Search in sources :

Example 51 with BasicCookieStore

use of org.apache.http.impl.client.BasicCookieStore in project wildfly by wildfly.

the class OidcBaseTest method loginToApp.

public static void loginToApp(String appName, String username, String password, int expectedStatusCode, String expectedText, boolean loginToKeycloak) throws Exception {
    final URI requestUri = new URL("http", TestSuiteEnvironment.getHttpAddress(), TestSuiteEnvironment.getHttpPort(), "/" + appName + SimpleSecuredServlet.SERVLET_PATH).toURI();
    CookieStore store = new BasicCookieStore();
    HttpClient httpClient = TestHttpClientUtils.promiscuousCookieHttpClientBuilder().setDefaultCookieStore(store).setRedirectStrategy(new LaxRedirectStrategy()).build();
    HttpGet getMethod = new HttpGet(requestUri);
    HttpContext context = new BasicHttpContext();
    HttpResponse response = httpClient.execute(getMethod, context);
    try {
        int statusCode = response.getStatusLine().getStatusCode();
        if (loginToKeycloak) {
            assertTrue("Expected code == OK but got " + statusCode + " for request=" + requestUri, statusCode == HttpURLConnection.HTTP_OK);
            Form keycloakLoginForm = new Form(response);
            HttpResponse afterLoginClickResponse = simulateClickingOnButton(httpClient, keycloakLoginForm, username, password, "Sign In");
            afterLoginClickResponse.getEntity().getContent();
            assertEquals(expectedStatusCode, afterLoginClickResponse.getStatusLine().getStatusCode());
            if (expectedText != null) {
                String responseString = new BasicResponseHandler().handleResponse(afterLoginClickResponse);
                assertTrue(responseString.contains(expectedText));
            }
        } else {
            assertTrue("Expected code == FORBIDDEN but got " + statusCode + " for request=" + requestUri, statusCode == HttpURLConnection.HTTP_FORBIDDEN);
        }
    } finally {
        HttpClientUtils.closeQuietly(response);
    }
}
Also used : BasicHttpContext(org.apache.http.protocol.BasicHttpContext) HttpGet(org.apache.http.client.methods.HttpGet) BasicHttpContext(org.apache.http.protocol.BasicHttpContext) HttpContext(org.apache.http.protocol.HttpContext) BasicResponseHandler(org.apache.http.impl.client.BasicResponseHandler) HttpResponse(org.apache.http.HttpResponse) URI(java.net.URI) URL(java.net.URL) CookieStore(org.apache.http.client.CookieStore) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) HttpClient(org.apache.http.client.HttpClient) LaxRedirectStrategy(org.apache.http.impl.client.LaxRedirectStrategy)

Example 52 with BasicCookieStore

use of org.apache.http.impl.client.BasicCookieStore in project wildfly by wildfly.

the class SSOTestBase method executeFormAuthSingleSignOnTest.

/**
 * Test single sign-on across two web apps using form based auth
 *
 * @throws Exception
 */
public static void executeFormAuthSingleSignOnTest(URL serverA, URL serverB, Logger log) throws Exception {
    URL warA1 = new URL(serverA, "/war1/");
    URL warB2 = new URL(serverB, "/war2/");
    // Start by accessing the secured index.html of war1
    CookieStore store = new BasicCookieStore();
    HttpClient httpclient = TestHttpClientUtils.promiscuousCookieHttpClientBuilder().setDefaultCookieStore(store).disableRedirectHandling().build();
    try {
        checkAccessDenied(httpclient, warA1 + "index.html");
        log.debug("Saw JSESSIONID=" + getSessionIdValueFromState(store));
        // Submit the login form
        executeFormLogin(httpclient, warA1);
        String ssoID = processSSOCookie(store, serverA.toString(), serverB.toString());
        log.debug("Saw JSESSIONIDSSO=" + ssoID);
        // Now try getting the war2 index using the JSESSIONIDSSO cookie
        log.debug("Prepare /war2/index.html get");
        checkAccessAllowed(httpclient, warB2 + "index.html");
        // Access a secured servlet that calls a secured Jakarta Enterprise Beans in war2 to test
        // propagation of the SSO identity to the Jakarta Enterprise Beans container.
        checkAccessAllowed(httpclient, warB2 + "EJBServlet");
        // Now try logging out of war2
        executeLogout(httpclient, warB2);
    } finally {
        HttpClientUtils.closeQuietly(httpclient);
    }
    try {
        // Reset Http client
        httpclient = HttpClients.createDefault();
        // Try accessing war1 again
        checkAccessDenied(httpclient, warA1 + "index.html");
        // Try accessing war2 again
        checkAccessDenied(httpclient, warB2 + "index.html");
    } finally {
        HttpClientUtils.closeQuietly(httpclient);
    }
}
Also used : CookieStore(org.apache.http.client.CookieStore) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) HttpClient(org.apache.http.client.HttpClient) URL(java.net.URL)

