org.apache.commons.httpclient.auth.AuthState Java Examples
The following examples show how to use
org.apache.commons.httpclient.auth.AuthState.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: CommonsHttpTransport.java From elasticsearch-hadoop with Apache License 2.0 | 6 votes |
|
/**
* Close any authentication resources that we may still have open and perform any after-response duties that we need to perform.
* @param method The method that has been executed
* @throws IOException If any issues arise during post processing
*/
private void afterExecute(HttpMethod method) throws IOException {
AuthState hostAuthState = method.getHostAuthState();
if (hostAuthState.isPreemptive() || hostAuthState.isAuthAttempted()) {
AuthScheme authScheme = hostAuthState.getAuthScheme();
if (authScheme instanceof SpnegoAuthScheme && settings.getNetworkSpnegoAuthMutual()) {
// Perform Mutual Authentication
SpnegoAuthScheme spnegoAuthScheme = ((SpnegoAuthScheme) authScheme);
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders(WWW_AUTHENTICATE));
String id = spnegoAuthScheme.getSchemeName();
String challenge = (String) challenges.get(id.toLowerCase());
if (challenge == null) {
throw new IOException(id + " authorization challenge expected, but not found");
}
spnegoAuthScheme.ensureMutualAuth(challenge);
}
}
}
Example #2
| Source File: HttpMethodDirector.java From http4e with Apache License 2.0 | 5 votes |
|
private void authenticateProxy(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getProxyAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
AuthScope authscope = new AuthScope(
conn.getProxyHost(), conn.getProxyPort(),
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getProxyCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required proxy credentials not available for " + authscope);
if (method.getProxyAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"proxy credentials available");
}
}
}
}
}
Example #3
| Source File: HttpMethodDirector.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
private void authenticateProxy(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getProxyAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
AuthScope authscope = new AuthScope(
conn.getProxyHost(), conn.getProxyPort(),
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getProxyCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required proxy credentials not available for " + authscope);
if (method.getProxyAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"proxy credentials available");
}
}
}
}
}
Example #4
| Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
|
@Test
public void testAuthWithReverseLookupServicePrincipal() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
Map<String, String> dnsMappings = new HashMap<String, String>();
dnsMappings.put("es.build.elastic.co", "127.0.0.1");
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
method.setURI(new org.apache.commons.httpclient.URI("http", null, "127.0.0.1", 9200));
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
// Replace scheme with test harness scheme
authScheme = new TestScheme(dnsMappings);
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
Example #5
| Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
|
@Test
public void testAuthWithHostBasedServicePrincipal() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
Map<String, String> dnsMappings = new HashMap<String, String>();
dnsMappings.put("es.build.elastic.co", "127.0.0.1");
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
method.setURI(new org.apache.commons.httpclient.URI("http", null, "es.build.elastic.co", 9200));
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
// Replace scheme with test harness scheme
authScheme = new TestScheme(dnsMappings);
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
Example #6
| Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
|
@Test
public void testAuth() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), KerberosSuite.PRINCIPAL_SERVER);
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
Example #7
| Source File: HttpMethodDirector.java From http4e with Apache License 2.0 | 4 votes |
|
private void authenticateHost(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, WWW_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getHostAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
String host = method.getParams().getVirtualHost();
if (host == null) {
host = conn.getHost();
}
int port = conn.getPort();
AuthScope authscope = new AuthScope(
host, port,
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(WWW_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required credentials not available for " + authscope);
if (method.getHostAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"credentials available");
}
}
}
}
}
Example #8
| Source File: HttpMethodDirector.java From http4e with Apache License 2.0 | 4 votes |
|
/**
* Executes a ConnectMethod to establish a tunneled connection.
*
* @return <code>true</code> if the connect was successful
*
* @throws IOException
* @throws HttpException
*/
private boolean executeConnect()
throws IOException, HttpException {
this.connectMethod = new ConnectMethod(this.hostConfiguration);
this.connectMethod.getParams().setDefaults(this.hostConfiguration.getParams());
int code;
for (;;) {
if (!this.conn.isOpen()) {
this.conn.open();
}
if (this.params.isAuthenticationPreemptive()
|| this.state.isAuthenticationPreemptive()) {
LOG.debug("Preemptively sending default basic credentials");
this.connectMethod.getProxyAuthState().setPreemptive();
this.connectMethod.getProxyAuthState().setAuthAttempted(true);
}
try {
authenticateProxy(this.connectMethod);
} catch (AuthenticationException e) {
LOG.error(e.getMessage(), e);
}
applyConnectionParams(this.connectMethod);
this.connectMethod.execute(state, this.conn);
code = this.connectMethod.getStatusCode();
boolean retry = false;
AuthState authstate = this.connectMethod.getProxyAuthState();
authstate.setAuthRequested(code == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED);
if (authstate.isAuthRequested()) {
if (processAuthenticationResponse(this.connectMethod)) {
retry = true;
}
}
if (!retry) {
break;
}
if (this.connectMethod.getResponseBodyAsStream() != null) {
this.connectMethod.getResponseBodyAsStream().close();
}
}
if ((code >= 200) && (code < 300)) {
this.conn.tunnelCreated();
// Drop the connect method, as it is no longer needed
this.connectMethod = null;
return true;
} else {
this.conn.close();
return false;
}
}
Example #9
| Source File: HttpMethodDirector.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
/**
* Executes a ConnectMethod to establish a tunneled connection.
