // Execute Auth
            Header[] authHeaders = method.getRequestHeaders("Authorization");
            for (Header authHeader : authHeaders) {
                if (authHeader.isAutogenerated()) {
                    method.removeRequestHeader(authHeader);
                }
            }
            AuthState authState = method.getHostAuthState();
            AuthScheme authScheme = authState.getAuthScheme();
            assertNotNull(authScheme);
            assertThat(authScheme.isConnectionBased(), is(not(true)));

            // Replace scheme with test harness scheme
            authScheme = new TestScheme(dnsMappings);
            String authString = authScheme.authenticate(credentials, method);

            assertNotNull(authString);
            assertThat(authString, startsWith("Negotiate "));
            method.addRequestHeader(new Header("Authorization", authString, true));

            return null;
        }
    });
}

Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0

4 votes

@Test
public void testAuthWithReverseLookupServicePrincipal() throws Exception {
    // Configure logins
    Configuration configuration = new Configuration();
    SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
    UserGroupInformation.setConfiguration(configuration);

    // Login as Client and Execute Test
    UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());

    client.doAs(new PrivilegedExceptionAction<Void>() {
        @Override
        public Void run() throws Exception {
            HttpParams params = new HttpClientParams();

            // Order auth schemes
            EsHadoopAuthPolicies.registerAuthSchemes();
            List<String> authPreferences = new ArrayList<String>();
            authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
            params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);

            AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);

            Map<String, String> dnsMappings = new HashMap<String, String>();
            dnsMappings.put("es.build.elastic.co", "127.0.0.1");

            TestMethod method = new TestMethod();
            method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
            method.setURI(new org.apache.commons.httpclient.URI("http", null, "127.0.0.1", 9200));

            Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");

            // Parse Challenge
            Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
            assertThat(challenges.isEmpty(), not(true));
            assertThat(challenges.containsKey("negotiate"), is(true));
            assertThat(challenges.get("negotiate"), is("Negotiate"));
            AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);

            assertNotNull(scheme);
            assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
            method.getHostAuthState().setAuthAttempted(true);

            // Execute Auth
            Header[] authHeaders = method.getRequestHeaders("Authorization");
            for (Header authHeader : authHeaders) {
                if (authHeader.isAutogenerated()) {
                    method.removeRequestHeader(authHeader);
                }
            }
            AuthState authState = method.getHostAuthState();
            AuthScheme authScheme = authState.getAuthScheme();
            assertNotNull(authScheme);
            assertThat(authScheme.isConnectionBased(), is(not(true)));

            // Replace scheme with test harness scheme
            authScheme = new TestScheme(dnsMappings);
            String authString = authScheme.authenticate(credentials, method);

            assertNotNull(authString);
            assertThat(authString, startsWith("Negotiate "));
            method.addRequestHeader(new Header("Authorization", authString, true));

            return null;
        }
    });
}

Source File: DavGatewayHttpClientFacade.java From davmail with GNU General Public License v2.0

2 votes

/**
 * Test if NTLM auth scheme is enabled.
 *
 * @param httpClient HttpClient instance
 * @return true if NTLM is enabled
 */
public static boolean hasNTLMorNegotiate(HttpClient httpClient) {
    Object authPrefs = httpClient.getParams().getParameter(AuthPolicy.AUTH_SCHEME_PRIORITY);
    return authPrefs == null || (authPrefs instanceof List<?> &&
            (((Collection) authPrefs).contains(AuthPolicy.NTLM) || ((Collection) authPrefs).contains("Negotiate")));
}

org.apache.commons.httpclient.auth.AuthPolicy Java Examples