Search in sources :

Example 46 with HttpClientContext

use of org.apache.http.client.protocol.HttpClientContext in project wildfly by wildfly.

the class FormMechTestBase method testUnauthorized.

@Test
@Override
public void testUnauthorized() throws Exception {
    HttpGet request = new HttpGet(new URI(url.toExternalForm() + "role1"));
    HttpClientContext context = HttpClientContext.create();
    try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
        try (CloseableHttpResponse response = httpClient.execute(request, context)) {
            int statusCode = response.getStatusLine().getStatusCode();
            assertEquals("Unexpected status code in HTTP response.", SC_OK, statusCode);
            assertEquals("Unexpected content of HTTP response.", LOGIN_PAGE_CONTENT, EntityUtils.toString(response.getEntity()));
        }
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpGet(org.apache.http.client.methods.HttpGet) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) URI(java.net.URI) Test(org.junit.Test)

Example 47 with HttpClientContext

use of org.apache.http.client.protocol.HttpClientContext in project wildfly by wildfly.

the class MicroProfileMetricsSecuredEndpointTestCase method securedHTTPEndpoint.

@Test
public void securedHTTPEndpoint() throws Exception {
    final String endpointURL = "http://" + managementClient.getMgmtAddress() + ":" + managementClient.getMgmtPort() + "/metrics";
    try (CloseableHttpClient client = HttpClients.createDefault()) {
        CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("testSuite", "testSuitePassword"));
        HttpClientContext hcContext = HttpClientContext.create();
        hcContext.setCredentialsProvider(credentialsProvider);
        CloseableHttpResponse resp = client.execute(new HttpGet(endpointURL), hcContext);
        assertEquals(200, resp.getStatusLine().getStatusCode());
        String content = EntityUtils.toString(resp.getEntity());
        resp.close();
        // MicroProfile Metrics 2.0 has changed its Prometheus conversion format from "base:x" to "base_x"
        String expectedMetric = "base_jvm_uptime_seconds";
        assertTrue(expectedMetric + " metric is expected in the response", content.contains(expectedMetric));
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) HttpGet(org.apache.http.client.methods.HttpGet) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials) Test(org.junit.Test)

Example 48 with HttpClientContext

use of org.apache.http.client.protocol.HttpClientContext in project wildfly by wildfly.

the class BootCheckApplication method invoke.

private Response invoke(final String url) throws IOException {
    HttpClientBuilder builder = HttpClients.custom();
    builder.setDefaultRequestConfig(RequestConfig.copy(RequestConfig.DEFAULT).setConnectTimeout(5000).build());
    builder.setDefaultSocketConfig(SocketConfig.copy(SocketConfig.DEFAULT).setSoTimeout(5000).build());
    try (CloseableHttpClient client = builder.build()) {
        CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("testSuite", "testSuitePassword"));
        HttpClientContext hcContext = HttpClientContext.create();
        hcContext.setCredentialsProvider(credentialsProvider);
        CloseableHttpResponse resp = client.execute(new HttpGet(url), hcContext);
        int respCode = resp.getStatusLine().getStatusCode();
        HttpEntity entity = resp.getEntity();
        String content = entity == null ? null : EntityUtils.toString(entity);
        resp.close();
        return new Response(respCode, content);
    }
}
Also used : CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) HttpEntity(org.apache.http.HttpEntity) HttpGet(org.apache.http.client.methods.HttpGet) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials)

Example 49 with HttpClientContext

use of org.apache.http.client.protocol.HttpClientContext in project tomee by apache.

the class AuthBeanTest method get.