Example 53 with BasicCookieStore

use of org.apache.http.impl.client.BasicCookieStore in project wildfly by wildfly.

the class DefaultCookieVersionTestCase method commonSendCookieVersion.

private void commonSendCookieVersion(int cookieVersion) throws IOException, URISyntaxException {
    configureDefaultCookieVersion(cookieVersion);
    BasicCookieStore basicCookieStore = new BasicCookieStore();
    BasicClientCookie cookie = new BasicClientCookie("testCookie", "testCookieValue");
    cookie.setVersion(cookieVersion);
    cookie.setDomain(cookieURL.getHost());
    basicCookieStore.addCookie(cookie);
    try (CloseableHttpClient httpclient = HttpClientBuilder.create().setDefaultCookieStore(basicCookieStore).build()) {
        HttpResponse response = httpclient.execute(new HttpGet(cookieURL.toURI() + "CookieEchoServlet"));
        if (response.getEntity() != null) {
            Assert.assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
            Assert.assertEquals(cookieVersion + "", EntityUtils.toString(response.getEntity()));
        }
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) HttpGet(org.apache.http.client.methods.HttpGet) HttpResponse(org.apache.http.HttpResponse) BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie)

Example 54 with BasicCookieStore

use of org.apache.http.impl.client.BasicCookieStore in project cloudstack by apache.

the class HttpClientHelper method createHttpClient.

public static CloseableHttpClient createHttpClient(final int maxRedirects) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
    final Registry<ConnectionSocketFactory> socketFactoryRegistry = createSocketFactoryConfigration();
    final BasicCookieStore cookieStore = new BasicCookieStore();
    return HttpClientBuilder.create().setConnectionManager(new PoolingHttpClientConnectionManager(socketFactoryRegistry)).setRedirectStrategy(new LaxRedirectStrategy()).setDefaultRequestConfig(RequestConfig.custom().setCookieSpec(CookieSpecs.DEFAULT).setMaxRedirects(maxRedirects).build()).setDefaultCookieStore(cookieStore).setRetryHandler(new StandardHttpRequestRetryHandler()).build();
}
Also used : ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) LaxRedirectStrategy(org.apache.http.impl.client.LaxRedirectStrategy) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager) StandardHttpRequestRetryHandler(org.apache.http.impl.client.StandardHttpRequestRetryHandler)

Example 55 with BasicCookieStore

use of org.apache.http.impl.client.BasicCookieStore in project hive by apache.

the class HiveConnection method getHttpClient.