*
* @return <code>true</code> if the connect was successful
*
* @throws IOException
* @throws HttpException
*/
private boolean executeConnect()
throws IOException, HttpException {
this.connectMethod = new ConnectMethod(this.hostConfiguration);
this.connectMethod.getParams().setDefaults(this.hostConfiguration.getParams());
int code;
for (;;) {
if (!this.conn.isOpen()) {
this.conn.open();
}
if (this.params.isAuthenticationPreemptive()
|| this.state.isAuthenticationPreemptive()) {
LOG.debug("Preemptively sending default basic credentials");
this.connectMethod.getProxyAuthState().setPreemptive();
this.connectMethod.getProxyAuthState().setAuthAttempted(true);
}
try {
authenticateProxy(this.connectMethod);
} catch (AuthenticationException e) {
LOG.error(e.getMessage(), e);
}
applyConnectionParams(this.connectMethod);
this.connectMethod.execute(state, this.conn);
code = this.connectMethod.getStatusCode();
boolean retry = false;
AuthState authstate = this.connectMethod.getProxyAuthState();
authstate.setAuthRequested(code == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED);
if (authstate.isAuthRequested()) {
if (processAuthenticationResponse(this.connectMethod)) {
retry = true;
}
}
if (!retry) {
break;
}
if (this.connectMethod.getResponseBodyAsStream() != null) {
this.connectMethod.getResponseBodyAsStream().close();
}
}
if ((code >= 200) && (code < 300)) {
this.conn.tunnelCreated();
// Drop the connect method, as it is no longer needed
this.connectMethod = null;
return true;
} else {
this.conn.close();
return false;
}
}
Example #10
| Source File: HttpMethodDirector.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
private void authenticateHost(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, WWW_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getHostAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
String host = method.getParams().getVirtualHost();
if (host == null) {
host = conn.getHost();
}
int port = conn.getPort();
AuthScope authscope = new AuthScope(
host, port,
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(WWW_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required credentials not available for " + authscope);
if (method.getHostAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"credentials available");
}
}
}
}
}
Example #11
| Source File: HttpMethodBase.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 2 votes |
|
/**
* Returns the target host {@link AuthState authentication state}
*
* @return host authentication state
*
* @since 3.0
*/
public AuthState getHostAuthState() {
return this.hostAuthState;
}
Example #12
| Source File: HttpMethodBase.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 2 votes |
|
/**
* Returns the proxy {@link AuthState authentication state}
*
* @return host authentication state
*
* @since 3.0
*/
public AuthState getProxyAuthState() {
return this.proxyAuthState;
}
Example #13
| Source File: HttpMethod.java From http4e with Apache License 2.0 | 2 votes |
|
/**
* Returns the target host {@link AuthState authentication state}
*
* @return host authentication state
*
* @since 3.0
*/
public AuthState getHostAuthState();
Example #14
| Source File: HttpMethod.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 2 votes |
|
/**
* Returns the proxy {@link AuthState authentication state}
*
* @return host authentication state
*
* @since 3.0
*/
public AuthState getProxyAuthState();
Example #15
| Source File: HttpMethod.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 2 votes |
|
/**
* Returns the target host {@link AuthState authentication state}
*
* @return host authentication state
*
* @since 3.0
*/
public AuthState getHostAuthState();
Example #16
| Source File: HttpMethodBase.java From http4e with Apache License 2.0 | 2 votes |
|
/**
* Returns the proxy {@link AuthState authentication state}
*
* @return host authentication state
*
* @since 3.0
*/
public AuthState getProxyAuthState() {
return this.proxyAuthState;
}
Example #17
| Source File: HttpMethodBase.java From http4e with Apache License 2.0 | 2 votes |
|
/**
* Returns the target host {@link AuthState authentication state}
*
* @return host authentication state
*
* @since 3.0
*/
public AuthState getHostAuthState() {
return this.hostAuthState;
}
Example #18
| Source File: HttpMethod.java From http4e with Apache License 2.0 | 2 votes |
|
/**
* Returns the proxy {@link AuthState authentication state}
*
* @return host authentication state
*
* @since 3.0
*/
public AuthState getProxyAuthState();
