public ProxyClient(final HttpParams params) { super(); if (params == null) { throw new IllegalArgumentException("HTTP parameters may not be null"); } this.httpProcessor = new ImmutableHttpProcessor(new HttpRequestInterceptor[] { new RequestContent(), new RequestTargetHost(), new RequestClientConnControl(), new RequestUserAgent(), new RequestProxyAuthentication() } ); this.requestExec = new HttpRequestExecutor(); this.proxyAuthStrategy = new ProxyAuthenticationStrategy(); this.authenticator = new HttpAuthenticator(); this.proxyAuthState = new AuthState(); this.authSchemeRegistry = new AuthSchemeRegistry(); this.authSchemeRegistry.register(AuthPolicy.BASIC, new BasicSchemeFactory()); this.authSchemeRegistry.register(AuthPolicy.DIGEST, new DigestSchemeFactory()); this.authSchemeRegistry.register(AuthPolicy.NTLM, new NTLMSchemeFactory()); this.authSchemeRegistry.register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory()); this.authSchemeRegistry.register(AuthPolicy.KERBEROS, new KerberosSchemeFactory()); this.reuseStrategy = new DefaultConnectionReuseStrategy(); this.params = params; }
protected AuthSchemeRegistry createAuthSchemeRegistry() { AuthSchemeRegistry registry = new AuthSchemeRegistry(); registry.register( AuthPolicy.BASIC, new BasicSchemeFactory()); registry.register( AuthPolicy.DIGEST, new DigestSchemeFactory()); registry.register( AuthPolicy.NTLM, new NTLMSchemeFactory()); registry.register( AuthPolicy.SPNEGO, new SPNegoSchemeFactory()); registry.register( AuthPolicy.KERBEROS, new KerberosSchemeFactory()); return registry; }
/** * @since 4.3 */ public ProxyClient( final HttpConnectionFactory<HttpRoute, ManagedHttpClientConnection> connFactory, final ConnectionConfig connectionConfig, final RequestConfig requestConfig) { super(); this.connFactory = connFactory != null ? connFactory : ManagedHttpClientConnectionFactory.INSTANCE; this.connectionConfig = connectionConfig != null ? connectionConfig : ConnectionConfig.DEFAULT; this.requestConfig = requestConfig != null ? requestConfig : RequestConfig.DEFAULT; this.httpProcessor = new ImmutableHttpProcessor( new RequestTargetHostHC4(), new RequestClientConnControl(), new RequestUserAgentHC4()); this.requestExec = new HttpRequestExecutor(); this.proxyAuthStrategy = new ProxyAuthenticationStrategy(); this.authenticator = new HttpAuthenticator(); this.proxyAuthState = new AuthStateHC4(); this.authSchemeRegistry = new AuthSchemeRegistry(); this.authSchemeRegistry.register(AuthSchemes.BASIC, new BasicSchemeFactoryHC4()); this.authSchemeRegistry.register(AuthSchemes.DIGEST, new DigestSchemeFactoryHC4()); this.authSchemeRegistry.register(AuthSchemes.NTLM, new NTLMSchemeFactory()); this.reuseStrategy = new DefaultConnectionReuseStrategyHC4(); }
protected AuthSchemeRegistry createAuthSchemeRegistry() { final AuthSchemeRegistry registry = new AuthSchemeRegistry(); registry.register( AuthPolicy.BASIC, new BasicSchemeFactory()); registry.register( AuthPolicy.DIGEST, new DigestSchemeFactory()); registry.register( AuthPolicy.NTLM, new NTLMSchemeFactory()); registry.register( AuthPolicy.SPNEGO, new SPNegoSchemeFactory()); registry.register( AuthPolicy.KERBEROS, new KerberosSchemeFactory()); return registry; }
/** * @since 4.3 */ public ProxyClient( final HttpConnectionFactory<HttpRoute, ManagedHttpClientConnection> connFactory, final ConnectionConfig connectionConfig, final RequestConfig requestConfig) { super(); this.connFactory = connFactory != null ? connFactory : ManagedHttpClientConnectionFactory.INSTANCE; this.connectionConfig = connectionConfig != null ? connectionConfig : ConnectionConfig.DEFAULT; this.requestConfig = requestConfig != null ? requestConfig : RequestConfig.DEFAULT; this.httpProcessor = new ImmutableHttpProcessor( new RequestTargetHost(), new RequestClientConnControl(), new RequestUserAgent()); this.requestExec = new HttpRequestExecutor(); this.proxyAuthStrategy = new ProxyAuthenticationStrategy(); this.authenticator = new HttpAuthenticator(); this.proxyAuthState = new AuthState(); this.authSchemeRegistry = new AuthSchemeRegistry(); this.authSchemeRegistry.register(AuthSchemes.BASIC, new BasicSchemeFactory()); this.authSchemeRegistry.register(AuthSchemes.DIGEST, new DigestSchemeFactory()); this.authSchemeRegistry.register(AuthSchemes.NTLM, new NTLMSchemeFactory()); this.authSchemeRegistry.register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()); this.authSchemeRegistry.register(AuthSchemes.KERBEROS, new KerberosSchemeFactory()); this.reuseStrategy = new DefaultConnectionReuseStrategy(); }
