Example 6 with BasicHttpClientConnectionManager
use of org.apache.http.impl.conn.BasicHttpClientConnectionManager in project hive by apache.
the class HiveConnection method getHttpClient.
private CloseableHttpClient getHttpClient(Boolean useSsl) throws SQLException {
boolean isCookieEnabled = sessConfMap.get(JdbcConnectionParams.COOKIE_AUTH) == null || (!JdbcConnectionParams.COOKIE_AUTH_FALSE.equalsIgnoreCase(sessConfMap.get(JdbcConnectionParams.COOKIE_AUTH)));
String cookieName = sessConfMap.get(JdbcConnectionParams.COOKIE_NAME) == null ? JdbcConnectionParams.DEFAULT_COOKIE_NAMES_HS2 : sessConfMap.get(JdbcConnectionParams.COOKIE_NAME);
CookieStore cookieStore = isCookieEnabled ? new BasicCookieStore() : null;
HttpClientBuilder httpClientBuilder;
// Request interceptor for any request pre-processing logic
HttpRequestInterceptor requestInterceptor;
Map<String, String> additionalHttpHeaders = new HashMap<String, String>();
Map<String, String> customCookies = new HashMap<String, String>();
// Retrieve the additional HttpHeaders
for (Map.Entry<String, String> entry : sessConfMap.entrySet()) {
String key = entry.getKey();
if (key.startsWith(JdbcConnectionParams.HTTP_HEADER_PREFIX)) {
additionalHttpHeaders.put(key.substring(JdbcConnectionParams.HTTP_HEADER_PREFIX.length()), entry.getValue());
}
if (key.startsWith(JdbcConnectionParams.HTTP_COOKIE_PREFIX)) {
customCookies.put(key.substring(JdbcConnectionParams.HTTP_COOKIE_PREFIX.length()), entry.getValue());
}
}
// Configure http client for kerberos/password based authentication
if (isKerberosAuthMode()) {
/**
* Add an interceptor which sets the appropriate header in the request.
* It does the kerberos authentication and get the final service ticket,
* for sending to the server before every request.
* In https mode, the entire information is encrypted
*/
requestInterceptor = new HttpKerberosRequestInterceptor(sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host, getServerHttpUrl(useSsl), assumeSubject, cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
} else {
// Check for delegation token, if present add it in the header
String tokenStr = getClientDelegationToken(sessConfMap);
if (tokenStr != null) {
requestInterceptor = new HttpTokenAuthInterceptor(tokenStr, cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
} else {
/**
* Add an interceptor to pass username/password in the header.
* In https mode, the entire information is encrypted
*/
requestInterceptor = new HttpBasicAuthInterceptor(getUserName(), getPassword(), cookieStore, cookieName, useSsl, additionalHttpHeaders, customCookies);
}
}
// Configure http client for cookie based authentication
if (isCookieEnabled) {
// Create a http client with a retry mechanism when the server returns a status code of 401.
httpClientBuilder = HttpClients.custom().setServiceUnavailableRetryStrategy(new ServiceUnavailableRetryStrategy() {
@Override
public boolean retryRequest(final HttpResponse response, final int executionCount, final HttpContext context) {
int statusCode = response.getStatusLine().getStatusCode();
boolean ret = statusCode == 401 && executionCount <= 1;
// interceptor
if (ret) {
context.setAttribute(Utils.HIVE_SERVER2_RETRY_KEY, Utils.HIVE_SERVER2_RETRY_TRUE);
}
return ret;
}
@Override
public long getRetryInterval() {
// Immediate retry
return 0;
}
});
} else {
httpClientBuilder = HttpClientBuilder.create();
}
// In case the server's idletimeout is set to a lower value, it might close it's side of
// connection. However we retry one more time on NoHttpResponseException
httpClientBuilder.setRetryHandler(new HttpRequestRetryHandler() {
@Override
public boolean retryRequest(IOException exception, int executionCount, HttpContext context) {
if (executionCount > 1) {
LOG.info("Retry attempts to connect to server exceeded.");
return false;
}
if (exception instanceof org.apache.http.NoHttpResponseException) {
LOG.info("Could not connect to the server. Retrying one more time.");
return true;
}
return false;
}
});
// Add the request interceptor to the client builder
httpClientBuilder.addInterceptorFirst(requestInterceptor);
// Add an interceptor to add in an XSRF header
httpClientBuilder.addInterceptorLast(new XsrfHttpRequestInterceptor());
// Configure http client for SSL
if (useSsl) {
String useTwoWaySSL = sessConfMap.get(JdbcConnectionParams.USE_TWO_WAY_SSL);
String sslTrustStorePath = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE);
String sslTrustStorePassword = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD);
KeyStore sslTrustStore;
SSLConnectionSocketFactory socketFactory;
SSLContext sslContext;
/**
* The code within the try block throws: SSLInitializationException, KeyStoreException,
* IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException &
* UnrecoverableKeyException. We don't want the client to retry on any of these,
* hence we catch all and throw a SQLException.
