use of org.apache.http.HttpRequest in project robolectric by robolectric.
the class DefaultRequestDirector method createTunnelToTarget.
// establishConnection
/**
* Creates a tunnel to the target server.
* The connection must be established to the (last) proxy.
* A CONNECT request for tunnelling through the proxy will
* be created and sent, the response received and checked.
* This method does <i>not</i> update the connection with
* information about the tunnel, that is left to the caller.
*
* @param route the route to establish
* @param context the context for request execution
*
* @return {@code true} if the tunnelled route is secure,
* {@code false} otherwise.
* The implementation here always returns {@code false},
* but derived classes may override.
*
* @throws HttpException in case of a problem
* @throws IOException in case of an IO problem
*/
protected boolean createTunnelToTarget(HttpRoute route, HttpContext context) throws HttpException, IOException {
HttpHost proxy = route.getProxyHost();
HttpHost target = route.getTargetHost();
HttpResponse response = null;
boolean done = false;
while (!done) {
done = true;
if (!this.managedConn.isOpen()) {
this.managedConn.open(route, context, this.params);
}
HttpRequest connect = createConnectRequest(route, context);
connect.setParams(this.params);
// Populate the execution context
context.setAttribute(ExecutionContext.HTTP_TARGET_HOST, target);
context.setAttribute(ExecutionContext.HTTP_PROXY_HOST, proxy);
context.setAttribute(ExecutionContext.HTTP_CONNECTION, managedConn);
context.setAttribute(ClientContext.TARGET_AUTH_STATE, targetAuthState);
context.setAttribute(ClientContext.PROXY_AUTH_STATE, proxyAuthState);
context.setAttribute(ExecutionContext.HTTP_REQUEST, connect);
this.requestExec.preProcess(connect, this.httpProcessor, context);
response = this.requestExec.execute(connect, this.managedConn, context);
response.setParams(this.params);
this.requestExec.postProcess(response, this.httpProcessor, context);
int status = response.getStatusLine().getStatusCode();
if (status < 200) {
throw new HttpException("Unexpected response to CONNECT request: " + response.getStatusLine());
}
CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute(ClientContext.CREDS_PROVIDER);
if (credsProvider != null && HttpClientParams.isAuthenticating(params)) {
if (this.proxyAuthHandler.isAuthenticationRequested(response, context)) {
this.log.debug("Proxy requested authentication");
Map<String, Header> challenges = this.proxyAuthHandler.getChallenges(response, context);
try {
processChallenges(challenges, this.proxyAuthState, this.proxyAuthHandler, response, context);
} catch (AuthenticationException ex) {
if (this.log.isWarnEnabled()) {
this.log.warn("Authentication error: " + ex.getMessage());
break;
}
}
updateAuthState(this.proxyAuthState, proxy, credsProvider);
if (this.proxyAuthState.getCredentials() != null) {
done = false;
// Retry request
if (this.reuseStrategy.keepAlive(response, context)) {
this.log.debug("Connection kept alive");
// Consume response content
HttpEntity entity = response.getEntity();
if (entity != null) {
entity.consumeContent();
}
} else {
this.managedConn.close();
}
}
} else {
// Reset proxy auth scope
this.proxyAuthState.setAuthScope(null);
}
}
}
// can't be null
int status = response.getStatusLine().getStatusCode();
if (status > 299) {
// Buffer response content
HttpEntity entity = response.getEntity();
if (entity != null) {
response.setEntity(new BufferedHttpEntity(entity));
}
this.managedConn.close();
throw new TunnelRefusedException("CONNECT refused by proxy: " + response.getStatusLine(), response);
}
this.managedConn.markReusable();
// Leave it to derived classes, consider insecure by default here.
return false;
}
use of org.apache.http.HttpRequest in project robolectric by robolectric.
the class DefaultRequestDirector method createConnectRequest.
/**
* Creates the CONNECT request for tunnelling.
* Called by {@link #createTunnelToTarget createTunnelToTarget}.
*
* @param route the route to establish
* @param context the context for request execution
*
* @return the CONNECT request for tunnelling
*/
protected HttpRequest createConnectRequest(HttpRoute route, HttpContext context) {
// see RFC 2817, section 5.2 and
// INTERNET-DRAFT: Tunneling TCP based protocols through
// Web proxy servers
HttpHost target = route.getTargetHost();
String host = target.getHostName();
int port = target.getPort();
if (port < 0) {
Scheme scheme = connManager.getSchemeRegistry().getScheme(target.getSchemeName());
port = scheme.getDefaultPort();
}
StringBuilder buffer = new StringBuilder(host.length() + 6);
buffer.append(host);
buffer.append(':');
buffer.append(Integer.toString(port));
String authority = buffer.toString();
ProtocolVersion ver = HttpProtocolParams.getVersion(params);
HttpRequest req = new BasicHttpRequest("CONNECT", authority, ver);
return req;
}
use of org.apache.http.HttpRequest in project undertow by undertow-io.
the class ServletFormAuthURLRewriteTestCase method testServletFormAuthWithOriginalRequestParams.
