Example 1 with SpnegoEngineException
use of org.asynchttpclient.spnego.SpnegoEngineException in project async-http-client by AsyncHttpClient.
the class ProxyUnauthorized407Interceptor method exitAfterHandling407.
public //
boolean exitAfterHandling407(//
Channel channel, //
NettyResponseFuture<?> future, //
HttpResponse response, //
Request request, //
int statusCode, //
ProxyServer proxyServer, HttpRequest httpRequest) {
if (future.isAndSetInProxyAuth(true)) {
LOGGER.info("Can't handle 407 as auth was already performed");
return false;
}
Realm proxyRealm = future.getProxyRealm();
if (proxyRealm == null) {
LOGGER.debug("Can't handle 407 as there's no proxyRealm");
return false;
}
List<String> proxyAuthHeaders = response.headers().getAll(PROXY_AUTHENTICATE);
if (proxyAuthHeaders.isEmpty()) {
LOGGER.info("Can't handle 407 as response doesn't contain Proxy-Authenticate headers");
return false;
}
// FIXME what's this???
future.setChannelState(ChannelState.NEW);
HttpHeaders requestHeaders = new DefaultHttpHeaders(false).add(request.getHeaders());
switch(proxyRealm.getScheme()) {
case BASIC:
if (getHeaderWithPrefix(proxyAuthHeaders, "Basic") == null) {
LOGGER.info("Can't handle 407 with Basic realm as Proxy-Authenticate headers don't match");
return false;
}
if (proxyRealm.isUsePreemptiveAuth()) {
// FIXME do we need this, as future.getAndSetAuth
// was tested above?
// auth was already performed, most likely auth
// failed
LOGGER.info("Can't handle 407 with Basic realm as auth was preemptive and already performed");
return false;
}
// FIXME do we want to update the realm, or directly
// set the header?
Realm newBasicRealm = //
realm(proxyRealm).setUsePreemptiveAuth(//
true).build();
future.setProxyRealm(newBasicRealm);
break;
case DIGEST:
String digestHeader = getHeaderWithPrefix(proxyAuthHeaders, "Digest");
if (digestHeader == null) {
LOGGER.info("Can't handle 407 with Digest realm as Proxy-Authenticate headers don't match");
return false;
}
Realm newDigestRealm = //
realm(proxyRealm).setUri(//
request.getUri()).setMethodName(//
request.getMethod()).setUsePreemptiveAuth(//
true).parseProxyAuthenticateHeader(//
digestHeader).build();
future.setProxyRealm(newDigestRealm);
break;
case NTLM:
String ntlmHeader = getHeaderWithPrefix(proxyAuthHeaders, "NTLM");
if (ntlmHeader == null) {
LOGGER.info("Can't handle 407 with NTLM realm as Proxy-Authenticate headers don't match");
return false;
}
ntlmProxyChallenge(ntlmHeader, request, requestHeaders, proxyRealm, future);
Realm newNtlmRealm = //
realm(proxyRealm).setUsePreemptiveAuth(//
true).build();
future.setProxyRealm(newNtlmRealm);
break;
case KERBEROS:
case SPNEGO:
if (getHeaderWithPrefix(proxyAuthHeaders, NEGOTIATE) == null) {
LOGGER.info("Can't handle 407 with Kerberos or Spnego realm as Proxy-Authenticate headers don't match");
return false;
}
try {
kerberosProxyChallenge(channel, proxyAuthHeaders, request, proxyServer, proxyRealm, requestHeaders, future);
} catch (SpnegoEngineException e) {
// FIXME
String ntlmHeader2 = getHeaderWithPrefix(proxyAuthHeaders, "NTLM");
if (ntlmHeader2 != null) {
LOGGER.warn("Kerberos/Spnego proxy auth failed, proceeding with NTLM");
