private boolean processWWWAuthChallenge(final HttpMethod method) throws MalformedChallengeException, AuthenticationException { AuthState authstate = method.getHostAuthState(); Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders(WWW_AUTH_CHALLENGE)); if (challenges.isEmpty()) { LOG.debug("Authentication challenge(s) not found"); return false; } AuthScheme authscheme = null; try { authscheme = this.authProcessor.processChallenge(authstate, challenges); } catch (AuthChallengeException e) { if (LOG.isWarnEnabled()) { LOG.warn(e.getMessage()); } } if (authscheme == null) { return false; } String host = method.getParams().getVirtualHost(); if (host == null) { host = conn.getHost(); } int port = conn.getPort(); AuthScope authscope = new AuthScope(host, port, authscheme.getRealm(), authscheme.getSchemeName()); if (LOG.isDebugEnabled()) { LOG.debug("Authentication scope: " + authscope); } if (authstate.isAuthAttempted() && authscheme.isComplete()) { // Already tried and failed Credentials credentials = promptForCredentials(authscheme, method.getParams(), authscope); if (credentials == null) { if (LOG.isInfoEnabled()) { LOG.info("Failure authenticating with " + authscope); } return false; } else { return true; } } else { authstate.setAuthAttempted(true); Credentials credentials = this.state.getCredentials(authscope); if (credentials == null) { credentials = promptForCredentials(authscheme, method.getParams(), authscope); } if (credentials == null) { if (LOG.isInfoEnabled()) { LOG.info("No credentials available for " + authscope); } return false; } else { return true; } } }
/** * Tests if the {@link HttpMethod method} requires authentication. * * @param method HTTP method * @return boolean <tt>true</tt> if a retry is needed, <tt>false</tt> otherwise. */ private boolean isAuthenticationNeeded(final HttpMethod method) { method .getHostAuthState() .setAuthRequested(method.getStatusCode() == HttpStatus.SC_UNAUTHORIZED); method .getProxyAuthState() .setAuthRequested(method.getStatusCode() == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED); if (method.getHostAuthState().isAuthRequested() || method.getProxyAuthState().isAuthRequested()) { LOG.debug("Authorization required"); if (method.getDoAuthentication()) { // process authentication response return true; } else { // let the client handle the authenticaiton LOG.info("Authentication requested but doAuthentication is " + "disabled"); return false; } } else { return false; } }
private void authenticateHost(final HttpMethod method) throws AuthenticationException { // Clean up existing authentication headers if (!cleanAuthHeaders(method, WWW_AUTH_RESP)) { // User defined authentication header(s) present return; } AuthState authstate = method.getHostAuthState(); AuthScheme authscheme = authstate.getAuthScheme(); if (authscheme == null) { return; } if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) { String host = method.getParams().getVirtualHost(); if (host == null) { host = conn.getHost(); } int port = conn.getPort(); AuthScope authscope = new AuthScope(host, port, authscheme.getRealm(), authscheme.getSchemeName()); if (LOG.isDebugEnabled()) { LOG.debug("Authenticating with " + authscope); } Credentials credentials = this.state.getCredentials(authscope); if (credentials != null) { String authstring = authscheme.authenticate(credentials, method); if (authstring != null) { method.addRequestHeader(new Header(WWW_AUTH_RESP, authstring, true)); } } else { if (LOG.isWarnEnabled()) { LOG.warn("Required credentials not available for " + authscope); if (method.getHostAuthState().isPreemptive()) { LOG.warn( "Preemptive authentication requested but no default " + "credentials available"); } } } } }
/** * Process the redirect response. * * @return <code>true</code> if the redirect was successful */ private boolean processRedirectResponse(final HttpMethod method) throws RedirectException { // get the location header to find out where to redirect to Header locationHeader = method.getResponseHeader("location"); if (locationHeader == null) { // got a redirect response, but no location header LOG.error("Received redirect response " + method.getStatusCode() + " but no location header"); return false; } String location = locationHeader.getValue(); if (LOG.isDebugEnabled()) { LOG.debug("Redirect requested to location '" + location + "'"); } // rfc2616 demands the location value be a complete URI // Location = "Location" ":" absoluteURI URI redirectUri = null; URI currentUri = null; try { currentUri = new URI( this.conn.getProtocol().getScheme(), null, this.conn.getHost(), this.conn.getPort(), method.getPath()); String