diff options
author | Thomas <> | 2023-02-06 15:04:35 +0100 |
---|---|---|
committer | Thomas <> | 2023-02-06 15:04:35 +0100 |
commit | a0320b9505073357bbd085e5ee4a4894ecd1e9f3 (patch) | |
tree | 55429e6ce293be9f719498c568b5007c18985d53 /eaaf_core_utils/src/main/java/at | |
parent | b1c89dad26ec39270de561657f1200980ec301da (diff) | |
download | EAAF-Components-a0320b9505073357bbd085e5ee4a4894ecd1e9f3.tar.gz EAAF-Components-a0320b9505073357bbd085e5ee4a4894ecd1e9f3.tar.bz2 EAAF-Components-a0320b9505073357bbd085e5ee4a4894ecd1e9f3.zip |
feat(http): add request interceptor to pre-emptive HTTP Basic authentication
Diffstat (limited to 'eaaf_core_utils/src/main/java/at')
3 files changed, 66 insertions, 0 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java index 40d22205..5e873fe8 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java @@ -46,6 +46,9 @@ public class HttpClientConfiguration { boolean disableHostnameValidation = false; @Setter + boolean enablePreEmptiveHttpBasicAuth = true; + + @Setter boolean disableTlsHostCertificateValidation = false; diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java index 784dbe0e..ac5905ac 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java @@ -49,6 +49,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.interceptor.PreemptiveAuthInterceptor; import lombok.extern.slf4j.Slf4j; @Slf4j @@ -305,6 +306,13 @@ public class HttpClientFactory implements IHttpClientFactory { log.info("Basic http authentication was injected with username: {}", httpClientConfig.getUsername()); + if (httpClientConfig.isEnablePreEmptiveHttpBasicAuth()) { + log.info("Inject pre-emptive HTTP Basic-Auth interceptor for client: {}", + httpClientConfig.getFriendlyName()); + builder.addInterceptorFirst(new PreemptiveAuthInterceptor()); + + } + } else { log.trace("Injection of Http Basic authentication was skipped"); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/interceptor/PreemptiveAuthInterceptor.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/interceptor/PreemptiveAuthInterceptor.java new file mode 100644 index 00000000..5edc8cac --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/interceptor/PreemptiveAuthInterceptor.java @@ -0,0 +1,55 @@ +package at.gv.egiz.eaaf.core.impl.http.interceptor; + +import java.io.IOException; + +import org.apache.http.HttpException; +import org.apache.http.HttpHost; +import org.apache.http.HttpRequest; +import org.apache.http.HttpRequestInterceptor; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.AuthState; +import org.apache.http.auth.Credentials; +import org.apache.http.client.CredentialsProvider; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.impl.auth.BasicScheme; +import org.apache.http.protocol.HttpContext; +import org.apache.http.protocol.HttpCoreContext; + +import lombok.extern.slf4j.Slf4j; + +/** + * Intercepter for Apache HTTP client to pre-emptive Basic authentication. + * + * @author tlenz + * + */ +@Slf4j +public class PreemptiveAuthInterceptor implements HttpRequestInterceptor { + + @Override + public void process(HttpRequest request, HttpContext context) throws HttpException, IOException { + final AuthState authState = (AuthState) context.getAttribute(HttpClientContext.TARGET_AUTH_STATE); + + // If no auth scheme available yet, try to initialize it + // preemptively + if (authState.getAuthScheme() == null) { + final CredentialsProvider credentialsProvider = + (CredentialsProvider) context.getAttribute(HttpClientContext.CREDS_PROVIDER); + final HttpHost targetHost = (HttpHost) context.getAttribute(HttpCoreContext.HTTP_TARGET_HOST); + + final Credentials credentials = credentialsProvider.getCredentials( + new AuthScope(targetHost.getHostName(), targetHost.getPort())); + if (credentials == null) { + log.warn("Find HTTP credential-provider but not credential matches. " + + "Use it as it is and looking what happend"); + + } else { + log.trace("Updating HTTP basic-auth state to pre-emptive credentials ... "); + authState.update(new BasicScheme(), credentials); + + } + } + + } + +} |