private String get(final String user, final String password) {
    final BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
    basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user, password));
    final CloseableHttpClient client = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).build();
    final HttpHost httpHost = new HttpHost(webapp.getHost(), webapp.getPort(), webapp.getProtocol());
    final AuthCache authCache = new BasicAuthCache();
    final BasicScheme basicAuth = new BasicScheme();
    authCache.put(httpHost, basicAuth);
    final HttpClientContext context = HttpClientContext.create();
    context.setAuthCache(authCache);
    final HttpGet get = new HttpGet(webapp.toExternalForm() + "servlet");
    CloseableHttpResponse response = null;
    try {
        response = client.execute(httpHost, get, context);
        return response.getStatusLine().getStatusCode() + " " + EntityUtils.toString(response.getEntity());
    } catch (final IOException e) {
        throw new IllegalStateException(e);
    } finally {
        try {
            IO.close(response);
        } catch (final IOException e) {
        // no-op
        }
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) BasicScheme(org.apache.http.impl.auth.BasicScheme) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) HttpHost(org.apache.http.HttpHost) HttpGet(org.apache.http.client.methods.HttpGet) AuthCache(org.apache.http.client.AuthCache) BasicAuthCache(org.apache.http.impl.client.BasicAuthCache) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) BasicAuthCache(org.apache.http.impl.client.BasicAuthCache) IOException(java.io.IOException) UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials)

Example 50 with HttpClientContext

use of org.apache.http.client.protocol.HttpClientContext in project hive by apache.

the class HiveConnection method getHttpClient.

private CloseableHttpClient getHttpClient(Boolean useSsl) throws SQLException {
    boolean isCookieEnabled = sessConfMap.get(JdbcConnectionParams.COOKIE_AUTH) == null || (!JdbcConnectionParams.COOKIE_AUTH_FALSE.equalsIgnoreCase(sessConfMap.get(JdbcConnectionParams.COOKIE_AUTH)));
    String cookieName = sessConfMap.get(JdbcConnectionParams.COOKIE_NAME) == null ? JdbcConnectionParams.DEFAULT_COOKIE_NAMES_HS2 : sessConfMap.get(JdbcConnectionParams.COOKIE_NAME);
    CookieStore cookieStore = isCookieEnabled ? new BasicCookieStore() : null;
    HttpClientBuilder httpClientBuilder = null;
    // Request interceptor for any request pre-processing logic
    HttpRequestInterceptor requestInterceptor;
    Map<String, String> additionalHttpHeaders = new HashMap<String, String>();
    Map<String, String> customCookies = new HashMap<String, String>();
    // Retrieve the additional HttpHeaders
    for (Map.Entry<String, String> entry : sessConfMap.entrySet()) {
        String key = entry.getKey();
        if (key.startsWith(JdbcConnectionParams.HTTP_HEADER_PREFIX)) {
            additionalHttpHeaders.put(key.substring(JdbcConnectionParams.HTTP_HEADER_PREFIX.length()), entry.getValue());
        }
        if (key.startsWith(JdbcConnectionParams.HTTP_COOKIE_PREFIX)) {
            customCookies.put(key.substring(JdbcConnectionParams.HTTP_COOKIE_PREFIX.length()), entry.getValue());
        }
    }
    // Configure http client for kerberos/password based authentication
    if (isKerberosAuthMode()) {
        if (assumeSubject) {
            // With this option, we're assuming that the external application,
            // using the JDBC driver has done a JAAS kerberos login already
            AccessControlContext context = AccessController.getContext();
            loggedInSubject = Subject.getSubject(context);
            if (loggedInSubject == null) {
                throw new SQLException("The Subject is not set");
            }
        }
        /**
         * Add an interceptor which sets the appropriate header in the request.
         * It does the kerberos authentication and get the final service ticket,
         * for sending to the server before every request.
         * In https mode, the entire information is encrypted
         */
        requestInterceptor = new HttpKerberosRequestInterceptor(sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host, getServerHttpUrl(useSsl), loggedInSubject, cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
    } else if (isBrowserAuthMode()) {
        requestInterceptor = new HttpSamlAuthRequestInterceptor(browserClient, cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
    } else {
        // Check for delegation token, if present add it in the header
        String tokenStr = getClientDelegationToken(sessConfMap);
        if (tokenStr != null) {
            requestInterceptor = new HttpTokenAuthInterceptor(tokenStr, cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
        } else {
            /**
             * Add an interceptor to pass username/password in the header.
             * In https mode, the entire information is encrypted
             */
            requestInterceptor = new HttpBasicAuthInterceptor(getUserName(), getPassword(), cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
        }
    }
    // Configure http client for cookie based authentication
    if (isCookieEnabled) {
        // Create a http client with a retry mechanism when the server returns a status code of 401.
        httpClientBuilder = HttpClients.custom().setDefaultCookieStore(cookieStore).setServiceUnavailableRetryStrategy(new ServiceUnavailableRetryStrategy() {