ntlmProxyChallenge(ntlmHeader2, request, requestHeaders, proxyRealm, future);
Realm newNtlmRealm2 = //
realm(proxyRealm).setScheme(//
AuthScheme.NTLM).setUsePreemptiveAuth(//
true).build();
future.setProxyRealm(newNtlmRealm2);
} else {
requestSender.abort(channel, future, e);
return false;
}
}
break;
default:
throw new IllegalStateException("Invalid Authentication scheme " + proxyRealm.getScheme());
}
RequestBuilder nextRequestBuilder = new RequestBuilder(future.getCurrentRequest()).setHeaders(requestHeaders);
if (future.getCurrentRequest().getUri().isSecured()) {
nextRequestBuilder.setMethod(CONNECT);
}
final Request nextRequest = nextRequestBuilder.build();
LOGGER.debug("Sending proxy authentication to {}", request.getUri());
if (//
future.isKeepAlive() && //
!HttpUtil.isTransferEncodingChunked(httpRequest) && !HttpUtil.isTransferEncodingChunked(response)) {
future.setConnectAllowed(true);
future.setReuseChannel(true);
requestSender.drainChannelAndExecuteNextRequest(channel, future, nextRequest);
} else {
channelManager.closeChannel(channel);
requestSender.sendNextRequest(nextRequest, future);
}
return true;
}
Also used :
HttpHeaders(io.netty.handler.codec.http.HttpHeaders)
DefaultHttpHeaders(io.netty.handler.codec.http.DefaultHttpHeaders)
RequestBuilder(org.asynchttpclient.RequestBuilder)
DefaultHttpHeaders(io.netty.handler.codec.http.DefaultHttpHeaders)
SpnegoEngineException(org.asynchttpclient.spnego.SpnegoEngineException)
Request(org.asynchttpclient.Request)
HttpRequest(io.netty.handler.codec.http.HttpRequest)
Realm(org.asynchttpclient.Realm)
Example 2 with SpnegoEngineException
use of org.asynchttpclient.spnego.SpnegoEngineException in project async-http-client by AsyncHttpClient.
the class Unauthorized401Interceptor method exitAfterHandling401.
public //
boolean exitAfterHandling401(//
final Channel channel, //
final NettyResponseFuture<?> future, //
HttpResponse response, //
final Request request, //
int statusCode, //
Realm realm, //
ProxyServer proxyServer, HttpRequest httpRequest) {
if (realm == null) {
LOGGER.debug("Can't handle 401 as there's no realm");
return false;
}
if (future.isAndSetInAuth(true)) {
LOGGER.info("Can't handle 401 as auth was already performed");
return false;
}
List<String> wwwAuthHeaders = response.headers().getAll(WWW_AUTHENTICATE);
if (wwwAuthHeaders.isEmpty()) {
LOGGER.info("Can't handle 401 as response doesn't contain WWW-Authenticate headers");
return false;
}
// FIXME what's this???
future.setChannelState(ChannelState.NEW);
HttpHeaders requestHeaders = new DefaultHttpHeaders(false).add(request.getHeaders());
switch(realm.getScheme()) {
case BASIC:
if (getHeaderWithPrefix(wwwAuthHeaders, "Basic") == null) {
LOGGER.info("Can't handle 401 with Basic realm as WWW-Authenticate headers don't match");
return false;
}
if (realm.isUsePreemptiveAuth()) {
// FIXME do we need this, as future.getAndSetAuth
// was tested above?
// auth was already performed, most likely auth
// failed
LOGGER.info("Can't handle 401 with Basic realm as auth was preemptive and already performed");
return false;
}
// FIXME do we want to update the realm, or directly
// set the header?
