public HttpClientFactory() {
httpClient = new DefaultHttpClient(getClientConnectionManager());
httpClient.setParams(getHttpParams());
gridClient = new DefaultHttpClient(getClientConnectionManager());
gridClient.setRedirectStrategy(new MyRedirectHandler());
gridClient.setParams(getGridHttpParams());
gridClient.getConnectionManager().closeIdleConnections(100, TimeUnit.MILLISECONDS);
}
/**
* Creates request against SPNEGO protected web-app with FORM fallback. It doesn't try to login
* using SPNEGO - it uses FORM authn directly.
*
* @param contextUrl
* @param page
* @param user
* @param pass
* @param expectedStatusCode
* @return
* @throws IOException
* @throws URISyntaxException
* @throws PrivilegedActionException
* @throws LoginException
*/
public static String makeHttpCallWoSPNEGO(
final String contextUrl,
final String page,
final String user,
final String pass,
final int expectedStatusCode)
throws IOException, URISyntaxException, PrivilegedActionException, LoginException {
final String strippedContextUrl = StringUtils.stripEnd(contextUrl, "/");
final String url = strippedContextUrl + page;
LOGGER.info("Requesting URL: " + url);
final DefaultHttpClient httpClient = new DefaultHttpClient();
httpClient.setRedirectStrategy(REDIRECT_STRATEGY);
String unauthorizedPageBody = null;
try {
final HttpGet httpGet = new HttpGet(url);
HttpResponse response = httpClient.execute(httpGet);
int statusCode = response.getStatusLine().getStatusCode();
if (HttpServletResponse.SC_UNAUTHORIZED != statusCode || StringUtils.isEmpty(user)) {
assertEquals("Unexpected HTTP response status code.", expectedStatusCode, statusCode);
return EntityUtils.toString(response.getEntity());
}
final Header[] authnHeaders = response.getHeaders("WWW-Authenticate");
assertTrue(
"WWW-Authenticate header is present", authnHeaders != null && authnHeaders.length > 0);
final Set<String> authnHeaderValues = new HashSet<String>();
for (final Header header : authnHeaders) {
authnHeaderValues.add(header.getValue());
}
assertTrue(
"WWW-Authenticate: Negotiate header is missing", authnHeaderValues.contains("Negotiate"));
LOGGER.debug("HTTP response was SC_UNAUTHORIZED, let's authenticate the user " + user);
unauthorizedPageBody = EntityUtils.toString(response.getEntity());
assertNotNull(unauthorizedPageBody);
LOGGER.info(unauthorizedPageBody);
assertTrue(unauthorizedPageBody.contains("j_security_check"));
HttpPost httpPost = new HttpPost(strippedContextUrl + "/j_security_check");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
nameValuePairs.add(new BasicNameValuePair("j_username", user));
nameValuePairs.add(new BasicNameValuePair("j_password", pass));
httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
response = httpClient.execute(httpPost);
statusCode = response.getStatusLine().getStatusCode();
assertEquals(
"Unexpected status code returned after the authentication.",
expectedStatusCode,
statusCode);
return EntityUtils.toString(response.getEntity());
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpClient.getConnectionManager().shutdown();
}
}
/**
* Tests IDP attribute mapping when passUserPrincipalToAttributeManager is set to "true".
* Automatic handling of redirections is enabled for HTTP client used.
*
* @throws Exception
*/
@Test
public void testPassUserPrincipalToAttributeManager() throws Exception {
final DefaultHttpClient httpClient = new DefaultHttpClient();
httpClient.setRedirectStrategy(Utils.REDIRECT_STRATEGY);
try {
String response =
PicketLinkTestBase.makeCallWithKerberosAuthn(
spUrl.toURI(), httpClient, "jduke", "theduke", 200);
assertEquals("SP index page was not reached", SP_RESPONSE_BODY, response);
response =
PicketLinkTestBase.makeCall(
new URL(spUrl.toString() + PrintAttributeServlet.SERVLET_PATH.substring(1)),
httpClient,
200);
assertEquals("cn attribute not stored", "Java Duke", response);
} finally {
httpClient.getConnectionManager().shutdown();
}
}
/**
* Creates request against SPNEGO protected web-app with FORM fallback. It tries to login using
* SPNEGO first - if it fails, FORM is used.
