Examples with Lookup org.apache.http.config.Lookup used on opensource projects

Search in sources :

Example 1 with Lookup

use of org.apache.http.config.Lookup in project hbase by apache.

the class TestProxyUserSpnegoHttpServer method testProxy.

public void testProxy(String clientPrincipal, String doAs, int responseCode, String statusLine) throws Exception {
    // Create the subject for the client
    final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(WHEEL_PRINCIPAL, wheelKeytab);
    final Set<Principal> clientPrincipals = clientSubject.getPrincipals();
    // Make sure the subject has a principal
    assertFalse(clientPrincipals.isEmpty());
    // Get a TGT for the subject (might have many, different encryption types). The first should
    // be the default encryption type.
    Set<KerberosTicket> privateCredentials = clientSubject.getPrivateCredentials(KerberosTicket.class);
    assertFalse(privateCredentials.isEmpty());
    KerberosTicket tgt = privateCredentials.iterator().next();
    assertNotNull(tgt);
    // The name of the principal
    final String principalName = clientPrincipals.iterator().next().getName();
    // Run this code, logged in as the subject (the client)
    HttpResponse resp = Subject.doAs(clientSubject, new PrivilegedExceptionAction<HttpResponse>() {

        @Override
        public HttpResponse run() throws Exception {
            // Logs in with Kerberos via GSS
            GSSManager gssManager = GSSManager.getInstance();
            // jGSS Kerberos login constant
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            GSSName gssClient = gssManager.createName(principalName, GSSName.NT_USER_NAME);
            GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
            HttpClientContext context = HttpClientContext.create();
            Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();
            HttpClient client = HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry).build();
            BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));
            URL url = new URL(getServerURL(server), "/echo?doAs=" + doAs + "&a=b");
            context.setTargetHost(new HttpHost(url.getHost(), url.getPort()));
            context.setCredentialsProvider(credentialsProvider);
            context.setAuthSchemeRegistry(authRegistry);
            HttpGet get = new HttpGet(url.toURI());
            return client.execute(get, context);
        }
    });
    assertNotNull(resp);
    assertEquals(responseCode, resp.getStatusLine().getStatusCode());
    if (responseCode == HttpURLConnection.HTTP_OK) {
        assertTrue(EntityUtils.toString(resp.getEntity()).trim().contains("a:b"));
    } else {
        assertTrue(resp.getStatusLine().toString().contains(statusLine) || EntityUtils.toString(resp.getEntity()).contains(statusLine));
    }
}
Also used : GSSName(org.ietf.jgss.GSSName) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) HttpGet(org.apache.http.client.methods.HttpGet) KerberosCredentials(org.apache.http.auth.KerberosCredentials) HttpResponse(org.apache.http.HttpResponse) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) Oid(org.ietf.jgss.Oid) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) Subject(javax.security.auth.Subject) KrbException(org.apache.kerby.kerberos.kerb.KrbException) URL(java.net.URL) GSSCredential(org.ietf.jgss.GSSCredential) HttpHost(org.apache.http.HttpHost) GSSManager(org.ietf.jgss.GSSManager) HttpClient(org.apache.http.client.HttpClient) Lookup(org.apache.http.config.Lookup) Principal(java.security.Principal)

Example 2 with Lookup

use of org.apache.http.config.Lookup in project hbase by apache.

the class TestThriftSpnegoHttpFallbackServer method createHttpClient.

private CloseableHttpClient createHttpClient() throws Exception {
    final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(clientPrincipal, clientKeytab);
    final Set<Principal> clientPrincipals = clientSubject.getPrincipals();
    // Make sure the subject has a principal
    assertFalse("Found no client principals in the clientSubject.", clientPrincipals.isEmpty());
    // Get a TGT for the subject (might have many, different encryption types). The first should
    // be the default encryption type.
    Set<KerberosTicket> privateCredentials = clientSubject.getPrivateCredentials(KerberosTicket.class);
    assertFalse("Found no private credentials in the clientSubject.", privateCredentials.isEmpty());
    KerberosTicket tgt = privateCredentials.iterator().next();
    assertNotNull("No kerberos ticket found.", tgt);
    // The name of the principal
    final String clientPrincipalName = clientPrincipals.iterator().next().getName();
    return Subject.doAs(clientSubject, (PrivilegedExceptionAction<CloseableHttpClient>) () -> {
        // Logs in with Kerberos via GSS
        GSSManager gssManager = GSSManager.getInstance();
        // jGSS Kerberos login constant
        Oid oid = new Oid("1.2.840.113554.1.2.2");
        GSSName gssClient = gssManager.createName(clientPrincipalName, GSSName.NT_USER_NAME);
        GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
        Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();
        BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));
        return HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry).setDefaultCredentialsProvider(credentialsProvider).build();
    });
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) GSSName(org.ietf.jgss.GSSName) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) KerberosCredentials(org.apache.http.auth.KerberosCredentials) Oid(org.ietf.jgss.Oid) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) Subject(javax.security.auth.Subject) GSSCredential(org.ietf.jgss.GSSCredential) GSSManager(org.ietf.jgss.GSSManager) Lookup(org.apache.http.config.Lookup) Principal(java.security.Principal)

