private String authorize() { try { OkHttpClient.Builder builder = client.newBuilder(); builder.interceptors().remove(this); OkHttpClient clone = builder.build(); String credential = Credentials.basic(config.getUsername(), new String(config.getPassword())); URL url = new URL(URLUtils.join(config.getMasterUrl(), AUTHORIZE_PATH)); Response response = clone .newCall( new Request.Builder().get().url(url).header(AUTHORIZATION, credential).build()) .execute(); response.body().close(); response = response.priorResponse() != null ? response.priorResponse() : response; response = response.networkResponse() != null ? response.networkResponse() : response; String token = response.header(LOCATION); if (token == null || token.isEmpty()) { throw new KubernetesClientException( "Unexpected response (" + response.code() + " " + response.message() + "), to the authorization request. Missing header:[" + LOCATION + "]!"); } token = token.substring(token.indexOf(BEFORE_TOKEN) + BEFORE_TOKEN.length()); token = token.substring(0, token.indexOf(AFTER_TOKEN)); return token; } catch (Exception e) { throw KubernetesClientException.launderThrowable(e); } }
@Override public Response intercept(Chain chain) throws IOException { Request request = chain.request(); // Build new request Request.Builder builder = request.newBuilder(); builder.header("Accept", "application/json"); String token = oauthToken.get(); if (Utils.isNotNullOrEmpty(token)) { setAuthHeader(builder, token); } request = builder.build(); Response response = chain.proceed(request); // If response is Forbidden or Unauthorized, try to obtain a token via authorize() or via // config. if (response.code() != 401 && response.code() != 403) { return response; } else if (Utils.isNotNullOrEmpty(config.getUsername()) && Utils.isNotNullOrEmpty(config.getPassword())) { synchronized (client) { token = authorize(); if (token != null) { oauthToken.set(token); } } } else if (Utils.isNotNullOrEmpty(config.getOauthToken())) { token = config.getOauthToken(); oauthToken.set(token); } // If token was obtain, then retry request using the obtained token. if (Utils.isNotNullOrEmpty(token)) { // Close the previous response to prevent leaked connections. response.body().close(); setAuthHeader(builder, token); request = builder.build(); return chain.proceed(request); // repeat request with new token } else { return response; } }