*
* @param contextUrl
* @param page
* @param user
* @param pass
* @param expectedStatusCode
* @return
* @throws IOException
* @throws URISyntaxException
* @throws PrivilegedActionException
* @throws LoginException
*/
public static String makeHttpCallWithFallback(
final String contextUrl,
final String page,
final String user,
final String pass,
final int expectedStatusCode)
throws IOException, URISyntaxException, PrivilegedActionException, LoginException {
final String strippedContextUrl = StringUtils.stripEnd(contextUrl, "/");
final String url = strippedContextUrl + page;
LOGGER.info("Requesting URL: " + url);
final DefaultHttpClient httpClient = new DefaultHttpClient();
httpClient.setRedirectStrategy(REDIRECT_STRATEGY);
String unauthorizedPageBody = null;
try {
httpClient
.getAuthSchemes()
.register(AuthPolicy.SPNEGO, new JBossNegotiateSchemeFactory(true));
httpClient
.getCredentialsProvider()
.setCredentials(new AuthScope(null, -1, null), new NullHCCredentials());
final HttpGet httpGet = new HttpGet(url);
final HttpResponse response = httpClient.execute(httpGet);
int statusCode = response.getStatusLine().getStatusCode();
if (HttpServletResponse.SC_UNAUTHORIZED != statusCode || StringUtils.isEmpty(user)) {
assertEquals("Unexpected HTTP response status code.", expectedStatusCode, statusCode);
return EntityUtils.toString(response.getEntity());
}
final Header[] authnHeaders = response.getHeaders("WWW-Authenticate");
assertTrue(
"WWW-Authenticate header is present", authnHeaders != null && authnHeaders.length > 0);
final Set<String> authnHeaderValues = new HashSet<String>();
for (final Header header : authnHeaders) {
authnHeaderValues.add(header.getValue());
}
assertTrue(
"WWW-Authenticate: Negotiate header is missing", authnHeaderValues.contains("Negotiate"));
LOGGER.debug("HTTP response was SC_UNAUTHORIZED, let's authenticate the user " + user);
unauthorizedPageBody = EntityUtils.toString(response.getEntity());
// Use our custom configuration to avoid reliance on external config
Configuration.setConfiguration(new Krb5LoginConfiguration());
// 1. Authenticate to Kerberos.
final LoginContext lc =
new LoginContext(Utils.class.getName(), new UsernamePasswordHandler(user, pass));
lc.login();
// 2. Perform the work as authenticated Subject.
final String responseBody =
Subject.doAs(
lc.getSubject(),
new PrivilegedExceptionAction<String>() {
public String run() throws Exception {
final HttpResponse response = httpClient.execute(httpGet);
int statusCode = response.getStatusLine().getStatusCode();
assertEquals(
"Unexpected status code returned after the authentication.",
expectedStatusCode,
statusCode);
return EntityUtils.toString(response.getEntity());
}
});
lc.logout();
return responseBody;
} catch (LoginException e) {
assertNotNull(unauthorizedPageBody);
assertTrue(unauthorizedPageBody.contains("j_security_check"));
HttpPost httpPost = new HttpPost(strippedContextUrl + "/j_security_check");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
nameValuePairs.add(new BasicNameValuePair("j_username", user));
nameValuePairs.add(new BasicNameValuePair("j_password", pass));
httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
final HttpResponse response = httpClient.execute(httpPost);
int statusCode = response.getStatusLine().getStatusCode();
assertEquals(
"Unexpected status code returned after the authentication.",
expectedStatusCode,
statusCode);
return EntityUtils.toString(response.getEntity());
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpClient.getConnectionManager().shutdown();
}
}