charset = method.getParams().getUriCharset(); redirectUri = new URI(location, true, charset); if (redirectUri.isRelativeURI()) { if (this.params.isParameterTrue(HttpClientParams.REJECT_RELATIVE_REDIRECT)) { LOG.warn("Relative redirect location '" + location + "' not allowed"); return false; } else { // location is incomplete, use current values for defaults LOG.debug("Redirect URI is not absolute - parsing as relative"); redirectUri = new URI(currentUri, redirectUri); } } else { // Reset the default params method.getParams().setDefaults(this.params); } method.setURI(redirectUri); hostConfiguration.setHost(redirectUri); } catch (URIException ex) { throw new InvalidRedirectLocationException( "Invalid redirect location: " + location, location, ex); } if (this.params.isParameterFalse(HttpClientParams.ALLOW_CIRCULAR_REDIRECTS)) { if (this.redirectLocations == null) { this.redirectLocations = new HashSet(); } this.redirectLocations.add(currentUri); try { if (redirectUri.hasQuery()) { redirectUri.setQuery(null); } } catch (URIException e) { // Should never happen return false; } if (this.redirectLocations.contains(redirectUri)) { throw new CircularRedirectException("Circular redirect to '" + redirectUri + "'"); } } if (LOG.isDebugEnabled()) { LOG.debug( "Redirecting from '" + currentUri.getEscapedURI() + "' to '" + redirectUri.getEscapedURI()); } // And finally invalidate the actual authentication scheme method.getHostAuthState().invalidate(); return true; }
/** * Executes the method associated with this method director. * * @throws IOException * @throws HttpException */ public void executeMethod(final HttpMethod method) throws IOException, HttpException { if (method == null) { throw new IllegalArgumentException("Method may not be null"); } // Link all parameter collections to form the hierarchy: // Global -> HttpClient -> HostConfiguration -> HttpMethod this.hostConfiguration.getParams().setDefaults(this.params); method.getParams().setDefaults(this.hostConfiguration.getParams()); // Generate default request headers Collection defaults = (Collection) this.hostConfiguration.getParams().getParameter(HostParams.DEFAULT_HEADERS); if (defaults != null) { Iterator i = defaults.iterator(); while (i.hasNext()) { method.addRequestHeader((Header) i.next()); } } try { int maxRedirects = this.params.getIntParameter(HttpClientParams.MAX_REDIRECTS, 100); for (int redirectCount = 0; ; ) { // make sure the connection we have is appropriate if (this.conn != null && !hostConfiguration.hostEquals(this.conn)) { this.conn.setLocked(false); this.conn.releaseConnection(); this.conn = null; } // get a connection, if we need one if (this.conn == null) { this.conn = connectionManager.getConnectionWithTimeout( hostConfiguration, this.params.getConnectionManagerTimeout()); this.conn.setLocked(true); if (this.params.isAuthenticationPreemptive() || this.state.isAuthenticationPreemptive()) { LOG.debug("Preemptively sending default basic credentials"); method.getHostAuthState().setPreemptive(); method.getHostAuthState().setAuthAttempted(true); if (this.conn.isProxied() && !this.conn.isSecure()) { method.getProxyAuthState().setPreemptive(); method.getProxyAuthState().setAuthAttempted(true); } } } authenticate(method); executeWithRetry(method); if (this.connectMethod != null) { fakeResponse(method); break; } boolean retry = false; if (isRedirectNeeded(method)) { if (processRedirectResponse(method)) { retry = true; ++redirectCount; if (redirectCount >= maxRedirects) { LOG.error("Narrowly avoided an infinite loop in execute"); throw new RedirectException("Maximum redirects (" + maxRedirects + ") exceeded"); } if (LOG.isDebugEnabled()) { LOG.debug("Execute redirect " + redirectCount + " of " + maxRedirects); } } } if (isAuthenticationNeeded(method)) { if (processAuthenticationResponse(method)) { LOG.debug("Retry authentication"); retry = true; } } if (!retry) { break; } // retry - close previous stream. Caution - this causes // responseBodyConsumed to be called, which may also close the // connection. if (method.getResponseBodyAsStream() != null) { method.getResponseBodyAsStream().close(); } } // end of retry loop } finally { if (this.conn != null) { this.conn.setLocked(false); } // If the response has been fully processed, return the connection // to the pool. Use this flag, rather than other tests (like // responseStream == null), as subclasses, might reset the stream, // for example, reading the entire response into a file and then // setting the file as the stream. if ((releaseConnection || method.getResponseBodyAsStream() == null) && this.conn != null) { this.conn.releaseConnection(); } } }