Example 51 with AuthorizationPolicy
use of org.apache.cxf.configuration.security.AuthorizationPolicy in project cxf by apache.
the class HttpConduitConfigApplier method applyAuthorization.
private void applyAuthorization(Dictionary<String, String> d, HTTPConduit c) {
Enumeration<String> keys = d.keys();
AuthorizationPolicy p = c.getAuthorization();
while (keys.hasMoreElements()) {
String k = keys.nextElement();
if (k.startsWith("authorization.")) {
if (p == null) {
p = new AuthorizationPolicy();
c.setAuthorization(p);
}
String v = d.get(k);
k = k.substring("authorization.".length());
if ("UserName".equals(k)) {
p.setUserName(v);
} else if ("Password".equals(k)) {
p.setPassword(v);
} else if ("Authorization".equals(k)) {
p.setAuthorization(v);
} else if ("AuthorizationType".equals(k)) {
p.setAuthorizationType(v);
}
}
}
}
Also used :
ProxyAuthorizationPolicy(org.apache.cxf.configuration.security.ProxyAuthorizationPolicy)
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
Example 52 with AuthorizationPolicy
use of org.apache.cxf.configuration.security.AuthorizationPolicy in project cxf by apache.
the class HTTPConduit method setHeadersByAuthorizationPolicy.
/**
* This call places HTTP Header strings into the headers that are relevant
* to the Authorization policies that are set on this conduit by
* configuration.
* <p>
* An AuthorizationPolicy may also be set on the message. If so, those
* policies are merged. A user name or password set on the messsage
* overrides settings in the AuthorizationPolicy is retrieved from the
* configuration.
* <p>
* The precedence is as follows:
* 1. AuthorizationPolicy that is set on the Message, if exists.
* 2. Authorization from AuthSupplier, if exists.
* 3. AuthorizationPolicy set/configured for conduit.
*
* REVISIT: Since the AuthorizationPolicy is set on the message by class, then
* how does one override the ProxyAuthorizationPolicy which is the same
* type?
*
* @param message
* @param currentURI
*/
protected void setHeadersByAuthorizationPolicy(Message message, URI currentURI) {
Headers headers = new Headers(message);
AuthorizationPolicy effectiveAuthPolicy = getEffectiveAuthPolicy(message);
String authString = authSupplier.getAuthorization(effectiveAuthPolicy, currentURI, message, null);
if (authString != null) {
headers.setAuthorization(authString);
}
String proxyAuthString = proxyAuthSupplier.getAuthorization(proxyAuthorizationPolicy, currentURI, message, null);
if (proxyAuthString != null) {
headers.setProxyAuthorization(proxyAuthString);
}
}
Also used :
ProxyAuthorizationPolicy(org.apache.cxf.configuration.security.ProxyAuthorizationPolicy)
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
Example 53 with AuthorizationPolicy
use of org.apache.cxf.configuration.security.AuthorizationPolicy in project cxf by apache.
the class HTTPConduit method prepare.
/**
* Prepare to send an outbound HTTP message over this http conduit to a
* particular endpoint.
* <P>
* If the Message.PATH_INFO property is set it gets appended
* to the Conduit's endpoint URL. If the Message.QUERY_STRING
* property is set, it gets appended to the resultant URL following
* a "?".
* <P>
* If the Message.HTTP_REQUEST_METHOD property is NOT set, the
* Http request method defaults to "POST".
* <P>
* If the Message.PROTOCOL_HEADERS is not set on the message, it is
* initialized to an empty map.
* <P>
* This call creates the OutputStream for the content of the message.
* It also assigns the created Http(s)URLConnection to the Message
* Map.
*
* @param message The message to be sent.
*/
public void prepare(Message message) throws IOException {
// This call can possibly change the conduit endpoint address and
// protocol from the default set in EndpointInfo that is associated
// with the Conduit.
Address currentAddress;
try {
currentAddress = setupAddress(message);
} catch (URISyntaxException e) {
throw new IOException(e);
}
// The need to cache the request is off by default
boolean needToCacheRequest = false;
HTTPClientPolicy csPolicy = getClient(message);
setupConnection(message, currentAddress, csPolicy);
// If the HTTP_REQUEST_METHOD is not set, the default is "POST".
String httpRequestMethod = (String) message.get(Message.HTTP_REQUEST_METHOD);
if (httpRequestMethod == null) {
httpRequestMethod = "POST";
message.put(Message.HTTP_REQUEST_METHOD, "POST");
}
boolean isChunking = false;
int chunkThreshold = 0;
final AuthorizationPolicy effectiveAuthPolicy = getEffectiveAuthPolicy(message);
if (this.authSupplier == null) {
this.authSupplier = createAuthSupplier(effectiveAuthPolicy);
}
if (this.proxyAuthSupplier == null) {
this.proxyAuthSupplier = createAuthSupplier(proxyAuthorizationPolicy);
}
if (this.authSupplier.requiresRequestCaching()) {
needToCacheRequest = true;
isChunking = false;
LOG.log(Level.FINE, "Auth Supplier, but no Preemptive User Pass or Digest auth (nonce may be stale)" + " We must cache request.");
}
if (csPolicy.isAutoRedirect()) {
needToCacheRequest = true;
LOG.log(Level.FINE, "AutoRedirect is turned on.");
}
if (csPolicy.getMaxRetransmits() > 0) {
needToCacheRequest = true;
LOG.log(Level.FINE, "MaxRetransmits is set > 0.");
}
// TODO : ensure chunking can be enabled for non-empty PUTs - if requested
if (csPolicy.isAllowChunking() && isChunkingSupported(message, httpRequestMethod)) {
// TODO: The chunking mode be configured or at least some
// documented client constant.