private CloseableHttpClient getHttpClient(Boolean useSsl) throws SQLException {
    boolean isCookieEnabled = sessConfMap.get(JdbcConnectionParams.COOKIE_AUTH) == null || (!JdbcConnectionParams.COOKIE_AUTH_FALSE.equalsIgnoreCase(sessConfMap.get(JdbcConnectionParams.COOKIE_AUTH)));
    String cookieName = sessConfMap.get(JdbcConnectionParams.COOKIE_NAME) == null ? JdbcConnectionParams.DEFAULT_COOKIE_NAMES_HS2 : sessConfMap.get(JdbcConnectionParams.COOKIE_NAME);
    CookieStore cookieStore = isCookieEnabled ? new BasicCookieStore() : null;
    HttpClientBuilder httpClientBuilder = null;
    // Request interceptor for any request pre-processing logic
    HttpRequestInterceptor requestInterceptor;
    Map<String, String> additionalHttpHeaders = new HashMap<String, String>();
    Map<String, String> customCookies = new HashMap<String, String>();
    // Retrieve the additional HttpHeaders
    for (Map.Entry<String, String> entry : sessConfMap.entrySet()) {
        String key = entry.getKey();
        if (key.startsWith(JdbcConnectionParams.HTTP_HEADER_PREFIX)) {
            additionalHttpHeaders.put(key.substring(JdbcConnectionParams.HTTP_HEADER_PREFIX.length()), entry.getValue());
        }
        if (key.startsWith(JdbcConnectionParams.HTTP_COOKIE_PREFIX)) {
            customCookies.put(key.substring(JdbcConnectionParams.HTTP_COOKIE_PREFIX.length()), entry.getValue());
        }
    }
    // Configure http client for kerberos/password based authentication
    if (isKerberosAuthMode()) {
        if (assumeSubject) {
            // With this option, we're assuming that the external application,
            // using the JDBC driver has done a JAAS kerberos login already
            AccessControlContext context = AccessController.getContext();
            loggedInSubject = Subject.getSubject(context);
            if (loggedInSubject == null) {
                throw new SQLException("The Subject is not set");
            }
        }
        /**
         * Add an interceptor which sets the appropriate header in the request.
         * It does the kerberos authentication and get the final service ticket,
         * for sending to the server before every request.
         * In https mode, the entire information is encrypted
         */
        requestInterceptor = new HttpKerberosRequestInterceptor(sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host, getServerHttpUrl(useSsl), loggedInSubject, cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
    } else if (isBrowserAuthMode()) {
        requestInterceptor = new HttpSamlAuthRequestInterceptor(browserClient, cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
    } else {
        // Check for delegation token, if present add it in the header
        String tokenStr = getClientDelegationToken(sessConfMap);
        if (tokenStr != null) {
            requestInterceptor = new HttpTokenAuthInterceptor(tokenStr, cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
        } else {
            /**
             * Add an interceptor to pass username/password in the header.
             * In https mode, the entire information is encrypted
             */
            requestInterceptor = new HttpBasicAuthInterceptor(getUserName(), getPassword(), cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
        }
    }
    // Configure http client for cookie based authentication
    if (isCookieEnabled) {
        // Create a http client with a retry mechanism when the server returns a status code of 401.
        httpClientBuilder = HttpClients.custom().setDefaultCookieStore(cookieStore).setServiceUnavailableRetryStrategy(new ServiceUnavailableRetryStrategy() {

            @Override
            public boolean retryRequest(final HttpResponse response, final int executionCount, final HttpContext context) {
                int statusCode = response.getStatusLine().getStatusCode();
                boolean sentCredentials = context.getAttribute(Utils.HIVE_SERVER2_SENT_CREDENTIALS) != null && context.getAttribute(Utils.HIVE_SERVER2_SENT_CREDENTIALS).equals(Utils.HIVE_SERVER2_CONST_TRUE);
                boolean ret = statusCode == 401 && executionCount <= 1 && !sentCredentials;
                // interceptor
                if (ret) {
                    context.setAttribute(Utils.HIVE_SERVER2_RETRY_KEY, Utils.HIVE_SERVER2_CONST_TRUE);
                }
                return ret;
            }

            @Override
            public long getRetryInterval() {
                // Immediate retry
                return 0;
            }
        });
    } else {
        httpClientBuilder = HttpClientBuilder.create();
    }
    // Beeline <------> LB <------> Reverse Proxy <-----> Hiveserver2
    // In case of deployments like above, the LoadBalancer (LB) can be configured with Idle Timeout after which the LB
    // will send TCP RST to Client (Beeline) and Backend (Reverse Proxy). If user is connected to beeline, idle for
    // sometime and resubmits a query after the idle timeout there is a broken pipe between beeline and LB. When Beeline
    // tries to submit the query one of two things happen, it either hangs or times out (if socketTimeout is defined in
    // the jdbc param). The hang is because of the default infinite socket timeout for which there is no auto-recovery
    // (user have to manually interrupt the query). If the socketTimeout jdbc param was specified, beeline will receive
    // SocketTimeoutException (Read Timeout) or NoHttpResponseException both of which can be retried if maxRetries is
    // also specified by the user (jdbc param).
    // The following retry handler handles the above cases in addition to retries for idempotent and unsent requests.
    httpClientBuilder.setRetryHandler(new HttpRequestRetryHandler() {

        // This handler is mostly a copy of DefaultHttpRequestRetryHandler except it also retries some exceptions
        // which could be thrown in certain cases where idle timeout from intermediate proxy triggers a connection reset.
        private final List<Class<? extends IOException>> nonRetriableClasses = Arrays.asList(InterruptedIOException.class, UnknownHostException.class, ConnectException.class, SSLException.class);

        // socket exceptions could happen because of timeout, broken pipe or server not responding in which case it is
        // better to reopen the connection and retry if user specified maxRetries
        private final List<Class<? extends IOException>> retriableClasses = Arrays.asList(SocketTimeoutException.class, SocketException.class, NoHttpResponseException.class);