Realm newBasicRealm = //
realm(realm).setUsePreemptiveAuth(//
true).build();
future.setRealm(newBasicRealm);
break;
case DIGEST:
String digestHeader = getHeaderWithPrefix(wwwAuthHeaders, "Digest");
if (digestHeader == null) {
LOGGER.info("Can't handle 401 with Digest realm as WWW-Authenticate headers don't match");
return false;
}
Realm newDigestRealm = //
realm(realm).setUri(//
request.getUri()).setMethodName(//
request.getMethod()).setUsePreemptiveAuth(//
true).parseWWWAuthenticateHeader(//
digestHeader).build();
future.setRealm(newDigestRealm);
break;
case NTLM:
String ntlmHeader = getHeaderWithPrefix(wwwAuthHeaders, "NTLM");
if (ntlmHeader == null) {
LOGGER.info("Can't handle 401 with NTLM realm as WWW-Authenticate headers don't match");
return false;
}
ntlmChallenge(ntlmHeader, request, requestHeaders, realm, future);
Realm newNtlmRealm = //
realm(realm).setUsePreemptiveAuth(//
true).build();
future.setRealm(newNtlmRealm);
break;
case KERBEROS:
case SPNEGO:
if (getHeaderWithPrefix(wwwAuthHeaders, NEGOTIATE) == null) {
LOGGER.info("Can't handle 401 with Kerberos or Spnego realm as WWW-Authenticate headers don't match");
return false;
}
try {
kerberosChallenge(channel, wwwAuthHeaders, request, requestHeaders, realm, future);
} catch (SpnegoEngineException e) {
// FIXME
String ntlmHeader2 = getHeaderWithPrefix(wwwAuthHeaders, "NTLM");
if (ntlmHeader2 != null) {
LOGGER.warn("Kerberos/Spnego auth failed, proceeding with NTLM");
ntlmChallenge(ntlmHeader2, request, requestHeaders, realm, future);
Realm newNtlmRealm2 = //
realm(realm).setScheme(//
AuthScheme.NTLM).setUsePreemptiveAuth(//
true).build();
future.setRealm(newNtlmRealm2);
} else {
requestSender.abort(channel, future, e);
return false;
}
}
break;
default:
throw new IllegalStateException("Invalid Authentication scheme " + realm.getScheme());
}
final Request nextRequest = new RequestBuilder(future.getCurrentRequest()).setHeaders(requestHeaders).build();
LOGGER.debug("Sending authentication to {}", request.getUri());
if (//
future.isKeepAlive() && //
!HttpUtil.isTransferEncodingChunked(httpRequest) && !HttpUtil.isTransferEncodingChunked(response)) {
future.setReuseChannel(true);
requestSender.drainChannelAndExecuteNextRequest(channel, future, nextRequest);
} else {
channelManager.closeChannel(channel);
requestSender.sendNextRequest(nextRequest, future);
}
return true;
}
Also used :
HttpHeaders(io.netty.handler.codec.http.HttpHeaders)
DefaultHttpHeaders(io.netty.handler.codec.http.DefaultHttpHeaders)
RequestBuilder(org.asynchttpclient.RequestBuilder)
DefaultHttpHeaders(io.netty.handler.codec.http.DefaultHttpHeaders)
SpnegoEngineException(org.asynchttpclient.spnego.SpnegoEngineException)
Request(org.asynchttpclient.Request)
HttpRequest(io.netty.handler.codec.http.HttpRequest)
Realm(org.asynchttpclient.Realm)
Example 3 with SpnegoEngineException
use of org.asynchttpclient.spnego.SpnegoEngineException in project async-http-client by AsyncHttpClient.
the class ProxyUnauthorized407Interceptor method exitAfterHandling407.
public boolean exitAfterHandling407(Channel channel, NettyResponseFuture<?> future, HttpResponse response, Request request, ProxyServer proxyServer, HttpRequest httpRequest) {
if (future.isAndSetInProxyAuth(true)) {
LOGGER.info("Can't handle 407 as auth was already performed");
return false;
}
Realm proxyRealm = future.getProxyRealm();
if (proxyRealm == null) {
LOGGER.debug("Can't handle 407 as there's no proxyRealm");
return false;
}
List<String> proxyAuthHeaders = response.headers().getAll(PROXY_AUTHENTICATE);
if (proxyAuthHeaders.isEmpty()) {
LOGGER.info("Can't handle 407 as response doesn't contain Proxy-Authenticate headers");
return false;
}
// FIXME what's this???
future.setChannelState(ChannelState.NEW);
HttpHeaders requestHeaders = new DefaultHttpHeaders().add(request.getHeaders());
switch(proxyRealm.getScheme()) {
case BASIC:
if (getHeaderWithPrefix(proxyAuthHeaders, "Basic") == null) {
LOGGER.info("Can't handle 407 with Basic realm as Proxy-Authenticate headers don't match");
return false;
}
if (proxyRealm.isUsePreemptiveAuth()) {
// FIXME do we need this, as future.getAndSetAuth
// was tested above?
// auth was already performed, most likely auth
// failed
LOGGER.info("Can't handle 407 with Basic realm as auth was preemptive and already performed");
return false;
}
// FIXME do we want to update the realm, or directly
// set the header?
