org.apache.commons.httpclient.auth.AuthScheme Java Examples
The following examples show how to use
org.apache.commons.httpclient.auth.AuthScheme.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: CommonsHttpTransport.java From elasticsearch-hadoop with Apache License 2.0 | 6 votes |
|
/**
* Close any authentication resources that we may still have open and perform any after-response duties that we need to perform.
* @param method The method that has been executed
* @throws IOException If any issues arise during post processing
*/
private void afterExecute(HttpMethod method) throws IOException {
AuthState hostAuthState = method.getHostAuthState();
if (hostAuthState.isPreemptive() || hostAuthState.isAuthAttempted()) {
AuthScheme authScheme = hostAuthState.getAuthScheme();
if (authScheme instanceof SpnegoAuthScheme && settings.getNetworkSpnegoAuthMutual()) {
// Perform Mutual Authentication
SpnegoAuthScheme spnegoAuthScheme = ((SpnegoAuthScheme) authScheme);
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders(WWW_AUTHENTICATE));
String id = spnegoAuthScheme.getSchemeName();
String challenge = (String) challenges.get(id.toLowerCase());
if (challenge == null) {
throw new IOException(id + " authorization challenge expected, but not found");
}
spnegoAuthScheme.ensureMutualAuth(challenge);
}
}
}
Example #2
| Source File: SignerCredentialsProvider.java From httpsig-java with The Unlicense | 6 votes |
|
public Credentials getCredentials(AuthScheme scheme, String host, int port, boolean proxy)
throws CredentialsNotAvailableException {
if (Constants.SCHEME.equals(scheme.getSchemeName())) {
if (signer == null) {
throw new CredentialsNotAvailableException("SSHKey Signer not available");
} else {
return new SignerCredentials(signer);
}
} else {
if (this.delegatee != null) {
return this.delegatee.getCredentials(scheme, host, port, proxy);
}
}
return null;
}
Example #3
| Source File: HttpMethodDirector.java From http4e with Apache License 2.0 | 5 votes |
|
private void authenticateProxy(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getProxyAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
AuthScope authscope = new AuthScope(
conn.getProxyHost(), conn.getProxyPort(),
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getProxyCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required proxy credentials not available for " + authscope);
if (method.getProxyAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"proxy credentials available");
}
}
}
}
}
Example #4
| Source File: HttpMethodDirector.java From http4e with Apache License 2.0 | 5 votes |
|
private Credentials promptForCredentials(
final AuthScheme authScheme,
final HttpParams params,
final AuthScope authscope)
{
LOG.debug("Credentials required");
Credentials creds = null;
CredentialsProvider credProvider =
(CredentialsProvider)params.getParameter(CredentialsProvider.PROVIDER);
if (credProvider != null) {
try {
creds = credProvider.getCredentials(
authScheme, authscope.getHost(), authscope.getPort(), false);
} catch (CredentialsNotAvailableException e) {
LOG.warn(e.getMessage());
}
if (creds != null) {
this.state.setCredentials(authscope, creds);
if (LOG.isDebugEnabled()) {
LOG.debug(authscope + " new credentials given");
}
}
} else {
LOG.debug("Credentials provider not available");
}
return creds;
}
Example #5
| Source File: HttpMethodDirector.java From http4e with Apache License 2.0 | 5 votes |
|
private Credentials promptForProxyCredentials(
final AuthScheme authScheme,
final HttpParams params,
final AuthScope authscope)
{
LOG.debug("Proxy credentials required");
Credentials creds = null;
CredentialsProvider credProvider =
(CredentialsProvider)params.getParameter(CredentialsProvider.PROVIDER);
if (credProvider != null) {
try {
creds = credProvider.getCredentials(
authScheme, authscope.getHost(), authscope.getPort(), true);
} catch (CredentialsNotAvailableException e) {
LOG.warn(e.getMessage());
}
if (creds != null) {
this.state.setProxyCredentials(authscope, creds);
if (LOG.isDebugEnabled()) {
LOG.debug(authscope + " new credentials given");
}
}
} else {
LOG.debug("Proxy credentials provider not available");
}
return creds;
}
Example #6
| Source File: HttpMethodDirector.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
private void authenticateProxy(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getProxyAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
AuthScope authscope = new AuthScope(
conn.getProxyHost(), conn.getProxyPort(),
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getProxyCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required proxy credentials not available for " + authscope);
if (method.getProxyAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"proxy credentials available");
}
}
}
}
}
Example #7
| Source File: HttpMethodDirector.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
private Credentials promptForCredentials(
final AuthScheme authScheme,
final HttpParams params,
final AuthScope authscope)
{