/** * If no auth scheme has been selected for the given context, consider each * of the preferred auth schemes and select the first one for which an * AuthScheme and matching Credentials are available. */ public void process(HttpRequest request, HttpContext context) throws HttpException, IOException { AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE); if (authState != null && authState.getAuthScheme() != null) { return; } HttpHost target = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST); CredentialsProvider creds = (CredentialsProvider) context.getAttribute(ClientContext.CREDS_PROVIDER); AuthSchemeRegistry schemes = (AuthSchemeRegistry) context.getAttribute(ClientContext.AUTHSCHEME_REGISTRY); for (Object schemeName : (Iterable) context.getAttribute(ClientContext.AUTH_SCHEME_PREF)) { AuthScheme scheme = schemes.getAuthScheme(schemeName.toString(), request.getParams()); if (scheme != null) { AuthScope targetScope = new AuthScope(target.getHostName(), target.getPort(), scheme.getRealm(), scheme .getSchemeName()); Credentials cred = creds.getCredentials(targetScope); if (cred != null) { authState.setAuthScheme(scheme); authState.setCredentials(cred); return; } } } }
@Override protected AuthSchemeRegistry createAuthSchemeRegistry() { AuthSchemeRegistry registry = new AuthSchemeRegistry(); registry.register( AuthPolicy.BASIC, new BasicSchemeFactory()); registry.register( AuthPolicy.DIGEST, new DigestSchemeFactory()); return registry; }
/** * If no auth scheme has been selected for the given context, consider each * of the preferred auth schemes and select the first one for which an * AuthScheme and matching Credentials are available. */ @SuppressWarnings("rawtypes") public void process(HttpRequest request, HttpContext context) throws HttpException, IOException { AuthState authState = (AuthState) context .getAttribute(ClientContext.TARGET_AUTH_STATE); if (authState != null && authState.getAuthScheme() != null) { return; } HttpHost target = (HttpHost) context .getAttribute(ExecutionContext.HTTP_TARGET_HOST); CredentialsProvider creds = (CredentialsProvider) context .getAttribute(ClientContext.CREDS_PROVIDER); AuthSchemeRegistry schemes = (AuthSchemeRegistry) context .getAttribute(ClientContext.AUTHSCHEME_REGISTRY); for (Object schemeName : (Iterable) context .getAttribute(ClientContext.AUTH_SCHEME_PREF)) { AuthScheme scheme = schemes.getAuthScheme(schemeName.toString(), request.getParams()); if (scheme != null) { AuthScope targetScope = new AuthScope(target.getHostName(), target.getPort(), scheme.getRealm(), scheme.getSchemeName()); Credentials cred = creds.getCredentials(targetScope); if (cred != null) { authState.setAuthScheme(scheme); authState.setCredentials(cred); return; } } } }
public void setAuthSchemeRegistry(final AuthSchemeRegistry registry) { this.context.setAttribute(AUTHSCHEME_REGISTRY, registry); }
public AuthSchemeRegistry getAuthSchemeRegistry() { return this.authSchemeRegistry; }
public synchronized final AuthSchemeRegistry getAuthSchemes() { if (supportedAuthSchemes == null) { supportedAuthSchemes = createAuthSchemeRegistry(); } return supportedAuthSchemes; }
public synchronized void setAuthSchemes(final AuthSchemeRegistry registry) { supportedAuthSchemes = registry; }