Realm newBasicRealm = realm(proxyRealm).setUsePreemptiveAuth(true).build();
future.setProxyRealm(newBasicRealm);
break;
case DIGEST:
String digestHeader = getHeaderWithPrefix(proxyAuthHeaders, "Digest");
if (digestHeader == null) {
LOGGER.info("Can't handle 407 with Digest realm as Proxy-Authenticate headers don't match");
return false;
}
Realm newDigestRealm = realm(proxyRealm).setUri(request.getUri()).setMethodName(request.getMethod()).setUsePreemptiveAuth(true).parseProxyAuthenticateHeader(digestHeader).build();
future.setProxyRealm(newDigestRealm);
break;
case NTLM:
String ntlmHeader = getHeaderWithPrefix(proxyAuthHeaders, "NTLM");
if (ntlmHeader == null) {
LOGGER.info("Can't handle 407 with NTLM realm as Proxy-Authenticate headers don't match");
return false;
}
ntlmProxyChallenge(ntlmHeader, requestHeaders, proxyRealm, future);
Realm newNtlmRealm = realm(proxyRealm).setUsePreemptiveAuth(true).build();
future.setProxyRealm(newNtlmRealm);
break;
case KERBEROS:
case SPNEGO:
if (getHeaderWithPrefix(proxyAuthHeaders, NEGOTIATE) == null) {
LOGGER.info("Can't handle 407 with Kerberos or Spnego realm as Proxy-Authenticate headers don't match");
return false;
}
try {
kerberosProxyChallenge(proxyRealm, proxyServer, requestHeaders);
} catch (SpnegoEngineException e) {
// FIXME
String ntlmHeader2 = getHeaderWithPrefix(proxyAuthHeaders, "NTLM");
if (ntlmHeader2 != null) {
LOGGER.warn("Kerberos/Spnego proxy auth failed, proceeding with NTLM");
ntlmProxyChallenge(ntlmHeader2, requestHeaders, proxyRealm, future);
Realm newNtlmRealm2 = realm(proxyRealm).setScheme(AuthScheme.NTLM).setUsePreemptiveAuth(true).build();
future.setProxyRealm(newNtlmRealm2);
} else {
requestSender.abort(channel, future, e);
return false;
}
}
break;
default:
throw new IllegalStateException("Invalid Authentication scheme " + proxyRealm.getScheme());
}
RequestBuilder nextRequestBuilder = future.getCurrentRequest().toBuilder().setHeaders(requestHeaders);
if (future.getCurrentRequest().getUri().isSecured()) {
nextRequestBuilder.setMethod(CONNECT);
}
final Request nextRequest = nextRequestBuilder.build();
LOGGER.debug("Sending proxy authentication to {}", request.getUri());
if (future.isKeepAlive() && !HttpUtil.isTransferEncodingChunked(httpRequest) && !HttpUtil.isTransferEncodingChunked(response)) {
future.setConnectAllowed(true);
future.setReuseChannel(true);
requestSender.drainChannelAndExecuteNextRequest(channel, future, nextRequest);
} else {
channelManager.closeChannel(channel);
requestSender.sendNextRequest(nextRequest, future);
}
return true;
}
Also used :
RequestBuilder(org.asynchttpclient.RequestBuilder)
SpnegoEngineException(org.asynchttpclient.spnego.SpnegoEngineException)
Request(org.asynchttpclient.Request)
Realm(org.asynchttpclient.Realm)
Example 4 with SpnegoEngineException
use of org.asynchttpclient.spnego.SpnegoEngineException in project async-http-client by AsyncHttpClient.
the class Unauthorized401Interceptor method exitAfterHandling401.
public boolean exitAfterHandling401(final Channel channel, final NettyResponseFuture<?> future, HttpResponse response, final Request request, Realm realm, HttpRequest httpRequest) {
if (realm == null) {
LOGGER.debug("Can't handle 401 as there's no realm");
return false;
}
if (future.isAndSetInAuth(true)) {
LOGGER.info("Can't handle 401 as auth was already performed");
return false;
}
List<String> wwwAuthHeaders = response.headers().getAll(WWW_AUTHENTICATE);
if (wwwAuthHeaders.isEmpty()) {
LOGGER.info("Can't handle 401 as response doesn't contain WWW-Authenticate headers");
return false;
}
// FIXME what's this???
future.setChannelState(ChannelState.NEW);
HttpHeaders requestHeaders = new DefaultHttpHeaders().add(request.getHeaders());
switch(realm.getScheme()) {
case BASIC:
if (getHeaderWithPrefix(wwwAuthHeaders, "Basic") == null) {
LOGGER.info("Can't handle 401 with Basic realm as WWW-Authenticate headers don't match");
return false;
}
if (realm.isUsePreemptiveAuth()) {
// FIXME do we need this, as future.getAndSetAuth
// was tested above?
