Examples with TrustedHttpClientException org.opencastproject.security.api.TrustedHttpClientException used on opensource projects

Example 6 with TrustedHttpClientException

use of org.opencastproject.security.api.TrustedHttpClientException in project opencast by opencast.

the class TrustedHttpClientImplTest method noDefaultHttpConnectionFactoryResultsInException.

@Test
public void noDefaultHttpConnectionFactoryResultsInException() {
    try {
        client.execute(new HttpPost("http://localhost:8080/fakeEndpoint"));
        // It should fail without a default http connection factory
        Assert.fail();
    } catch (TrustedHttpClientException e) {
    }
}

Example 7 with TrustedHttpClientException

use of org.opencastproject.security.api.TrustedHttpClientException in project opencast by opencast.

the class TrustedHttpClientImpl method execute.

@Override
public HttpResponse execute(HttpUriRequest httpUriRequest, int connectionTimeout, int socketTimeout) throws TrustedHttpClientException {
    final HttpClient httpClient = makeHttpClient(connectionTimeout, socketTimeout);
    // Add the request header to elicit a digest auth response
    httpUriRequest.setHeader(REQUESTED_AUTH_HEADER, DIGEST_AUTH);
    httpUriRequest.setHeader(SecurityConstants.AUTHORIZATION_HEADER, "true");
    if (serviceRegistry != null && serviceRegistry.getCurrentJob() != null) {
        httpUriRequest.setHeader(CURRENT_JOB_HEADER, Long.toString(serviceRegistry.getCurrentJob().getId()));
    }
    // If a security service has been set, use it to pass the current security context on
    logger.debug("Adding security context to request");
    final Organization organization = securityService.getOrganization();
    if (organization != null) {
        httpUriRequest.setHeader(SecurityConstants.ORGANIZATION_HEADER, organization.getId());
        final User currentUser = securityService.getUser();
        if (currentUser != null) {
            httpUriRequest.setHeader(SecurityConstants.USER_HEADER, currentUser.getUsername());
        }
    }
    if ("GET".equalsIgnoreCase(httpUriRequest.getMethod()) || "HEAD".equalsIgnoreCase(httpUriRequest.getMethod())) {
        // Set the user/pass
        final UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user, pass);
        httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
        // Run the request (the http client handles the multiple back-and-forth requests)
        try {
            Opt<HttpUriRequest> optSignedHttpUriRequest = getSignedUrl(httpUriRequest);
            HttpResponse response;
            if (optSignedHttpUriRequest.isSome()) {
                logger.debug("Adding url signing to request {} so that it is {}", httpUriRequest.getURI().toString(), optSignedHttpUriRequest.get().getURI().toString());
                response = new HttpResponseWrapper(httpClient.execute(optSignedHttpUriRequest.get()));
            } else {
                logger.debug("Not adding url signing to request {}", httpUriRequest.getURI().toString());
                response = new HttpResponseWrapper(httpClient.execute(httpUriRequest));
            }
            responseMap.put(response, httpClient);
            return response;
        } catch (IOException e) {
            // close the http connection(s)
            httpClient.getConnectionManager().shutdown();
            throw new TrustedHttpClientException(e);
        }
    } else {
        // HttpClient doesn't handle the request dynamics for other verbs (especially when sending a streamed multipart
        // request), so we need to handle the details of the digest auth back-and-forth manually
        manuallyHandleDigestAuthentication(httpUriRequest, httpClient);
        HttpResponse response = null;
        try {
            response = new HttpResponseWrapper(httpClient.execute(httpUriRequest));
            if (nonceTimeoutRetries > 0 && hadNonceTimeoutResponse(response)) {
                httpClient.getConnectionManager().shutdown();
                response = retryAuthAndRequestAfterNonceTimeout(httpUriRequest, response);
            }
            responseMap.put(response, httpClient);
            return response;
        } catch (Exception e) {
            // if we have a response, remove it from the map
            if (response != null) {
                responseMap.remove(response);
            }
            // close the http connection(s)
            httpClient.getConnectionManager().shutdown();
            throw new TrustedHttpClientException(e);
        }
    }
}

Example 8 with TrustedHttpClientException

use of org.opencastproject.security.api.TrustedHttpClientException in project opencast by opencast.

the class TrustedHttpClientImpl method getSignedUrl.