public Queue<AuthOption> select( final Map<String, Header> challenges, final HttpHost authhost, final HttpResponse response, final HttpContext context) throws MalformedChallengeException { if (challenges == null) { throw new IllegalArgumentException("Map of auth challenges may not be null"); } if (authhost == null) { throw new IllegalArgumentException("Host may not be null"); } if (response == null) { throw new IllegalArgumentException("HTTP response may not be null"); } if (context == null) { throw new IllegalArgumentException("HTTP context may not be null"); } Queue<AuthOption> options = new LinkedList<AuthOption>(); AuthSchemeRegistry registry = (AuthSchemeRegistry) context.getAttribute( ClientContext.AUTHSCHEME_REGISTRY); if (registry == null) { this.log.debug("Auth scheme registry not set in the context"); return options; } CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute( ClientContext.CREDS_PROVIDER); if (credsProvider == null) { this.log.debug("Credentials provider not set in the context"); return options; } @SuppressWarnings("unchecked") List<String> authPrefs = (List<String>) response.getParams().getParameter(this.prefParamName); if (authPrefs == null) { authPrefs = DEFAULT_SCHEME_PRIORITY; } if (this.log.isDebugEnabled()) { this.log.debug("Authentication schemes in the order of preference: " + authPrefs); } for (String id: authPrefs) { Header challenge = challenges.get(id.toLowerCase(Locale.US)); if (challenge != null) { try { AuthScheme authScheme = registry.getAuthScheme(id, response.getParams()); authScheme.processChallenge(challenge); AuthScope authScope = new AuthScope( authhost.getHostName(), authhost.getPort(), authScheme.getRealm(), authScheme.getSchemeName()); Credentials credentials = credsProvider.getCredentials(authScope); if (credentials != null) { options.add(new AuthOption(authScheme, credentials)); } } catch (IllegalStateException e) { if (this.log.isWarnEnabled()) { this.log.warn("Authentication scheme " + id + " not supported"); // Try again } } } else { if (this.log.isDebugEnabled()) { this.log.debug("Challenge for " + id + " authentication scheme not available"); // Try again } } } return options; }
public AuthScheme selectScheme( final Map<String, Header> challenges, final HttpResponse response, final HttpContext context) throws AuthenticationException { AuthSchemeRegistry registry = (AuthSchemeRegistry) context.getAttribute( ClientContext.AUTHSCHEME_REGISTRY); if (registry == null) { throw new IllegalStateException("AuthScheme registry not set in HTTP context"); } Collection<String> authPrefs = getAuthPreferences(response, context); if (authPrefs == null) { authPrefs = DEFAULT_SCHEME_PRIORITY; } if (this.log.isDebugEnabled()) { this.log.debug("Authentication schemes in the order of preference: " + authPrefs); } AuthScheme authScheme = null; for (String id: authPrefs) { Header challenge = challenges.get(id.toLowerCase(Locale.ENGLISH)); if (challenge != null) { if (this.log.isDebugEnabled()) { this.log.debug(id + " authentication scheme selected"); } try { authScheme = registry.getAuthScheme(id, response.getParams()); break; } catch (IllegalStateException e) { if (this.log.isWarnEnabled()) { this.log.warn("Authentication scheme " + id + " not supported"); // Try again } } } else { if (this.log.isDebugEnabled()) { this.log.debug("Challenge for " + id + " authentication scheme not available"); // Try again } } } if (authScheme == null) { // If none selected, something is wrong throw new AuthenticationException( "Unable to respond to any of these challenges: " + challenges); } return authScheme; }
/** * @deprecated (4.3) do not use. */ @Deprecated public AuthSchemeRegistry getAuthSchemeRegistry() { return this.authSchemeRegistry; }
@Override public AuthScheme selectScheme( final Map<String, Header> challenges, final HttpResponse response, final HttpContext context) throws AuthenticationException { final AuthSchemeRegistry registry = (AuthSchemeRegistry) context.getAttribute( ClientContext.AUTHSCHEME_REGISTRY); Asserts.notNull(registry, "AuthScheme registry"); Collection<String> authPrefs = getAuthPreferences(response, context); if (authPrefs == null) { authPrefs = DEFAULT_SCHEME_PRIORITY; } if (this.log.isDebugEnabled()) { this.log.debug("Authentication schemes in the order of preference: " + authPrefs); } AuthScheme authScheme = null; for (final String id: authPrefs) { final Header challenge = challenges.get(id.toLowerCase(Locale.ENGLISH)); if (challenge != null) { if (this.log.isDebugEnabled()) { this.log.debug(id + " authentication scheme selected"); } try { authScheme = registry.getAuthScheme(id, response.getParams()); break; } catch (final IllegalStateException e) { if (this.log.isWarnEnabled()) { this.log.warn("Authentication scheme " + id + " not supported"); // Try again } } } else { if (this.log.isDebugEnabled()) { this.log.debug("Challenge for " + id + " authentication scheme not available"); // Try again } } } if (authScheme == null) { // If none selected, something is wrong throw new AuthenticationException( "Unable to respond to any of these challenges: " + challenges); } return authScheme; }