Example 3 with Lookup

use of org.apache.http.config.Lookup in project hbase by apache.

the class TestThriftSpnegoHttpServer method createHttpClient.

private CloseableHttpClient createHttpClient() throws Exception {
    final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(clientPrincipal, clientKeytab);
    final Set<Principal> clientPrincipals = clientSubject.getPrincipals();
    // Make sure the subject has a principal
    assertFalse("Found no client principals in the clientSubject.", clientPrincipals.isEmpty());
    // Get a TGT for the subject (might have many, different encryption types). The first should
    // be the default encryption type.
    Set<KerberosTicket> privateCredentials = clientSubject.getPrivateCredentials(KerberosTicket.class);
    assertFalse("Found no private credentials in the clientSubject.", privateCredentials.isEmpty());
    KerberosTicket tgt = privateCredentials.iterator().next();
    assertNotNull("No kerberos ticket found.", tgt);
    // The name of the principal
    final String clientPrincipalName = clientPrincipals.iterator().next().getName();
    return Subject.doAs(clientSubject, (PrivilegedExceptionAction<CloseableHttpClient>) () -> {
        // Logs in with Kerberos via GSS
        GSSManager gssManager = GSSManager.getInstance();
        // jGSS Kerberos login constant
        Oid oid = new Oid("1.2.840.113554.1.2.2");
        GSSName gssClient = gssManager.createName(clientPrincipalName, GSSName.NT_USER_NAME);
        GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
        Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();
        BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));
        return HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry).setDefaultCredentialsProvider(credentialsProvider).build();
    });
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) GSSName(org.ietf.jgss.GSSName) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) KerberosCredentials(org.apache.http.auth.KerberosCredentials) Oid(org.ietf.jgss.Oid) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) Subject(javax.security.auth.Subject) GSSCredential(org.ietf.jgss.GSSCredential) GSSManager(org.ietf.jgss.GSSManager) Lookup(org.apache.http.config.Lookup) Principal(java.security.Principal)

Example 4 with Lookup

use of org.apache.http.config.Lookup in project lucene-solr by apache.

the class CloserThread method setupHttpClientForAuthPlugin.

private void setupHttpClientForAuthPlugin(Object authcPlugin) {
    if (authcPlugin instanceof HttpClientBuilderPlugin) {
        // Setup HttpClient for internode communication
        SolrHttpClientBuilder builder = ((HttpClientBuilderPlugin) authcPlugin).getHttpClientBuilder(HttpClientUtil.getHttpClientBuilder());
        // The default http client of the core container's shardHandlerFactory has already been created and
        // configured using the default httpclient configurer. We need to reconfigure it using the plugin's
        // http client configurer to set it up for internode communication.
        log.debug("Reconfiguring HttpClient settings.");
        SolrHttpClientContextBuilder httpClientBuilder = new SolrHttpClientContextBuilder();
        if (builder.getCredentialsProviderProvider() != null) {
            httpClientBuilder.setDefaultCredentialsProvider(new CredentialsProviderProvider() {

                @Override
                public CredentialsProvider getCredentialsProvider() {
                    return builder.getCredentialsProviderProvider().getCredentialsProvider();
                }
            });
        }
        if (builder.getAuthSchemeRegistryProvider() != null) {
            httpClientBuilder.setAuthSchemeRegistryProvider(new AuthSchemeRegistryProvider() {

