Examples with ProxyAuthorizationPolicy org.apache.cxf.configuration.security.ProxyAuthorizationPolicy used on opensource projects

Example 6 with ProxyAuthorizationPolicy

use of org.apache.cxf.configuration.security.ProxyAuthorizationPolicy in project tomee by apache.

the class HTTPConduit method prepare.

/**
 * Prepare to send an outbound HTTP message over this http conduit to a
 * particular endpoint.
 * <P>
 * If the Message.PATH_INFO property is set it gets appended
 * to the Conduit's endpoint URL. If the Message.QUERY_STRING
 * property is set, it gets appended to the resultant URL following
 * a "?".
 * <P>
 * If the Message.HTTP_REQUEST_METHOD property is NOT set, the
 * Http request method defaults to "POST".
 * <P>
 * If the Message.PROTOCOL_HEADERS is not set on the message, it is
 * initialized to an empty map.
 * <P>
 * This call creates the OutputStream for the content of the message.
 * It also assigns the created Http(s)URLConnection to the Message
 * Map.
 *
 * @param message The message to be sent.
 */
public void prepare(Message message) throws IOException {
    // This call can possibly change the conduit endpoint address and
    // protocol from the default set in EndpointInfo that is associated
    // with the Conduit.
    Address currentAddress;
    try {
        currentAddress = setupAddress(message);
    } catch (URISyntaxException e) {
        throw new IOException(e);
    }
    // The need to cache the request is off by default
    boolean needToCacheRequest = false;
    HTTPClientPolicy csPolicy = getClient(message);
    setupConnection(message, currentAddress, csPolicy);
    // If the HTTP_REQUEST_METHOD is not set, the default is "POST".
    String httpRequestMethod = (String) message.get(Message.HTTP_REQUEST_METHOD);
    if (httpRequestMethod == null) {
        httpRequestMethod = "POST";
        message.put(Message.HTTP_REQUEST_METHOD, "POST");
    }
    boolean isChunking = false;
    int chunkThreshold = 0;
    final AuthorizationPolicy effectiveAuthPolicy = getEffectiveAuthPolicy(message);
    if (this.authSupplier == null) {
        this.authSupplier = createAuthSupplier(effectiveAuthPolicy);
    }
    if (this.proxyAuthSupplier == null) {
        this.proxyAuthSupplier = createAuthSupplier(proxyAuthorizationPolicy);
    }
    if (this.authSupplier.requiresRequestCaching()) {
        needToCacheRequest = true;
        isChunking = false;
        LOG.log(Level.FINE, "Auth Supplier, but no Preemptive User Pass or Digest auth (nonce may be stale)" + " We must cache request.");
    }
    if (csPolicy.isAutoRedirect()) {
        needToCacheRequest = true;
        LOG.log(Level.FINE, "AutoRedirect is turned on.");
    }
    if (csPolicy.getMaxRetransmits() > 0) {
        needToCacheRequest = true;
        LOG.log(Level.FINE, "MaxRetransmits is set > 0.");
    }
    // TODO : ensure chunking can be enabled for non-empty PUTs - if requested
    if (csPolicy.isAllowChunking() && isChunkingSupported(message, httpRequestMethod)) {
        // TODO: The chunking mode be configured or at least some
        // documented client constant.
        // use -1 and allow the URL connection to pick a default value
        isChunking = true;
        chunkThreshold = csPolicy.getChunkingThreshold();
    }
    cookies.writeToMessageHeaders(message);
    if (certConstraints != null) {
        message.put(CertConstraints.class.getName(), certConstraints);
        message.getInterceptorChain().add(CertConstraintsInterceptor.INSTANCE);
    }
    setHeadersByAuthorizationPolicy(message, currentAddress.getURI());
    new Headers(message).setFromClientPolicy(getClient(message));
    // set the OutputStream on the ProxyOutputStream
    ProxyOutputStream pos = message.getContent(ProxyOutputStream.class);
    if (pos != null && message.getContent(OutputStream.class) != null) {
        pos.setWrappedOutputStream(createOutputStream(message, needToCacheRequest, isChunking, chunkThreshold));
    } else {
        message.setContent(OutputStream.class, createOutputStream(message, needToCacheRequest, isChunking, chunkThreshold));
    }
// We are now "ready" to "send" the message.
}

