use of okhttp3.Route in project github-oauth-plugin by jenkinsci.
the class JenkinsProxyAuthenticator method authenticate.
@CheckForNull
@Override
public Request authenticate(@CheckForNull Route route, @NonNull Response response) {
if (response.request().header("Proxy-Authorization") != null) {
// Give up since we already tried to authenticate
return null;
}
if (response.challenges().isEmpty()) {
// Proxy does not require authentication
return null;
}
// Refuse pre-emptive challenge
if (response.challenges().size() == 1) {
Challenge challenge = response.challenges().get(0);
if (challenge.scheme().equalsIgnoreCase("OkHttp-Preemptive")) {
return null;
}
}
for (Challenge challenge : response.challenges()) {
if (challenge.scheme().equalsIgnoreCase("Basic")) {
String username = proxy.getUserName();
Secret password = proxy.getSecretPassword();
if (username != null && password != null) {
String credentials = Credentials.basic(username, password.getPlainText());
return response.request().newBuilder().header("Proxy-Authorization", credentials).build();
} else {
LOGGER.log(Level.WARNING, "Proxy requires Basic authentication but no username and password have been configured for the proxy");
}
break;
}
}
LOGGER.log(Level.WARNING, "Proxy requires authentication, but does not support Basic authentication");
return null;
}
use of okhttp3.Route in project trino by trinodb.
the class TestResourceSecurity method testOAuth2Groups.
@Test(dataProvider = "groups")
public void testOAuth2Groups(Optional<Set<String>> groups) throws Exception {
try (TokenServer tokenServer = new TokenServer(Optional.empty());
TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("web-ui.enabled", "true").put("http-server.authentication.type", "oauth2").putAll(getOAuth2Properties(tokenServer)).put("http-server.authentication.oauth2.groups-field", GROUPS_CLAIM).buildOrThrow()).setAdditionalModule(oauth2Module(tokenServer)).build()) {
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.NO_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
String accessToken = tokenServer.issueAccessToken(groups);
OkHttpClient clientWithOAuthToken = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + accessToken).build()).build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithOAuthToken);
try (Response response = clientWithOAuthToken.newCall(new Request.Builder().url(getLocation(httpServerInfo.getHttpsUri(), "/protocol/identity")).build()).execute()) {
assertEquals(response.code(), SC_OK);
assertEquals(response.header("user"), TEST_USER);
assertEquals(response.header("principal"), TEST_USER);
assertEquals(response.header("groups"), groups.map(TestResource::toHeader).orElse(""));
}
OkHttpClient clientWithOAuthCookie = client.newBuilder().cookieJar(new CookieJar() {
@Override
public void saveFromResponse(HttpUrl url, List<Cookie> cookies) {
}
@Override
public List<Cookie> loadForRequest(HttpUrl url) {
return ImmutableList.of(new Cookie.Builder().domain(httpServerInfo.getHttpsUri().getHost()).path(UI_LOCATION).name(OAUTH2_COOKIE).value(accessToken).httpOnly().secure().build());
}
}).build();
try (Response response = clientWithOAuthCookie.newCall(new Request.Builder().url(getLocation(httpServerInfo.getHttpsUri(), "/ui/api/identity")).build()).execute()) {
assertEquals(response.code(), SC_OK);
assertEquals(response.header("user"), TEST_USER);
assertEquals(response.header("principal"), TEST_USER);
assertEquals(response.header("groups"), groups.map(TestResource::toHeader).orElse(""));
}
}
}
use of okhttp3.Route in project trino by trinodb.
the class TestResourceSecurity method testJwtAndOAuth2AuthenticatorsSeparation.
@Test
public void testJwtAndOAuth2AuthenticatorsSeparation() throws Exception {
TestingHttpServer jwkServer = createTestingJwkServer();
jwkServer.start();
try (TokenServer tokenServer = new TokenServer(Optional.empty());
TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.type", "jwt,oauth2").put("http-server.authentication.jwt.key-file", jwkServer.getBaseUrl().toString()).putAll(getOAuth2Properties(tokenServer)).put("web-ui.enabled", "true").buildOrThrow()).setAdditionalModule(oauth2Module(tokenServer)).build()) {
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.NO_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertAuthenticationDisabled(httpServerInfo.getHttpUri());
OkHttpClient clientWithOAuthToken = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + tokenServer.getAccessToken()).build()).build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithOAuthToken);
String token = newJwtBuilder().signWith(JWK_PRIVATE_KEY).setHeaderParam(JwsHeader.KEY_ID, JWK_KEY_ID).setSubject("test-user").setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant())).compact();
OkHttpClient clientWithJwt = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + token).build()).build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithJwt);
}
}
use of okhttp3.Route in project trino by trinodb.
the class TestWebUi method testJwtAuthenticator.
@Test
public void testJwtAuthenticator() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.type", "jwt").put("http-server.authentication.jwt.key-file", HMAC_KEY).buildOrThrow()).build()) {
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
String nodeId = server.getInstance(Key.get(NodeInfo.class)).getNodeId();
testLogIn(httpServerInfo.getHttpUri(), FORM_LOGIN_USER, TEST_PASSWORD, false);
testNeverAuthorized(httpServerInfo.getHttpsUri(), client);
SecretKey hmac = hmacShaKeyFor(Base64.getDecoder().decode(Files.readString(Paths.get(HMAC_KEY)).trim()));
String token = newJwtBuilder().signWith(hmac).setSubject("test-user").setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant())).compact();
OkHttpClient clientWithJwt = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + token).build()).build();
testAlwaysAuthorized(httpServerInfo.getHttpsUri(), clientWithJwt, nodeId);
}
}
use of okhttp3.Route in project hop by rabbitmq.
the class OkHttpRestTemplateConfigurator method getRequestFactory.
private ClientHttpRequestFactory getRequestFactory(final URL url, final String username, final String password, final SSLSocketFactory sslSocketFactory, final X509TrustManager trustManager, final OkHttpClientBuilderConfigurator configurator) {
Assert.notNull(configurator, "configurator is required; it must not be null");
String theUser = username;
String thePassword = password;
String userInfo = url.getUserInfo();
if (userInfo != null && theUser == null) {
String[] userParts = userInfo.split(":");
if (userParts.length > 0) {
theUser = Utils.decode(userParts[0]);
}
if (userParts.length > 1) {
thePassword = Utils.decode(userParts[1]);
}
}
final String credentials = Credentials.basic(theUser, thePassword);
// configure OkHttpClient.Builder essentials
final OkHttpClient.Builder bldr = new OkHttpClient.Builder().authenticator((route, response) -> response.request().newBuilder().header("Authorization", credentials).build());
if (sslSocketFactory != null && trustManager != null) {
bldr.sslSocketFactory(sslSocketFactory, trustManager);
}
// this lets the user perform non-essential configuration (e.g. timeouts)
// but reduces the risk of essentials not being set. MK.
OkHttpClient.Builder b = configurator.configure(bldr);
OkHttpClient httpClient = b.build();
return new OkHttp3ClientHttpRequestFactory(httpClient);
}
Aggregations