*/
try {
if (useTwoWaySSL != null && useTwoWaySSL.equalsIgnoreCase(JdbcConnectionParams.TRUE)) {
socketFactory = getTwoWaySSLSocketFactory();
} else if (sslTrustStorePath == null || sslTrustStorePath.isEmpty()) {
// Create a default socket factory based on standard JSSE trust material
socketFactory = SSLConnectionSocketFactory.getSocketFactory();
} else {
// Pick trust store config from the given path
sslTrustStore = KeyStore.getInstance(JdbcConnectionParams.SSL_TRUST_STORE_TYPE);
try (FileInputStream fis = new FileInputStream(sslTrustStorePath)) {
sslTrustStore.load(fis, sslTrustStorePassword.toCharArray());
}
sslContext = SSLContexts.custom().loadTrustMaterial(sslTrustStore, null).build();
socketFactory = new SSLConnectionSocketFactory(sslContext, new DefaultHostnameVerifier(null));
}
final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", socketFactory).build();
httpClientBuilder.setConnectionManager(new BasicHttpClientConnectionManager(registry));
} catch (Exception e) {
String msg = "Could not create an https connection to " + jdbcUriString + ". " + e.getMessage();
throw new SQLException(msg, " 08S01", e);
}
}
return httpClientBuilder.build();
}
Also used :
HashMap(java.util.HashMap)
SQLException(java.sql.SQLException)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
ServiceUnavailableRetryStrategy(org.apache.http.client.ServiceUnavailableRetryStrategy)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
DefaultHostnameVerifier(org.apache.http.conn.ssl.DefaultHostnameVerifier)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
HttpContext(org.apache.http.protocol.HttpContext)
HttpResponse(org.apache.http.HttpResponse)
IOException(java.io.IOException)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
Savepoint(java.sql.Savepoint)
FileInputStream(java.io.FileInputStream)
TTransportException(org.apache.thrift.transport.TTransportException)
SQLFeatureNotSupportedException(java.sql.SQLFeatureNotSupportedException)
SaslException(javax.security.sasl.SaslException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
SQLClientInfoException(java.sql.SQLClientInfoException)
SQLException(java.sql.SQLException)
TException(org.apache.thrift.TException)
IOException(java.io.IOException)
CookieStore(org.apache.http.client.CookieStore)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
HttpRequestInterceptor(org.apache.http.HttpRequestInterceptor)
HttpRequestRetryHandler(org.apache.http.client.HttpRequestRetryHandler)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 7 with BasicHttpClientConnectionManager
use of org.apache.http.impl.conn.BasicHttpClientConnectionManager in project openremote by openremote.
the class ExtensibleResteasyClientBuilder method initDefaultEngine43.