@Test
public void testServletFormAuthWithOriginalRequestParams() throws IOException {
TestHttpClient client = new TestHttpClient();
client.setRedirectStrategy(new DefaultRedirectStrategy() {
@Override
public boolean isRedirected(final HttpRequest request, final HttpResponse response, final HttpContext context) throws ProtocolException {
if (response.getStatusLine().getStatusCode() == StatusCodes.FOUND) {
return true;
}
return super.isRedirected(request, response, context);
}
});
try {
final String uri = DefaultServer.getDefaultServerURL() + "/servletContext/secured/echoParam?param=developer";
HttpPost post = new HttpPost(uri);
post.setEntity(new StringEntity("String Entity"));
HttpResponse result = client.execute(post);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
String response = HttpClientUtils.readResponse(result);
Assert.assertTrue(response.startsWith("j_security_check"));
BasicNameValuePair[] pairs = new BasicNameValuePair[] { new BasicNameValuePair("j_username", "user1"), new BasicNameValuePair("j_password", "password1") };
final List<NameValuePair> data = new ArrayList<>();
data.addAll(Arrays.asList(pairs));
post = new HttpPost(DefaultServer.getDefaultServerURL() + "/servletContext/" + response);
post.setEntity(new UrlEncodedFormEntity(data));
result = client.execute(post);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
response = HttpClientUtils.readResponse(result);
assertEquals("developer", response);
} finally {
client.getConnectionManager().shutdown();
}
}
use of org.apache.http.HttpRequest in project undertow by undertow-io.
the class ServletFormAuthDefaultPageTestCase method testServletFormAuthWithoutSavedPostBody.
@Test
public void testServletFormAuthWithoutSavedPostBody() throws IOException {
TestHttpClient client = new TestHttpClient();
client.setRedirectStrategy(new DefaultRedirectStrategy() {
@Override
public boolean isRedirected(final HttpRequest request, final HttpResponse response, final HttpContext context) throws ProtocolException {
if (response.getStatusLine().getStatusCode() == StatusCodes.FOUND) {
return true;
}
if (request.getRequestLine().getUri().equals(DEFAULT_PAGE)) {
response.setStatusCode(StatusCodes.OK);
// Skip redirecting, because the resource isn't available in this test
return false;
}
// force the test to fail
response.setStatusCode(StatusCodes.EXPECTATION_FAILED);
return super.isRedirected(request, response, context);
}
});
try {
BasicNameValuePair[] pairs = new BasicNameValuePair[] { new BasicNameValuePair("j_username", "user1"), new BasicNameValuePair("j_password", "password1") };
final List<NameValuePair> data = new ArrayList<>();
data.addAll(Arrays.asList(pairs));
HttpPost post = new HttpPost(DefaultServer.getDefaultServerURL() + "/servletContext/j_security_check");
post.setEntity(new UrlEncodedFormEntity(data));
HttpResponse result = client.execute(post);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
String response = HttpClientUtils.readResponse(result);
Assert.assertEquals("", response);
} finally {
client.getConnectionManager().shutdown();
}
}
use of org.apache.http.HttpRequest in project undertow by undertow-io.
the class ServletFormAuthDefaultPageTestCase method testServletFormAuth.
@Test
public void testServletFormAuth() throws IOException {
TestHttpClient client = new TestHttpClient();
client.setRedirectStrategy(new DefaultRedirectStrategy() {
@Override
public boolean isRedirected(final HttpRequest request, final HttpResponse response, final HttpContext context) throws ProtocolException {
if (response.getStatusLine().getStatusCode() == StatusCodes.FOUND) {
return true;
}
if (request.getRequestLine().getUri().equals(DEFAULT_PAGE)) {
response.setStatusCode(StatusCodes.OK);
// Skip redirecting, because the resource isn't available in this test
return false;
}
return super.isRedirected(request, response, context);
}
});
try {
final String uri = DefaultServer.getDefaultServerURL() + "/servletContext/secured/test";
HttpGet get = new HttpGet(uri);
HttpResponse result = client.execute(get);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
String response = HttpClientUtils.readResponse(result);
Assert.assertTrue(response.startsWith("j_security_check"));
BasicNameValuePair[] pairs = new BasicNameValuePair[] { new BasicNameValuePair("j_username", "user1"), new BasicNameValuePair("j_password", "password1") };
final List<NameValuePair> data = new ArrayList<>();
data.addAll(Arrays.asList(pairs));
HttpPost post = new HttpPost(DefaultServer.getDefaultServerURL() + "/servletContext/j_security_check;jsessionid=dsjahfklsahdfjklsa");
post.setEntity(new UrlEncodedFormEntity(data));
result = client.execute(post);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
response = HttpClientUtils.readResponse(result);
Assert.assertEquals("", response);
} finally {
client.getConnectionManager().shutdown();
}
}
Aggregations