use of com.gargoylesoftware.htmlunit.WebClientOptions in project camel by apache.
the class BoxConnectionHelper method createStandardAuthenticatedConnection.
public static BoxAPIConnection createStandardAuthenticatedConnection(BoxConfiguration configuration) {
// Create web client for first leg of OAuth2
//
final WebClient webClient = new WebClient();
final WebClientOptions options = webClient.getOptions();
options.setRedirectEnabled(true);
options.setJavaScriptEnabled(false);
options.setThrowExceptionOnFailingStatusCode(true);
options.setThrowExceptionOnScriptError(true);
options.setPrintContentOnFailingStatusCode(LOG.isDebugEnabled());
try {
// use default SSP to create supported non-SSL protocols list
final SSLContext sslContext = new SSLContextParameters().createSSLContext(null);
options.setSSLClientProtocols(sslContext.createSSLEngine().getEnabledProtocols());
} catch (GeneralSecurityException e) {
throw ObjectHelper.wrapRuntimeCamelException(e);
} catch (IOException e) {
throw ObjectHelper.wrapRuntimeCamelException(e);
} finally {
if (webClient != null) {
webClient.close();
}
}
// disable default gzip compression, as htmlunit does not negotiate
// pages sent with no compression
new WebConnectionWrapper(webClient) {
@Override
public WebResponse getResponse(WebRequest request) throws IOException {
request.setAdditionalHeader(HttpHeaders.ACCEPT_ENCODING, "identity");
return super.getResponse(request);
}
};
// add HTTP proxy if set
final Map<String, Object> httpParams = configuration.getHttpParams();
if (httpParams != null && httpParams.get("http.route.default-proxy") != null) {
final HttpHost proxyHost = (HttpHost) httpParams.get("http.route.default-proxy");
final Boolean socksProxy = (Boolean) httpParams.get("http.route.socks-proxy");
final ProxyConfig proxyConfig = new ProxyConfig(proxyHost.getHostName(), proxyHost.getPort(), socksProxy != null ? socksProxy : false);
options.setProxyConfig(proxyConfig);
}
// authorize application on user's behalf
try {
// generate anti-forgery token to prevent/detect CSRF attack
final String csrfToken = String.valueOf(new SecureRandom().nextLong());
final HtmlPage authPage = webClient.getPage(authorizationUrl(configuration.getClientId(), csrfToken));
// look for <div role="error_message">
final HtmlDivision div = authPage.getFirstByXPath("//div[contains(concat(' ', @class, ' '), ' error_message ')]");
if (div != null) {
final String errorMessage = div.getTextContent().replaceAll("\\s+", " ").replaceAll(" Show Error Details", ":").trim();
throw new IllegalArgumentException("Error authorizing application: " + errorMessage);
}
// submit login credentials
final HtmlForm loginForm = authPage.getFormByName("login_form");
final HtmlTextInput login = loginForm.getInputByName("login");
login.setText(configuration.getUserName());
final HtmlPasswordInput password = loginForm.getInputByName("password");
password.setText(configuration.getUserPassword());
final HtmlSubmitInput submitInput = loginForm.getInputByName("login_submit");
// submit consent
final HtmlPage consentPage = submitInput.click();
final HtmlForm consentForm = consentPage.getFormByName("consent_form");
final HtmlButton consentAccept = consentForm.getButtonByName("consent_accept");
// disable redirect to avoid loading redirect URL
webClient.getOptions().setRedirectEnabled(false);
// validate CSRF and get authorization code
String redirectQuery;
try {
final Page redirectPage = consentAccept.click();
redirectQuery = redirectPage.getUrl().getQuery();
} catch (FailingHttpStatusCodeException e) {
// escalate non redirect errors
if (e.getStatusCode() != HttpStatus.SC_MOVED_TEMPORARILY) {
throw e;
}
final String location = e.getResponse().getResponseHeaderValue("Location");
redirectQuery = new URL(location).getQuery();
}
final Map<String, String> params = new HashMap<String, String>();
final Matcher matcher = QUERY_PARAM_PATTERN.matcher(redirectQuery);
while (matcher.find()) {
params.put(matcher.group(1), matcher.group(2));
}
final String state = params.get("state");
if (!csrfToken.equals(state)) {
throw new SecurityException("Invalid CSRF code!");
} else {
// get authorization code
final String authorizationCode = params.get("code");
return new BoxAPIConnection(configuration.getClientId(), configuration.getClientSecret(), authorizationCode);
}
} catch (BoxAPIException e) {
throw new RuntimeCamelException(String.format("Box API connection failed: API returned the error code %d\n\n%s", e.getResponseCode(), e.getResponse()), e);
} catch (Exception e) {
throw new RuntimeCamelException(String.format("Box API connection failed: %s", e.getMessage()), e);
}
}
Aggregations