            @Override
            public boolean retryRequest(final HttpResponse response, final int executionCount, final HttpContext context) {
                int statusCode = response.getStatusLine().getStatusCode();
                boolean sentCredentials = context.getAttribute(Utils.HIVE_SERVER2_SENT_CREDENTIALS) != null && context.getAttribute(Utils.HIVE_SERVER2_SENT_CREDENTIALS).equals(Utils.HIVE_SERVER2_CONST_TRUE);
                boolean ret = statusCode == 401 && executionCount <= 1 && !sentCredentials;
                // interceptor
                if (ret) {
                    context.setAttribute(Utils.HIVE_SERVER2_RETRY_KEY, Utils.HIVE_SERVER2_CONST_TRUE);
                }
                return ret;
            }

            @Override
            public long getRetryInterval() {
                // Immediate retry
                return 0;
            }
        });
    } else {
        httpClientBuilder = HttpClientBuilder.create();
    }
    // Beeline <------> LB <------> Reverse Proxy <-----> Hiveserver2
    // In case of deployments like above, the LoadBalancer (LB) can be configured with Idle Timeout after which the LB
    // will send TCP RST to Client (Beeline) and Backend (Reverse Proxy). If user is connected to beeline, idle for
    // sometime and resubmits a query after the idle timeout there is a broken pipe between beeline and LB. When Beeline
    // tries to submit the query one of two things happen, it either hangs or times out (if socketTimeout is defined in
    // the jdbc param). The hang is because of the default infinite socket timeout for which there is no auto-recovery
    // (user have to manually interrupt the query). If the socketTimeout jdbc param was specified, beeline will receive
    // SocketTimeoutException (Read Timeout) or NoHttpResponseException both of which can be retried if maxRetries is
    // also specified by the user (jdbc param).
    // The following retry handler handles the above cases in addition to retries for idempotent and unsent requests.
    httpClientBuilder.setRetryHandler(new HttpRequestRetryHandler() {

        // This handler is mostly a copy of DefaultHttpRequestRetryHandler except it also retries some exceptions
        // which could be thrown in certain cases where idle timeout from intermediate proxy triggers a connection reset.
        private final List<Class<? extends IOException>> nonRetriableClasses = Arrays.asList(InterruptedIOException.class, UnknownHostException.class, ConnectException.class, SSLException.class);

        // socket exceptions could happen because of timeout, broken pipe or server not responding in which case it is
        // better to reopen the connection and retry if user specified maxRetries
        private final List<Class<? extends IOException>> retriableClasses = Arrays.asList(SocketTimeoutException.class, SocketException.class, NoHttpResponseException.class);