/**
 * If the request is a GET, sign the URL and return a new {@link HttpUriRequest} that is signed.
 *
 * @param httpUriRequest
 *          The possible URI to sign.
 * @return HttpUriRequest if the request is a GET and is configured to be signed.
 * @throws TrustedHttpClientException
 *           Thrown if there is a problem signing the URL.
 */
protected Opt<HttpUriRequest> getSignedUrl(HttpUriRequest httpUriRequest) throws TrustedHttpClientException {
    if (("GET".equalsIgnoreCase(httpUriRequest.getMethod()) || "HEAD".equalsIgnoreCase(httpUriRequest.getMethod())) && ResourceRequestUtil.isNotSigned(httpUriRequest.getURI()) && urlSigningService.accepts(httpUriRequest.getURI().toString())) {
        logger.trace("Signing request with method: {} and URI: {}", httpUriRequest.getMethod(), httpUriRequest.getURI().toString());
        try {
            String signedUrl = urlSigningService.sign(httpUriRequest.getURI().toString(), signedUrlExpiresDuration, null, null);
            HttpRequestBase signedRequest;
            if ("GET".equalsIgnoreCase(httpUriRequest.getMethod())) {
                signedRequest = new HttpGet(signedUrl);
            } else {
                signedRequest = new HttpHead(signedUrl);
            }
            signedRequest.setProtocolVersion(httpUriRequest.getProtocolVersion());
            for (Header header : httpUriRequest.getAllHeaders()) {
                signedRequest.addHeader(header);
            }
            return Opt.some((HttpUriRequest) signedRequest);
        } catch (UrlSigningException e) {
            throw new TrustedHttpClientException(e);
        }
    } else {
        logger.trace("Not signing request with method: {} and URI: {}", httpUriRequest.getMethod(), httpUriRequest.getURI().toString());
        return Opt.none();
    }
}

Example 9 with TrustedHttpClientException

use of org.opencastproject.security.api.TrustedHttpClientException in project opencast by opencast.

the class TrustedHttpClientImpl method makeHttpClient.

/**
 * Creates a new HttpClient to use to make requests.
 */
public HttpClient makeHttpClient(int connectionTimeout, int socketTimeout) throws TrustedHttpClientException {
    if (httpClientFactory == null) {
        throw new TrustedHttpClientException(new NullPointerException("There is no DefaultHttpClientFactory service available so we cannot make a request"));
    }
    HttpClient httpClient = httpClientFactory.makeHttpClient();
    httpClient.getParams().setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, connectionTimeout);
    httpClient.getParams().setIntParameter(CoreConnectionPNames.SO_TIMEOUT, socketTimeout);
    return httpClient;
}

Example 10 with TrustedHttpClientException

use of org.opencastproject.security.api.TrustedHttpClientException in project opencast by opencast.

the class TrustedHttpClientImpl method getRealmAndNonce.

/**
 * Perform a request, and extract the realm and nonce values
 *
 * @param request
 *         The request to execute in order to obtain the realm and nonce
 * @return A String[] containing the {realm, nonce}
 */
protected String[] getRealmAndNonce(HttpRequestBase request) throws TrustedHttpClientException {
    HttpClient httpClient = makeHttpClient(DEFAULT_CONNECTION_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
    HttpResponse response;
    try {
        response = new HttpResponseWrapper(httpClient.execute(request));
    } catch (IOException e) {
        httpClient.getConnectionManager().shutdown();
        throw new TrustedHttpClientException(e);
    }
    Header[] headers = response.getHeaders("WWW-Authenticate");
    if (headers == null || headers.length == 0) {
        logger.warn("URI {} does not support digest authentication", request.getURI());
        httpClient.getConnectionManager().shutdown();
        return null;
    }
    Header authRequiredResponseHeader = headers[0];
    String nonce = null;
    String realm = null;
    for (HeaderElement element : authRequiredResponseHeader.getElements()) {
        if ("nonce".equals(element.getName())) {
            nonce = element.getValue();
        } else if ("Digest realm".equals(element.getName())) {
            realm = element.getValue();
        }
    }
    httpClient.getConnectionManager().shutdown();
    return new String[] { realm, nonce };
}