LOG.debug("Credentials required");
Credentials creds = null;
CredentialsProvider credProvider =
(CredentialsProvider)params.getParameter(CredentialsProvider.PROVIDER);
if (credProvider != null) {
try {
creds = credProvider.getCredentials(
authScheme, authscope.getHost(), authscope.getPort(), false);
} catch (CredentialsNotAvailableException e) {
LOG.warn(e.getMessage());
}
if (creds != null) {
this.state.setCredentials(authscope, creds);
if (LOG.isDebugEnabled()) {
LOG.debug(authscope + " new credentials given");
}
}
} else {
LOG.debug("Credentials provider not available");
}
return creds;
}
Example #8
| Source File: HttpMethodDirector.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
private Credentials promptForProxyCredentials(
final AuthScheme authScheme,
final HttpParams params,
final AuthScope authscope)
{
LOG.debug("Proxy credentials required");
Credentials creds = null;
CredentialsProvider credProvider =
(CredentialsProvider)params.getParameter(CredentialsProvider.PROVIDER);
if (credProvider != null) {
try {
creds = credProvider.getCredentials(
authScheme, authscope.getHost(), authscope.getPort(), true);
} catch (CredentialsNotAvailableException e) {
LOG.warn(e.getMessage());
}
if (creds != null) {
this.state.setProxyCredentials(authscope, creds);
if (LOG.isDebugEnabled()) {
LOG.debug(authscope + " new credentials given");
}
}
} else {
LOG.debug("Proxy credentials provider not available");
}
return creds;
}
Example #9
| Source File: CommonsHttpTransport.java From elasticsearch-hadoop with Apache License 2.0 | 5 votes |
|
/**
* Close the underlying authscheme if it is a Closeable object.
* @param method Executing method
* @throws IOException If the scheme could not be closed
*/
private void closeAuthSchemeQuietly(HttpMethod method) {
AuthScheme scheme = method.getHostAuthState().getAuthScheme();
if (scheme instanceof Closeable) {
try {
((Closeable) scheme).close();
} catch (IOException e) {
log.error("Could not close [" + scheme.getSchemeName() + "] auth scheme", e);
}
}
}
Example #10
| Source File: HttpMethodDirector.java From http4e with Apache License 2.0 | 4 votes |
|
private void authenticateHost(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, WWW_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getHostAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
String host = method.getParams().getVirtualHost();
if (host == null) {
host = conn.getHost();
}
int port = conn.getPort();
AuthScope authscope = new AuthScope(
host, port,
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(WWW_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required credentials not available for " + authscope);
if (method.getHostAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"credentials available");
}
}
}
}
}
Example #11
| Source File: HttpMethodDirector.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
private void authenticateHost(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, WWW_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getHostAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
String host = method.getParams().getVirtualHost();
if (host == null) {
host = conn.getHost();
}
int port = conn.getPort();
AuthScope authscope = new AuthScope(
host, port,
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(WWW_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required credentials not available for " + authscope);
if (method.getHostAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"credentials available");
}
}
}
}
}
Example #12
| Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
|
@Test
public void testAuth() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), KerberosSuite.PRINCIPAL_SERVER);
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
Example #13
| Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
|
@Test
public void testAuthWithHostBasedServicePrincipal() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
Map<String, String> dnsMappings = new HashMap<String, String>();
dnsMappings.put("es.build.elastic.co", "127.0.0.1");
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
method.setURI(new org.apache.commons.httpclient.URI("http", null, "es.build.elastic.co", 9200));
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
// Replace scheme with test harness scheme
authScheme = new TestScheme(dnsMappings);
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
Example #14
| Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
|
@Test
public void testAuthWithReverseLookupServicePrincipal() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
Map<String, String> dnsMappings = new HashMap<String, String>();
dnsMappings.put("es.build.elastic.co", "127.0.0.1");
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
method.setURI(new org.apache.commons.httpclient.URI("http", null, "127.0.0.1", 9200));
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
// Replace scheme with test harness scheme
authScheme = new TestScheme(dnsMappings);
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