public void configure(DefaultHttpClient httpClient, SolrParams config) { super.configure(httpClient, config); // Begin change for SDC-2962 // Instead of checking existence of JAAS file, do the following if solr kerberos is enabled //if (System.getProperty(LOGIN_CONFIG_PROP) != null) { //String configValue = System.getProperty(LOGIN_CONFIG_PROP); //if (configValue != null) { // logger.info("Setting up SPNego auth with config: " + configValue); final String useSubjectCredsProp = "javax.security.auth.useSubjectCredsOnly"; String useSubjectCredsVal = System.getProperty(useSubjectCredsProp); // "javax.security.auth.useSubjectCredsOnly" should be false so that the underlying // authentication mechanism can load the credentials from the JAAS configuration. if (useSubjectCredsVal == null) { System.setProperty(useSubjectCredsProp, "false"); } else if (!useSubjectCredsVal.toLowerCase(Locale.ROOT).equals("false")) { // Don't overwrite the prop value if it's already been written to something else, // but log because it is likely the Credentials won't be loaded correctly. logger.warn("System Property: " + useSubjectCredsProp + " set to: " + useSubjectCredsVal + " not false. SPNego authentication may not be successful."); } // Change for SDC-2962 //javax.security.auth.login.Configuration.setConfiguration(jaasConfig); //Enable only SPNEGO authentication scheme. AuthSchemeRegistry registry = new AuthSchemeRegistry(); registry.register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, false)); httpClient.setAuthSchemes(registry); // Get the credentials from the JAAS configuration rather than here Credentials useJaasCreds = new Credentials() { public String getPassword() { return null; } public Principal getUserPrincipal() { return null; } }; SolrPortAwareCookieSpecFactory cookieFactory = new SolrPortAwareCookieSpecFactory(); httpClient.getCookieSpecs().register(cookieFactory.POLICY_NAME, cookieFactory); httpClient.getParams().setParameter(ClientPNames.COOKIE_POLICY, cookieFactory.POLICY_NAME); httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, useJaasCreds); httpClient.addRequestInterceptor(bufferedEntityInterceptor); //} else { //httpClient.getCredentialsProvider().clear(); //} // } }
public synchronized void setAuthSchemes(final AuthSchemeRegistry authSchemeRegistry) { supportedAuthSchemes = authSchemeRegistry; }
public AuthScheme selectScheme( final Map<String, Header> challenges, final HttpResponse response, final HttpContext context) throws AuthenticationException { AuthSchemeRegistry registry = (AuthSchemeRegistry) context.getAttribute( ClientContext.AUTHSCHEME_REGISTRY); if (registry == null) { throw new IllegalStateException("AuthScheme registry not set in HTTP context"); } @SuppressWarnings("unchecked") Collection<String> authPrefs = (Collection<String>) context.getAttribute( ClientContext.AUTH_SCHEME_PREF); if (authPrefs == null) { authPrefs = getAuthPreferences(); } if (this.log.isDebugEnabled()) { this.log.debug("Authentication schemes in the order of preference: " + authPrefs); } AuthScheme authScheme = null; for (String id: authPrefs) { Header challenge = challenges.get(id.toLowerCase(Locale.ENGLISH)); if (challenge != null) { if (this.log.isDebugEnabled()) { this.log.debug(id + " authentication scheme selected"); } try { authScheme = registry.getAuthScheme(id, response.getParams()); break; } catch (IllegalStateException e) { if (this.log.isWarnEnabled()) { this.log.warn("Authentication scheme " + id + " not supported"); // Try again } } } else { if (this.log.isDebugEnabled()) { this.log.debug("Challenge for " + id + " authentication scheme not available"); // Try again } } } if (authScheme == null) { // If none selected, something is wrong throw new AuthenticationException( "Unable to respond to any of these challenges: " + challenges); } return authScheme; }
protected abstract AuthSchemeRegistry createAuthSchemeRegistry();