// auth was already performed, most likely auth
// failed
LOGGER.info("Can't handle 401 with Basic realm as auth was preemptive and already performed");
return false;
}
// FIXME do we want to update the realm, or directly
// set the header?
Realm newBasicRealm = realm(realm).setUsePreemptiveAuth(true).build();
future.setRealm(newBasicRealm);
break;
case DIGEST:
String digestHeader = getHeaderWithPrefix(wwwAuthHeaders, "Digest");
if (digestHeader == null) {
LOGGER.info("Can't handle 401 with Digest realm as WWW-Authenticate headers don't match");
return false;
}
Realm newDigestRealm = realm(realm).setUri(request.getUri()).setMethodName(request.getMethod()).setUsePreemptiveAuth(true).parseWWWAuthenticateHeader(digestHeader).build();
future.setRealm(newDigestRealm);
break;
case NTLM:
String ntlmHeader = getHeaderWithPrefix(wwwAuthHeaders, "NTLM");
if (ntlmHeader == null) {
LOGGER.info("Can't handle 401 with NTLM realm as WWW-Authenticate headers don't match");
return false;
}
ntlmChallenge(ntlmHeader, requestHeaders, realm, future);
Realm newNtlmRealm = realm(realm).setUsePreemptiveAuth(true).build();
future.setRealm(newNtlmRealm);
break;
case KERBEROS:
case SPNEGO:
if (getHeaderWithPrefix(wwwAuthHeaders, NEGOTIATE) == null) {
LOGGER.info("Can't handle 401 with Kerberos or Spnego realm as WWW-Authenticate headers don't match");
return false;
}
try {
kerberosChallenge(realm, request, requestHeaders);
} catch (SpnegoEngineException e) {
// FIXME
String ntlmHeader2 = getHeaderWithPrefix(wwwAuthHeaders, "NTLM");
if (ntlmHeader2 != null) {
LOGGER.warn("Kerberos/Spnego auth failed, proceeding with NTLM");
ntlmChallenge(ntlmHeader2, requestHeaders, realm, future);
Realm newNtlmRealm2 = realm(realm).setScheme(AuthScheme.NTLM).setUsePreemptiveAuth(true).build();
future.setRealm(newNtlmRealm2);
} else {
requestSender.abort(channel, future, e);
return false;
}
}
break;
default:
throw new IllegalStateException("Invalid Authentication scheme " + realm.getScheme());
}
final Request nextRequest = future.getCurrentRequest().toBuilder().setHeaders(requestHeaders).build();
LOGGER.debug("Sending authentication to {}", request.getUri());
if (future.isKeepAlive() && !HttpUtil.isTransferEncodingChunked(httpRequest) && !HttpUtil.isTransferEncodingChunked(response)) {
future.setReuseChannel(true);
requestSender.drainChannelAndExecuteNextRequest(channel, future, nextRequest);
} else {
channelManager.closeChannel(channel);
requestSender.sendNextRequest(nextRequest, future);
}
return true;
}
Also used :
SpnegoEngineException(org.asynchttpclient.spnego.SpnegoEngineException)
Request(org.asynchttpclient.Request)
Realm(org.asynchttpclient.Realm)
Aggregations
Realm (org.asynchttpclient.Realm)4
Request (org.asynchttpclient.Request)4
SpnegoEngineException (org.asynchttpclient.spnego.SpnegoEngineException)4
RequestBuilder (org.asynchttpclient.RequestBuilder)3
DefaultHttpHeaders (io.netty.handler.codec.http.DefaultHttpHeaders)2
HttpHeaders (io.netty.handler.codec.http.HttpHeaders)2
HttpRequest (io.netty.handler.codec.http.HttpRequest)2