        @Override
        public boolean retryRequest(IOException exception, int executionCount, HttpContext context) {
            Args.notNull(exception, "Exception parameter");
            Args.notNull(context, "HTTP context");
            if (executionCount > maxRetries) {
                // Do not retry if over max retry count
                LOG.error("Max retries (" + maxRetries + ") exhausted.", exception);
                return false;
            }
            if (this.retriableClasses.contains(exception.getClass())) {
                LOG.info("Retrying " + exception.getClass() + " as it is in retriable classes list.");
                return true;
            }
            if (this.nonRetriableClasses.contains(exception.getClass())) {
                LOG.info("Not retrying as the class (" + exception.getClass() + ") is non-retriable class.");
                return false;
            } else {
                for (final Class<? extends IOException> rejectException : this.nonRetriableClasses) {
                    if (rejectException.isInstance(exception)) {
                        LOG.info("Not retrying as the class (" + exception.getClass() + ") is an instance of is non-retriable class.");
                        return false;
                    }
                }
            }
            final HttpClientContext clientContext = HttpClientContext.adapt(context);
            final HttpRequest request = clientContext.getRequest();
            if (requestIsAborted(request)) {
                LOG.info("Not retrying as request is aborted.");
                return false;
            }
            if (handleAsIdempotent(request)) {
                LOG.info("Retrying idempotent request. Attempt " + executionCount + " of " + maxRetries);
                // Retry if the request is considered idempotent
                return true;
            }
            if (!clientContext.isRequestSent()) {
                LOG.info("Retrying unsent request. Attempt " + executionCount + " of " + maxRetries);
                // if it's OK to retry methods that have been sent
                return true;
            }
            LOG.info("Not retrying as the request is not idempotent or is already sent.");
            // otherwise do not retry
            return false;
        }

        // requests that handles "Expect continue" handshakes. If server received the header and is waiting for body
        // then those requests can be retried. Most basic http method methods except DELETE are idempotent as long as they
        // are not aborted.
        protected boolean handleAsIdempotent(final HttpRequest request) {
            return !(request instanceof HttpEntityEnclosingRequest);
        }