        @Override
        public boolean retryRequest(IOException exception, int executionCount, HttpContext context) {
            Args.notNull(exception, "Exception parameter");
            Args.notNull(context, "HTTP context");
            if (executionCount > maxRetries) {
                // Do not retry if over max retry count
                LOG.error("Max retries (" + maxRetries + ") exhausted.", exception);
                return false;
            }
            if (this.retriableClasses.contains(exception.getClass())) {
                LOG.info("Retrying " + exception.getClass() + " as it is in retriable classes list.");
                return true;
            }
            if (this.nonRetriableClasses.contains(exception.getClass())) {
                LOG.info("Not retrying as the class (" + exception.getClass() + ") is non-retriable class.");
                return false;
            } else {
                for (final Class<? extends IOException> rejectException : this.nonRetriableClasses) {
                    if (rejectException.isInstance(exception)) {
                        LOG.info("Not retrying as the class (" + exception.getClass() + ") is an instance of is non-retriable class.");
                        return false;
                    }
                }
            }
            final HttpClientContext clientContext = HttpClientContext.adapt(context);
            final HttpRequest request = clientContext.getRequest();
            if (requestIsAborted(request)) {
                LOG.info("Not retrying as request is aborted.");
                return false;
            }
            if (handleAsIdempotent(request)) {
                LOG.info("Retrying idempotent request. Attempt " + executionCount + " of " + maxRetries);
                // Retry if the request is considered idempotent
                return true;
            }
            if (!clientContext.isRequestSent()) {
                LOG.info("Retrying unsent request. Attempt " + executionCount + " of " + maxRetries);
                // if it's OK to retry methods that have been sent
                return true;
            }
            LOG.info("Not retrying as the request is not idempotent or is already sent.");
            // otherwise do not retry
            return false;
        }

        // requests that handles "Expect continue" handshakes. If server received the header and is waiting for body
        // then those requests can be retried. Most basic http method methods except DELETE are idempotent as long as they
        // are not aborted.
        protected boolean handleAsIdempotent(final HttpRequest request) {
            return !(request instanceof HttpEntityEnclosingRequest);
        }