Example 7 with ProxyAuthorizationPolicy

use of org.apache.cxf.configuration.security.ProxyAuthorizationPolicy in project cxf by apache.

the class HttpConduitConfigApplier method applyProxyAuthorization.

private void applyProxyAuthorization(Dictionary<String, String> d, HTTPConduit c) {
    Enumeration<String> keys = d.keys();
    ProxyAuthorizationPolicy p = c.getProxyAuthorization();
    while (keys.hasMoreElements()) {
        String k = keys.nextElement();
        if (k.startsWith("proxyAuthorization.")) {
            if (p == null) {
                p = new ProxyAuthorizationPolicy();
                c.setProxyAuthorization(p);
            }
            String v = d.get(k);
            k = k.substring("proxyAuthorization.".length());
            if ("UserName".equals(k)) {
                p.setUserName(v);
            } else if ("Password".equals(k)) {
                p.setPassword(v);
            } else if ("Authorization".equals(k)) {
                p.setAuthorization(v);
            } else if ("AuthorizationType".equals(k)) {
                p.setAuthorizationType(v);
            }
        }
    }
}

Example 8 with ProxyAuthorizationPolicy

use of org.apache.cxf.configuration.security.ProxyAuthorizationPolicy in project cxf by apache.

the class HTTPConduit method setHeadersByAuthorizationPolicy.

/**
 * This call places HTTP Header strings into the headers that are relevant
 * to the Authorization policies that are set on this conduit by
 * configuration.
 * <p>
 * An AuthorizationPolicy may also be set on the message. If so, those
 * policies are merged. A user name or password set on the messsage
 * overrides settings in the AuthorizationPolicy is retrieved from the
 * configuration.
 * <p>
 * The precedence is as follows:
 * 1. AuthorizationPolicy that is set on the Message, if exists.
 * 2. Authorization from AuthSupplier, if exists.
 * 3. AuthorizationPolicy set/configured for conduit.
 *
 * REVISIT: Since the AuthorizationPolicy is set on the message by class, then
 * how does one override the ProxyAuthorizationPolicy which is the same
 * type?
 *
 * @param message
 * @param currentURI
 */
protected void setHeadersByAuthorizationPolicy(Message message, URI currentURI) {
    Headers headers = new Headers(message);
    AuthorizationPolicy effectiveAuthPolicy = getEffectiveAuthPolicy(message);
    String authString = authSupplier.getAuthorization(effectiveAuthPolicy, currentURI, message, null);
    if (authString != null) {
        headers.setAuthorization(authString);
    }
    String proxyAuthString = proxyAuthSupplier.getAuthorization(proxyAuthorizationPolicy, currentURI, message, null);
    if (proxyAuthString != null) {
        headers.setProxyAuthorization(proxyAuthString);
    }
}

Example 9 with ProxyAuthorizationPolicy

use of org.apache.cxf.configuration.security.ProxyAuthorizationPolicy in project cxf by apache.

the class HTTPConduit method prepare.