        // checks if the request got aborted
        protected boolean requestIsAborted(final HttpRequest request) {
            HttpRequest req = request;
            if (request instanceof RequestWrapper) {
                // does not forward request to original
                req = ((RequestWrapper) request).getOriginal();
            }
            return (req instanceof HttpUriRequest && ((HttpUriRequest) req).isAborted());
        }
    });
    if (isBrowserAuthMode()) {
        httpClientBuilder.setRedirectStrategy(new HiveJdbcSamlRedirectStrategy(browserClient));
    }
    // Add the request interceptor to the client builder
    httpClientBuilder.addInterceptorFirst(requestInterceptor);
    // Add an interceptor to add in an XSRF header
    httpClientBuilder.addInterceptorLast(new XsrfHttpRequestInterceptor());
    // set the specified timeout (socketTimeout jdbc param) for http connection as well
    RequestConfig config = RequestConfig.custom().setConnectTimeout(loginTimeout * 1000).setConnectionRequestTimeout(loginTimeout * 1000).setSocketTimeout(loginTimeout * 1000).build();
    httpClientBuilder.setDefaultRequestConfig(config);
    // Configure http client for SSL
    if (useSsl) {
        String useTwoWaySSL = sessConfMap.get(JdbcConnectionParams.USE_TWO_WAY_SSL);
        String sslTrustStorePath = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE);
        String sslTrustStorePassword = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD);
        KeyStore sslTrustStore;
        SSLConnectionSocketFactory socketFactory;
        SSLContext sslContext;
        /**
         * The code within the try block throws: SSLInitializationException, KeyStoreException,
         * IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException &
         * UnrecoverableKeyException. We don't want the client to retry on any of these,
         * hence we catch all and throw a SQLException.
         */
        try {
            if (useTwoWaySSL != null && useTwoWaySSL.equalsIgnoreCase(JdbcConnectionParams.TRUE)) {
                socketFactory = getTwoWaySSLSocketFactory();
            } else if (sslTrustStorePath == null || sslTrustStorePath.isEmpty()) {
                // Create a default socket factory based on standard JSSE trust material
                socketFactory = SSLConnectionSocketFactory.getSocketFactory();
            } else {
                // Pick trust store config from the given path
                String trustStoreType = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE_TYPE);
                if (trustStoreType == null || trustStoreType.isEmpty()) {
                    trustStoreType = KeyStore.getDefaultType();
                }
                sslTrustStore = KeyStore.getInstance(trustStoreType);
                try (FileInputStream fis = new FileInputStream(sslTrustStorePath)) {
                    sslTrustStore.load(fis, sslTrustStorePassword.toCharArray());
                }
                sslContext = SSLContexts.custom().loadTrustMaterial(sslTrustStore, null).build();
                socketFactory = new SSLConnectionSocketFactory(sslContext, new DefaultHostnameVerifier(null));
            }
            final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", socketFactory).build();
            httpClientBuilder.setConnectionManager(new BasicHttpClientConnectionManager(registry));
        } catch (Exception e) {
            String msg = "Could not create an https connection to " + jdbcUriString + ". " + e.getMessage();
            throw new SQLException(msg, " 08S01", e);
        }
    }
    return httpClientBuilder.build();
}
Also used : HttpUriRequest(org.apache.http.client.methods.HttpUriRequest) HashMap(java.util.HashMap) SQLException(java.sql.SQLException) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) ServiceUnavailableRetryStrategy(org.apache.http.client.ServiceUnavailableRetryStrategy) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) AccessControlContext(java.security.AccessControlContext) HiveJdbcSamlRedirectStrategy(org.apache.hive.jdbc.saml.HiveJdbcSamlRedirectStrategy) DefaultHostnameVerifier(org.apache.http.conn.ssl.DefaultHostnameVerifier) HttpEntityEnclosingRequest(org.apache.http.HttpEntityEnclosingRequest) RequestWrapper(org.apache.http.impl.client.RequestWrapper) BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager) HttpSamlAuthRequestInterceptor(org.apache.hive.jdbc.saml.HttpSamlAuthRequestInterceptor) HttpRequest(org.apache.http.HttpRequest) RequestConfig(org.apache.http.client.config.RequestConfig) HttpContext(org.apache.http.protocol.HttpContext) HttpResponse(org.apache.http.HttpResponse) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) InterruptedIOException(java.io.InterruptedIOException) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) Savepoint(java.sql.Savepoint) FileInputStream(java.io.FileInputStream) SQLFeatureNotSupportedException(java.sql.SQLFeatureNotSupportedException) SaslException(javax.security.sasl.SaslException) InvocationTargetException(java.lang.reflect.InvocationTargetException) SSLException(javax.net.ssl.SSLException) InterruptedIOException(java.io.InterruptedIOException) SocketException(java.net.SocketException) SQLClientInfoException(java.sql.SQLClientInfoException) SQLException(java.sql.SQLException) SocketTimeoutException(java.net.SocketTimeoutException) ConnectException(java.net.ConnectException) TException(org.apache.thrift.TException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) TTransportException(org.apache.thrift.transport.TTransportException) NoHttpResponseException(org.apache.http.NoHttpResponseException) HiveJdbcBrowserException(org.apache.hive.jdbc.saml.IJdbcBrowserClient.HiveJdbcBrowserException) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) CookieStore(org.apache.http.client.CookieStore) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) HttpRequestInterceptor(org.apache.http.HttpRequestInterceptor) HttpRequestRetryHandler(org.apache.http.client.HttpRequestRetryHandler) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

HttpClientContext (org.apache.http.client.protocol.HttpClientContext)160 HttpGet (org.apache.http.client.methods.HttpGet)56 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)54 IOException (java.io.IOException)48 HttpHost (org.apache.http.HttpHost)47 BasicCredentialsProvider (org.apache.http.impl.client.BasicCredentialsProvider)45 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)45 UsernamePasswordCredentials (org.apache.http.auth.UsernamePasswordCredentials)39 CredentialsProvider (org.apache.http.client.CredentialsProvider)39 URI (java.net.URI)32 HttpResponse (org.apache.http.HttpResponse)32 BasicScheme (org.apache.http.impl.auth.BasicScheme)32 BasicAuthCache (org.apache.http.impl.client.BasicAuthCache)32 AuthScope (org.apache.http.auth.AuthScope)31 AuthCache (org.apache.http.client.AuthCache)29 Test (org.junit.Test)29 HttpEntity (org.apache.http.HttpEntity)22 HttpClientBuilder (org.apache.http.impl.client.HttpClientBuilder)21 HttpClient (org.apache.http.client.HttpClient)18 RequestConfig (org.apache.http.client.config.RequestConfig)17