        // checks if the request got aborted
        protected boolean requestIsAborted(final HttpRequest request) {
            HttpRequest req = request;
            if (request instanceof RequestWrapper) {
                // does not forward request to original
                req = ((RequestWrapper) request).getOriginal();
            }
            return (req instanceof HttpUriRequest && ((HttpUriRequest) req).isAborted());
        }
    });
    if (isBrowserAuthMode()) {
        httpClientBuilder.setRedirectStrategy(new HiveJdbcSamlRedirectStrategy(browserClient));
    }
    // Add the request interceptor to the client builder
    httpClientBuilder.addInterceptorFirst(requestInterceptor);
    // Add an interceptor to add in an XSRF header
    httpClientBuilder.addInterceptorLast(new XsrfHttpRequestInterceptor());
    // set the specified timeout (socketTimeout jdbc param) for http connection as well
    RequestConfig config = RequestConfig.custom().setConnectTimeout(loginTimeout * 1000).setConnectionRequestTimeout(loginTimeout * 1000).setSocketTimeout(loginTimeout * 1000).build();
    httpClientBuilder.setDefaultRequestConfig(config);
    // Configure http client for SSL
    if (useSsl) {
        String useTwoWaySSL = sessConfMap.get(JdbcConnectionParams.USE_TWO_WAY_SSL);
        String sslTrustStorePath = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE);
        String sslTrustStorePassword = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD);
        KeyStore sslTrustStore;
        SSLConnectionSocketFactory socketFactory;
        SSLContext sslContext;
        /**
         * The code within the try block throws: SSLInitializationException, KeyStoreException,
         * IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException &
         * UnrecoverableKeyException. We don't want the client to retry on any of these,
         * hence we catch all and throw a SQLException.
         */
        try {
            if (useTwoWaySSL != null && useTwoWaySSL.equalsIgnoreCase(JdbcConnectionParams.TRUE)) {
                socketFactory = getTwoWaySSLSocketFactory();
            } else if (sslTrustStorePath == null || sslTrustStorePath.isEmpty()) {
                // Create a default socket factory based on standard JSSE trust material
                socketFactory = SSLConnectionSocketFactory.getSocketFactory();
            } else {
                // Pick trust store config from the given path
                String trustStoreType = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE_TYPE);
                if (trustStoreType == null || trustStoreType.isEmpty()) {
                    trustStoreType = KeyStore.getDefaultType();
                }
                sslTrustStore = KeyStore.getInstance(trustStoreType);
                try (FileInputStream fis = new FileInputStream(sslTrustStorePath)) {
                    sslTrustStore.load(fis, sslTrustStorePassword.toCharArray());
                }
                sslContext = SSLContexts.custom().loadTrustMaterial(sslTrustStore, null).build();
                socketFactory = new SSLConnectionSocketFactory(sslContext, new DefaultHostnameVerifier(null));
            }
            final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", socketFactory).build();
            httpClientBuilder.setConnectionManager(new BasicHttpClientConnectionManager(registry));
        } catch (Exception e) {
            String msg = "Could not create an https connection to " + jdbcUriString + ". " + e.getMessage();
            throw new SQLException(msg, " 08S01", e);
        }
    }
    return httpClientBuilder.build();
}
Also used : HttpUriRequest(org.apache.http.client.methods.HttpUriRequest) HashMap(java.util.HashMap) SQLException(java.sql.SQLException) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) ServiceUnavailableRetryStrategy(org.apache.http.client.ServiceUnavailableRetryStrategy) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) AccessControlContext(java.security.AccessControlContext) HiveJdbcSamlRedirectStrategy(org.apache.hive.jdbc.saml.HiveJdbcSamlRedirectStrategy) DefaultHostnameVerifier(org.apache.http.conn.ssl.DefaultHostnameVerifier) HttpEntityEnclosingRequest(org.apache.http.HttpEntityEnclosingRequest) RequestWrapper(org.apache.http.impl.client.RequestWrapper) BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager) HttpSamlAuthRequestInterceptor(org.apache.hive.jdbc.saml.HttpSamlAuthRequestInterceptor) HttpRequest(org.apache.http.HttpRequest) RequestConfig(org.apache.http.client.config.RequestConfig) HttpContext(org.apache.http.protocol.HttpContext) HttpResponse(org.apache.http.HttpResponse) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) InterruptedIOException(java.io.InterruptedIOException) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) Savepoint(java.sql.Savepoint) FileInputStream(java.io.FileInputStream) SQLFeatureNotSupportedException(java.sql.SQLFeatureNotSupportedException) SaslException(javax.security.sasl.SaslException) InvocationTargetException(java.lang.reflect.InvocationTargetException) SSLException(javax.net.ssl.SSLException) InterruptedIOException(java.io.InterruptedIOException) SocketException(java.net.SocketException) SQLClientInfoException(java.sql.SQLClientInfoException) SQLException(java.sql.SQLException) SocketTimeoutException(java.net.SocketTimeoutException) ConnectException(java.net.ConnectException) TException(org.apache.thrift.TException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) TTransportException(org.apache.thrift.transport.TTransportException) NoHttpResponseException(org.apache.http.NoHttpResponseException) HiveJdbcBrowserException(org.apache.hive.jdbc.saml.IJdbcBrowserClient.HiveJdbcBrowserException) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) CookieStore(org.apache.http.client.CookieStore) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) HttpRequestInterceptor(org.apache.http.HttpRequestInterceptor) HttpRequestRetryHandler(org.apache.http.client.HttpRequestRetryHandler) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

BasicCookieStore (org.apache.http.impl.client.BasicCookieStore)138 HttpResponse (org.apache.http.HttpResponse)54 HttpGet (org.apache.http.client.methods.HttpGet)51 Test (org.junit.Test)44 BasicClientCookie (org.apache.http.impl.cookie.BasicClientCookie)40 RequestConfig (org.apache.http.client.config.RequestConfig)36 HttpClientBuilder (org.apache.http.impl.client.HttpClientBuilder)36 CookieStore (org.apache.http.client.CookieStore)26 Header (org.apache.http.Header)25 HttpClient (org.apache.http.client.HttpClient)25 IOException (java.io.IOException)23 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)22 Cookie (org.apache.http.cookie.Cookie)19 HttpPost (org.apache.http.client.methods.HttpPost)15 CredentialsProvider (org.apache.http.client.CredentialsProvider)14 HttpClientContext (org.apache.http.client.protocol.HttpClientContext)14 BasicCredentialsProvider (org.apache.http.impl.client.BasicCredentialsProvider)14 BasicHttpContext (org.apache.http.protocol.BasicHttpContext)13 URI (java.net.URI)12 HttpEntity (org.apache.http.HttpEntity)12