// The rest is copy/paste pretty much
public static ApacheHttpClient43Engine initDefaultEngine43(ExtensibleResteasyClientBuilder that) {
HttpClient httpClient = null;
HostnameVerifier verifier = null;
if (that.verifier != null) {
verifier = new ExtensibleResteasyClientBuilder.VerifierWrapper(that.verifier);
} else {
switch(that.policy) {
case ANY:
verifier = new NoopHostnameVerifier();
break;
case WILDCARD:
verifier = new DefaultHostnameVerifier();
break;
case STRICT:
verifier = new DefaultHostnameVerifier();
break;
}
}
try {
SSLConnectionSocketFactory sslsf = null;
SSLContext theContext = that.sslContext;
if (that.disableTrustManager) {
theContext = SSLContext.getInstance("SSL");
theContext.init(null, new TrustManager[] { new PassthroughTrustManager() }, new SecureRandom());
verifier = new NoopHostnameVerifier();
sslsf = new SSLConnectionSocketFactory(theContext, verifier);
} else if (theContext != null) {
sslsf = new SSLConnectionSocketFactory(theContext, verifier) {
@Override
protected void prepareSocket(SSLSocket socket) throws IOException {
that.prepareSocketForSni(socket);
}
};
} else if (that.clientKeyStore != null || that.truststore != null) {
SSLContext ctx = SSLContexts.custom().useProtocol(SSLConnectionSocketFactory.TLS).setSecureRandom(null).loadKeyMaterial(that.clientKeyStore, that.clientPrivateKeyPassword != null ? that.clientPrivateKeyPassword.toCharArray() : null).loadTrustMaterial(that.truststore, TrustSelfSignedStrategy.INSTANCE).build();
sslsf = new SSLConnectionSocketFactory(ctx, verifier) {
@Override
protected void prepareSocket(SSLSocket socket) throws IOException {
that.prepareSocketForSni(socket);
}
};
} else {
final SSLContext tlsContext = SSLContext.getInstance(SSLConnectionSocketFactory.TLS);
tlsContext.init(null, null, null);
sslsf = new SSLConnectionSocketFactory(tlsContext, verifier);
}
final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslsf).build();
HttpClientConnectionManager cm = null;
if (that.connectionPoolSize > 0) {
PoolingHttpClientConnectionManager tcm = new PoolingHttpClientConnectionManager(registry, null, null, null, that.connectionTTL, that.connectionTTLUnit);
tcm.setMaxTotal(that.connectionPoolSize);
if (that.maxPooledPerRoute == 0) {
that.maxPooledPerRoute = that.connectionPoolSize;
}
tcm.setDefaultMaxPerRoute(that.maxPooledPerRoute);
cm = tcm;
} else {
cm = new BasicHttpClientConnectionManager(registry);
}
RequestConfig.Builder rcBuilder = RequestConfig.custom();
if (that.socketTimeout > -1) {
rcBuilder.setSocketTimeout((int) that.socketTimeoutUnits.toMillis(that.socketTimeout));
}
if (that.establishConnectionTimeout > -1) {
rcBuilder.setConnectTimeout((int) that.establishConnectionTimeoutUnits.toMillis(that.establishConnectionTimeout));
}
if (that.connectionCheckoutTimeoutMs > -1) {
rcBuilder.setConnectionRequestTimeout(that.connectionCheckoutTimeoutMs);
}
// The magic configure()
httpClient = that.configure(HttpClientBuilder.create().setConnectionManager(cm).setDefaultRequestConfig(rcBuilder.build()).setProxy(that.defaultProxy).disableContentCompression()).build();
ApacheHttpClient43Engine engine = (ApacheHttpClient43Engine) ApacheHttpClient4EngineFactory.create(httpClient, true);
engine.setResponseBufferSize(that.responseBufferSize);
engine.setHostnameVerifier(verifier);
// this may be null. We can't really support this with Apache Client.
engine.setSslContext(theContext);
return engine;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
RequestConfig(org.apache.http.client.config.RequestConfig)
NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier)
PassthroughTrustManager(org.jboss.resteasy.client.jaxrs.engines.PassthroughTrustManager)
SecureRandom(java.security.SecureRandom)
IOException(java.io.IOException)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
ApacheHttpClient43Engine(org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine)
IOException(java.io.IOException)
DefaultHostnameVerifier(org.apache.http.conn.ssl.DefaultHostnameVerifier)
NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier)
PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
DefaultHostnameVerifier(org.apache.http.conn.ssl.DefaultHostnameVerifier)
HttpClient(org.apache.http.client.HttpClient)
HttpClientConnectionManager(org.apache.http.conn.HttpClientConnectionManager)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
Example 8 with BasicHttpClientConnectionManager
use of org.apache.http.impl.conn.BasicHttpClientConnectionManager in project wildfly by wildfly.
the class WebSecurityCERTTestCase method getHttpsClient.