/**
 * Prepare to send an outbound HTTP message over this http conduit to a
 * particular endpoint.
 * <P>
 * If the Message.PATH_INFO property is set it gets appended
 * to the Conduit's endpoint URL. If the Message.QUERY_STRING
 * property is set, it gets appended to the resultant URL following
 * a "?".
 * <P>
 * If the Message.HTTP_REQUEST_METHOD property is NOT set, the
 * Http request method defaults to "POST".
 * <P>
 * If the Message.PROTOCOL_HEADERS is not set on the message, it is
 * initialized to an empty map.
 * <P>
 * This call creates the OutputStream for the content of the message.
 * It also assigns the created Http(s)URLConnection to the Message
 * Map.
 *
 * @param message The message to be sent.
 */
public void prepare(Message message) throws IOException {
    // This call can possibly change the conduit endpoint address and
    // protocol from the default set in EndpointInfo that is associated
    // with the Conduit.
    Address currentAddress;
    try {
        currentAddress = setupAddress(message);
    } catch (URISyntaxException e) {
        throw new IOException(e);
    }
    // The need to cache the request is off by default
    boolean needToCacheRequest = false;
    HTTPClientPolicy csPolicy = getClient(message);
    setupConnection(message, currentAddress, csPolicy);
    // If the HTTP_REQUEST_METHOD is not set, the default is "POST".
    String httpRequestMethod = (String) message.get(Message.HTTP_REQUEST_METHOD);
    if (httpRequestMethod == null) {
        httpRequestMethod = "POST";
        message.put(Message.HTTP_REQUEST_METHOD, "POST");
    }
    boolean isChunking = false;
    int chunkThreshold = 0;
    final AuthorizationPolicy effectiveAuthPolicy = getEffectiveAuthPolicy(message);
    if (this.authSupplier == null) {
        this.authSupplier = createAuthSupplier(effectiveAuthPolicy);
    }
    if (this.proxyAuthSupplier == null) {
        this.proxyAuthSupplier = createAuthSupplier(proxyAuthorizationPolicy);
    }
    if (this.authSupplier.requiresRequestCaching()) {
        needToCacheRequest = true;
        isChunking = false;
        LOG.log(Level.FINE, "Auth Supplier, but no Preemptive User Pass or Digest auth (nonce may be stale)" + " We must cache request.");
    }
    if (csPolicy.isAutoRedirect()) {
        needToCacheRequest = true;
        LOG.log(Level.FINE, "AutoRedirect is turned on.");
    }
    if (csPolicy.getMaxRetransmits() > 0) {
        needToCacheRequest = true;
        LOG.log(Level.FINE, "MaxRetransmits is set > 0.");
    }
    // TODO : ensure chunking can be enabled for non-empty PUTs - if requested
    if (csPolicy.isAllowChunking() && isChunkingSupported(message, httpRequestMethod)) {
        // TODO: The chunking mode be configured or at least some
        // documented client constant.
        // use -1 and allow the URL connection to pick a default value
        isChunking = true;
        chunkThreshold = csPolicy.getChunkingThreshold();
    }
    cookies.writeToMessageHeaders(message);
    if (certConstraints != null) {
        message.put(CertConstraints.class.getName(), certConstraints);
        message.getInterceptorChain().add(CertConstraintsInterceptor.INSTANCE);
    }
    setHeadersByAuthorizationPolicy(message, currentAddress.getURI());
    new Headers(message).setFromClientPolicy(getClient(message));
    // set the OutputStream on the ProxyOutputStream
    ProxyOutputStream pos = message.getContent(ProxyOutputStream.class);
    if (pos != null && message.getContent(OutputStream.class) != null) {
        pos.setWrappedOutputStream(createOutputStream(message, needToCacheRequest, isChunking, chunkThreshold));
    } else {
        message.setContent(OutputStream.class, createOutputStream(message, needToCacheRequest, isChunking, chunkThreshold));
    }
// We are now "ready" to "send" the message.
}

Example 10 with ProxyAuthorizationPolicy

use of org.apache.cxf.configuration.security.ProxyAuthorizationPolicy in project cxf by apache.

the class HTTPSProxyAuthConduitTest method configureProxy.

public void configureProxy(Client client) {
    HTTPConduit cond = (HTTPConduit) client.getConduit();
    HTTPClientPolicy pol = cond.getClient();
    if (pol == null) {
        pol = new HTTPClientPolicy();
        cond.setClient(pol);
    }
    pol.setProxyServer("localhost");
    pol.setProxyServerPort(PROXY_PORT);
    ProxyAuthorizationPolicy auth = new ProxyAuthorizationPolicy();
    auth.setUserName("CXF");
    auth.setPassword("password");
    cond.setProxyAuthorization(auth);
}