                @Override
                public Lookup<AuthSchemeProvider> getAuthSchemeRegistry() {
                    return builder.getAuthSchemeRegistryProvider().getAuthSchemeRegistry();
                }
            });
        }
        HttpClientUtil.setHttpClientRequestContextBuilder(httpClientBuilder);
    } else {
        if (pkiAuthenticationPlugin != null) {
            //this happened due to an authc plugin reload. no need to register the pkiAuthc plugin again
            if (pkiAuthenticationPlugin.isInterceptorRegistered())
                return;
            log.info("PKIAuthenticationPlugin is managing internode requests");
            setupHttpClientForAuthPlugin(pkiAuthenticationPlugin);
            pkiAuthenticationPlugin.setInterceptorRegistered();
        }
    }
}
Also used : SolrHttpClientBuilder(org.apache.solr.client.solrj.impl.SolrHttpClientBuilder) CredentialsProviderProvider(org.apache.solr.client.solrj.impl.SolrHttpClientContextBuilder.CredentialsProviderProvider) HttpClientBuilderPlugin(org.apache.solr.security.HttpClientBuilderPlugin) Lookup(org.apache.http.config.Lookup) CredentialsProvider(org.apache.http.client.CredentialsProvider) AuthSchemeRegistryProvider(org.apache.solr.client.solrj.impl.SolrHttpClientContextBuilder.AuthSchemeRegistryProvider) SolrHttpClientContextBuilder(org.apache.solr.client.solrj.impl.SolrHttpClientContextBuilder)

Example 5 with Lookup

use of org.apache.http.config.Lookup in project epp.mpc by eclipse.

the class TransportFactoryTest method testHttpClientTransportWin32Support.