// use -1 and allow the URL connection to pick a default value
isChunking = true;
chunkThreshold = csPolicy.getChunkingThreshold();
}
cookies.writeToMessageHeaders(message);
if (certConstraints != null) {
message.put(CertConstraints.class.getName(), certConstraints);
message.getInterceptorChain().add(CertConstraintsInterceptor.INSTANCE);
}
setHeadersByAuthorizationPolicy(message, currentAddress.getURI());
new Headers(message).setFromClientPolicy(getClient(message));
// set the OutputStream on the ProxyOutputStream
ProxyOutputStream pos = message.getContent(ProxyOutputStream.class);
if (pos != null && message.getContent(OutputStream.class) != null) {
pos.setWrappedOutputStream(createOutputStream(message, needToCacheRequest, isChunking, chunkThreshold));
} else {
message.setContent(OutputStream.class, createOutputStream(message, needToCacheRequest, isChunking, chunkThreshold));
}
// We are now "ready" to "send" the message.
}
Also used :
ProxyAuthorizationPolicy(org.apache.cxf.configuration.security.ProxyAuthorizationPolicy)
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
HTTPClientPolicy(org.apache.cxf.transports.http.configuration.HTTPClientPolicy)
CertConstraints(org.apache.cxf.transport.https.CertConstraints)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
Endpoint(org.apache.cxf.endpoint.Endpoint)
Example 54 with AuthorizationPolicy
use of org.apache.cxf.configuration.security.AuthorizationPolicy in project cxf by apache.
the class HTTPConduit method getEffectiveAuthPolicy.
/**
* Determines effective auth policy from message, conduit and empty default
* with priority from first to last
*
* @param message
* @return effective AthorizationPolicy
*/
public AuthorizationPolicy getEffectiveAuthPolicy(Message message) {
AuthorizationPolicy authPolicy = getAuthorization();
AuthorizationPolicy newPolicy = message.get(AuthorizationPolicy.class);
AuthorizationPolicy effectivePolicy = newPolicy;
if (effectivePolicy == null) {
effectivePolicy = authPolicy;
}
if (effectivePolicy == null) {
effectivePolicy = new AuthorizationPolicy();
}
return effectivePolicy;
}
Also used :
ProxyAuthorizationPolicy(org.apache.cxf.configuration.security.ProxyAuthorizationPolicy)
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
Example 55 with AuthorizationPolicy
use of org.apache.cxf.configuration.security.AuthorizationPolicy in project cxf by apache.
the class AhcWebSocketConduit method getAsyncHttpClient.
private synchronized AsyncHttpClient getAsyncHttpClient(Message message) {
if (ahcclient == null) {
DefaultAsyncHttpClientConfig.Builder builder = new DefaultAsyncHttpClientConfig.Builder();
AuthorizationPolicy ap = getEffectiveAuthPolicy(message);
if (ap != null && (!StringUtils.isEmpty(ap.getAuthorizationType()) || !StringUtils.isEmpty(ap.getUserName()))) {
Realm.Builder rb = new Realm.Builder(ap.getUserName(), ap.getPassword());
if (ap.getAuthorizationType() == null) {
rb.setScheme(AuthScheme.BASIC);
} else {
rb.setScheme(AuthScheme.valueOf(ap.getAuthorizationType().toUpperCase()));
}
rb.setUsePreemptiveAuth(true);
builder.setRealm(rb.build());
}
AsyncHttpClientConfig config = builder.build();
ahcclient = new DefaultAsyncHttpClient(config);
}
return ahcclient;
}
Also used :
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
DefaultAsyncHttpClientConfig(org.asynchttpclient.DefaultAsyncHttpClientConfig)
AsyncHttpClientConfig(org.asynchttpclient.AsyncHttpClientConfig)
DefaultAsyncHttpClientConfig(org.asynchttpclient.DefaultAsyncHttpClientConfig)
DefaultAsyncHttpClient(org.asynchttpclient.DefaultAsyncHttpClient)
Realm(org.asynchttpclient.Realm)
Aggregations
AuthorizationPolicy (org.apache.cxf.configuration.security.AuthorizationPolicy)86
Message (org.apache.cxf.message.Message)25
Test (org.junit.Test)22
HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)16
IOException (java.io.IOException)15
ArrayList (java.util.ArrayList)11
Client (org.apache.cxf.endpoint.Client)11
List (java.util.List)9
HTTPClientPolicy (org.apache.cxf.transports.http.configuration.HTTPClientPolicy)9
URL (java.net.URL)7
HashMap (java.util.HashMap)7
ProxyAuthorizationPolicy (org.apache.cxf.configuration.security.ProxyAuthorizationPolicy)7
Map (java.util.Map)6
SecurityContext (org.apache.cxf.security.SecurityContext)6
Bus (org.apache.cxf.Bus)5
TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)5
WebClient (org.apache.cxf.jaxrs.client.WebClient)5
MessageImpl (org.apache.cxf.message.MessageImpl)5
EndpointInfo (org.apache.cxf.service.model.EndpointInfo)5
Principal (java.security.Principal)4