private static CloseableHttpClient getHttpsClient(String alias) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
JBossJSSESecurityDomain jsseSecurityDomain = new JBossJSSESecurityDomain("client-cert");
jsseSecurityDomain.setKeyStorePassword("changeit");
ClassLoader tccl = Thread.currentThread().getContextClassLoader();
URL keystore = tccl.getResource("security/client.keystore");
jsseSecurityDomain.setKeyStoreURL(keystore.getPath());
jsseSecurityDomain.setClientAlias(alias);
jsseSecurityDomain.reloadKeyAndTrustStore();
KeyManager[] keyManagers = jsseSecurityDomain.getKeyManagers();
TrustManager[] trustManagers = jsseSecurityDomain.getTrustManagers();
ctx.init(keyManagers, trustManagers, null);
HostnameVerifier verifier = (string, ssls) -> true;
//SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SSLConnectionSocketFactory ssf = new SSLConnectionSocketFactory(ctx, verifier);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", ssf).build();
HttpClientConnectionManager ccm = new BasicHttpClientConnectionManager(registry);
return HttpClientBuilder.create().setSSLSocketFactory(ssf).setSSLHostnameVerifier(new NoopHostnameVerifier()).setConnectionManager(ccm).build();
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
RegistryBuilder(org.apache.http.config.RegistryBuilder)
Arquillian(org.jboss.arquillian.junit.Arquillian)
URL(java.net.URL)
ServerSetup(org.jboss.as.arquillian.api.ServerSetup)
RunWith(org.junit.runner.RunWith)
TrustManager(javax.net.ssl.TrustManager)
JBossJSSESecurityDomain(org.jboss.security.JBossJSSESecurityDomain)
WebCERTTestsSecurityDomainSetup(org.jboss.as.test.integration.web.security.WebCERTTestsSecurityDomainSetup)
StatusLine(org.apache.http.StatusLine)
RunAsClient(org.jboss.arquillian.container.test.api.RunAsClient)
Registry(org.apache.http.config.Registry)
ArquillianResource(org.jboss.arquillian.test.api.ArquillianResource)
NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
ShrinkWrap(org.jboss.shrinkwrap.api.ShrinkWrap)
WebArchive(org.jboss.shrinkwrap.api.spec.WebArchive)
CommonCriteria(org.jboss.as.test.categories.CommonCriteria)
Test(org.junit.Test)
HttpClientConnectionManager(org.apache.http.conn.HttpClientConnectionManager)
Category(org.junit.experimental.categories.Category)
KeyManager(javax.net.ssl.KeyManager)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
HttpGet(org.apache.http.client.methods.HttpGet)
Deployment(org.jboss.arquillian.container.test.api.Deployment)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
HttpResponse(org.apache.http.HttpResponse)
SecuredServlet(org.jboss.as.test.integration.web.security.SecuredServlet)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
ManagementClient(org.jboss.as.arquillian.container.ManagementClient)
Assert.assertEquals(org.junit.Assert.assertEquals)
NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier)
SSLContext(javax.net.ssl.SSLContext)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
JBossJSSESecurityDomain(org.jboss.security.JBossJSSESecurityDomain)
URL(java.net.URL)
TrustManager(javax.net.ssl.TrustManager)
NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
HttpClientConnectionManager(org.apache.http.conn.HttpClientConnectionManager)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
KeyManager(javax.net.ssl.KeyManager)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
Example 9 with BasicHttpClientConnectionManager
use of org.apache.http.impl.conn.BasicHttpClientConnectionManager in project spark by perwendel.
the class SparkTestUtil method httpClientBuilder.
private HttpClientBuilder httpClientBuilder() {
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(getSslFactory(), (paramString, paramSSLSession) -> true);
Registry<ConnectionSocketFactory> socketRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.INSTANCE).register("https", sslConnectionSocketFactory).build();
BasicHttpClientConnectionManager connManager = new BasicHttpClientConnectionManager(socketRegistry);
return HttpClientBuilder.create().setConnectionManager(connManager);
}
Also used :
PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
Aggregations
BasicHttpClientConnectionManager (org.apache.http.impl.conn.BasicHttpClientConnectionManager)9
ConnectionSocketFactory (org.apache.http.conn.socket.ConnectionSocketFactory)6
SSLConnectionSocketFactory (org.apache.http.conn.ssl.SSLConnectionSocketFactory)6
SSLContext (javax.net.ssl.SSLContext)4
HttpClientConnectionManager (org.apache.http.conn.HttpClientConnectionManager)4
IOException (java.io.IOException)3
HttpResponse (org.apache.http.HttpResponse)3
PlainConnectionSocketFactory (org.apache.http.conn.socket.PlainConnectionSocketFactory)3
NoopHostnameVerifier (org.apache.http.conn.ssl.NoopHostnameVerifier)3
HttpClientBuilder (org.apache.http.impl.client.HttpClientBuilder)3
URL (java.net.URL)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
AuthScope (org.apache.http.auth.AuthScope)2
CredentialsProvider (org.apache.http.client.CredentialsProvider)2
RequestConfig (org.apache.http.client.config.RequestConfig)2
DefaultHostnameVerifier (org.apache.http.conn.ssl.DefaultHostnameVerifier)2
BasicCredentialsProvider (org.apache.http.impl.client.BasicCredentialsProvider)2
FileInputStream (java.io.FileInputStream)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