@Test
public void testHttpClientTransportWin32Support() throws Exception {
    BundleContext bundleContext = FrameworkUtil.getBundle(TransportFactory.class).getBundleContext();
    Assume.assumeThat(bundleContext.getProperty("osgi.os"), is("win32"));
    HttpContext context = interceptRequest().getInterceptedContext();
    Lookup<?> authRegistry = (Lookup<?>) context.getAttribute(HttpClientContext.AUTHSCHEME_REGISTRY);
    CredentialsProvider credentialsProvider = (CredentialsProvider) context.getAttribute(HttpClientContext.CREDS_PROVIDER);
    assertNotNull(authRegistry);
    Object ntlmFactory = authRegistry.lookup(AuthSchemes.NTLM);
    assertNotNull(ntlmFactory);
    assertEquals("org.apache.http.impl.auth.win.WindowsNTLMSchemeFactory", ntlmFactory.getClass().getName());
    assertNotNull(credentialsProvider);
    List<CredentialsProvider> nestedProviders = listCredentialsProviders(credentialsProvider);
    assertThat(nestedProviders, hasItem(LambdaMatchers.map(x -> x.getClass().getName()).matches("org.apache.http.impl.auth.win.WindowsCredentialsProvider")));
}
Also used : TransportFactory(org.eclipse.epp.internal.mpc.core.util.TransportFactory) ITransportFactory(org.eclipse.epp.mpc.core.service.ITransportFactory) HttpClientTransportFactory(org.eclipse.epp.internal.mpc.core.transport.httpclient.HttpClientTransportFactory) FallbackTransportFactory(org.eclipse.epp.internal.mpc.core.util.FallbackTransportFactory) CoreMatchers(org.hamcrest.CoreMatchers) HttpClientCustomizer(org.eclipse.epp.internal.mpc.core.transport.httpclient.HttpClientCustomizer) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) LambdaMatchers(org.eclipse.epp.mpc.tests.LambdaMatchers) Header(org.apache.http.Header) StatusLine(org.apache.http.StatusLine) Request(org.apache.http.client.fluent.Request) ByteArrayInputStream(java.io.ByteArrayInputStream) Lookup(org.apache.http.config.Lookup) URI(java.net.URI) ServiceUnavailableException(org.eclipse.epp.mpc.core.service.ServiceUnavailableException) HttpRequestInterceptor(org.apache.http.HttpRequestInterceptor) ServiceReference(org.osgi.framework.ServiceReference) ITransport(org.eclipse.epp.mpc.core.service.ITransport) Collection(java.util.Collection) HttpEntity(org.apache.http.HttpEntity) Set(java.util.Set) ServiceUtil(org.eclipse.epp.internal.mpc.core.util.ServiceUtil) HttpRequest(org.apache.http.HttpRequest) BundleContext(org.osgi.framework.BundleContext) IProgressMonitor(org.eclipse.core.runtime.IProgressMonitor) TransportFactory(org.eclipse.epp.internal.mpc.core.util.TransportFactory) HttpException(org.apache.http.HttpException) ITransportFactory(org.eclipse.epp.mpc.core.service.ITransportFactory) List(java.util.List) HttpGet(org.apache.http.client.methods.HttpGet) BasicHttpContext(org.apache.http.protocol.BasicHttpContext) CredentialsProvider(org.apache.http.client.CredentialsProvider) Dictionary(java.util.Dictionary) ClientProtocolException(org.apache.http.client.ClientProtocolException) HttpClientTransportFactory(org.eclipse.epp.internal.mpc.core.transport.httpclient.HttpClientTransportFactory) HttpClientTransport(org.eclipse.epp.internal.mpc.core.transport.httpclient.HttpClientTransport) MarketplaceClientCorePlugin(org.eclipse.epp.internal.mpc.core.MarketplaceClientCorePlugin) Matchers(org.mockito.Matchers) ComponentConstants(org.osgi.service.component.ComponentConstants) ServiceHelper(org.eclipse.epp.mpc.core.service.ServiceHelper) FallbackTransportFactory(org.eclipse.epp.internal.mpc.core.util.FallbackTransportFactory) Constructor(java.lang.reflect.Constructor) AuthSchemes(org.apache.http.client.config.AuthSchemes) ArrayList(java.util.ArrayList) Answer(org.mockito.stubbing.Answer) SynchronizedCredentialsProvider(org.eclipse.epp.internal.mpc.core.transport.httpclient.SynchronizedCredentialsProvider) InvocationOnMock(org.mockito.invocation.InvocationOnMock) ChainedCredentialsProvider(org.eclipse.epp.internal.mpc.core.transport.httpclient.ChainedCredentialsProvider) HttpClient(org.apache.http.client.HttpClient) Assume(org.junit.Assume) LinkedHashSet(java.util.LinkedHashSet) Before(org.junit.Before) ServiceRegistration(org.osgi.framework.ServiceRegistration) Matchers(org.hamcrest.Matchers) IOException(java.io.IOException) Test(org.junit.Test) Mockito(org.mockito.Mockito) NullProgressMonitor(org.eclipse.core.runtime.NullProgressMonitor) HttpContext(org.apache.http.protocol.HttpContext) HttpResponse(org.apache.http.HttpResponse) ConnectionClosedException(org.apache.http.ConnectionClosedException) Response(org.apache.http.client.fluent.Response) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) Assert(org.junit.Assert) FrameworkUtil(org.osgi.framework.FrameworkUtil) InputStream(java.io.InputStream) BasicHttpContext(org.apache.http.protocol.BasicHttpContext) HttpContext(org.apache.http.protocol.HttpContext) Lookup(org.apache.http.config.Lookup) CredentialsProvider(org.apache.http.client.CredentialsProvider) SynchronizedCredentialsProvider(org.eclipse.epp.internal.mpc.core.transport.httpclient.SynchronizedCredentialsProvider) ChainedCredentialsProvider(org.eclipse.epp.internal.mpc.core.transport.httpclient.ChainedCredentialsProvider) BundleContext(org.osgi.framework.BundleContext) Test(org.junit.Test)

Aggregations

Lookup (org.apache.http.config.Lookup)6 Principal (java.security.Principal)4 Subject (javax.security.auth.Subject)4 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)4 KerberosCredentials (org.apache.http.auth.KerberosCredentials)4 SPNegoSchemeFactory (org.apache.http.impl.auth.SPNegoSchemeFactory)4 BasicCredentialsProvider (org.apache.http.impl.client.BasicCredentialsProvider)4 HttpResponse (org.apache.http.HttpResponse)3 HttpClient (org.apache.http.client.HttpClient)3 HttpGet (org.apache.http.client.methods.HttpGet)3 HttpClientContext (org.apache.http.client.protocol.HttpClientContext)3 GSSCredential (org.ietf.jgss.GSSCredential)3 GSSManager (org.ietf.jgss.GSSManager)3 GSSName (org.ietf.jgss.GSSName)3 Oid (org.ietf.jgss.Oid)3 IOException (java.io.IOException)2 URL (java.net.URL)2 HttpHost (org.apache.http.HttpHost)2 CredentialsProvider (org.apache.http.client.CredentialsProvider)2 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial