All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.eclipse.jetty.client.AuthenticationProtocolHandler Maven / Gradle / Ivy

There is a newer version: 2024.11.18751.20241128T090041Z-241100
Show newest version
// 
// ========================================================================
// Copyright (c) 1995-2022 Mort Bay Consulting Pty Ltd and others.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
// 
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
// 
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
// 
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
// 
package org.eclipse.jetty.client;

import java.net.URI;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.eclipse.jetty.client.api.Authentication;
import org.eclipse.jetty.client.api.Authentication.HeaderInfo;
import org.eclipse.jetty.client.api.Connection;
import org.eclipse.jetty.client.api.ContentProvider;
import org.eclipse.jetty.client.api.ContentResponse;
import org.eclipse.jetty.client.api.Request;
import org.eclipse.jetty.client.api.Response;
import org.eclipse.jetty.client.api.Result;
import org.eclipse.jetty.client.util.BufferingResponseListener;
import org.eclipse.jetty.http.HttpField;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.http.QuotedCSV;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

// @deprecated The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported.
@Deprecated(since = "2021-05-27")
public abstract class AuthenticationProtocolHandler implements ProtocolHandler {

    public static final int DEFAULT_MAX_CONTENT_LENGTH = 16 * 1024;

    public static final Logger LOG = Log.getLogger(AuthenticationProtocolHandler.class);

    private final HttpClient client;

    private final int maxContentLength;

    private final ResponseNotifier notifier;

    private static final Pattern CHALLENGE_PATTERN = Pattern.compile("(?[!#$%&'*+\\-.^_`|~0-9A-Za-z]+)|(?:(?[!#$%&'*+\\-.^_`|~0-9A-Za-z]+)\\s+)?(?:(?[a-zA-Z0-9\\-._~+/]+=*)|(?[!#$%&'*+\\-.^_`|~0-9A-Za-z]+)\\s*=\\s*(?:(?.*)))");

    protected AuthenticationProtocolHandler(HttpClient client, int maxContentLength) {
        this.client = client;
        this.maxContentLength = maxContentLength;
        this.notifier = new ResponseNotifier();
    }

    protected HttpClient getHttpClient() {
        return client;
    }

    protected abstract HttpHeader getAuthenticateHeader();

    protected abstract HttpHeader getAuthorizationHeader();

    protected abstract URI getAuthenticationURI(Request request);

    protected abstract String getAuthenticationAttribute();

    @Override
    public Response.Listener getResponseListener() {
        // Return new instances every time to keep track of the response content
        return new AuthenticationListener();
    }

    protected List getHeaderInfo(String header) throws IllegalArgumentException {
        List headerInfos = new ArrayList<>();
        Matcher m;
        for (String value : new QuotedCSV(true, header)) {
            m = CHALLENGE_PATTERN.matcher(value);
            if (m.matches()) {
                if (m.group("schemeOnly") != null) {
                    headerInfos.add(new HeaderInfo(getAuthorizationHeader(), m.group(1), new HashMap<>()));
                    continue;
                }
                if (m.group("scheme") != null) {
                    headerInfos.add(new HeaderInfo(getAuthorizationHeader(), m.group("scheme"), new HashMap<>()));
                }
                if (headerInfos.isEmpty())
                    throw new IllegalArgumentException("Parameters without auth-scheme");
                Map authParams = headerInfos.get(headerInfos.size() - 1).getParameters();
                if (m.group("paramName") != null) {
                    String paramVal = QuotedCSV.unquote(m.group("paramValue"));
                    authParams.put(m.group("paramName"), paramVal);
                } else if (m.group("token68") != null) {
                    if (!authParams.isEmpty())
                        throw new IllegalArgumentException("token68 after auth-params");
                    authParams.put("base64", m.group("token68"));
                }
            }
        }
        return headerInfos;
    }

    // @deprecated The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported.
    @Deprecated(since = "2021-05-27")
    private class AuthenticationListener extends BufferingResponseListener {

        private AuthenticationListener() {
            super(maxContentLength);
        }

        @Override
        public void onComplete(Result result) {
            HttpRequest request = (HttpRequest) result.getRequest();
            ContentResponse response = new HttpContentResponse(result.getResponse(), getContent(), getMediaType(), getEncoding());
            if (result.getResponseFailure() != null) {
                if (LOG.isDebugEnabled())
                    LOG.debug("Authentication challenge failed {}", result.getFailure());
                forwardFailureComplete(request, result.getRequestFailure(), response, result.getResponseFailure());
                return;
            }
            String authenticationAttribute = getAuthenticationAttribute();
            HttpConversation conversation = request.getConversation();
            if (conversation.getAttribute(authenticationAttribute) != null) {
                // We have already tried to authenticate, but we failed again.
                if (LOG.isDebugEnabled())
                    LOG.debug("Bad credentials for {}", request);
                forwardSuccessComplete(request, response);
                return;
            }
            HttpHeader header = getAuthenticateHeader();
            List headerInfos = parseAuthenticateHeader(response, header);
            if (headerInfos.isEmpty()) {
                if (LOG.isDebugEnabled())
                    LOG.debug("Authentication challenge without {} header", header);
                forwardFailureComplete(request, result.getRequestFailure(), response, new HttpResponseException("HTTP protocol violation: Authentication challenge without " + header + " header", response));
                return;
            }
            Authentication authentication = null;
            Authentication.HeaderInfo headerInfo = null;
            URI authURI = resolveURI(request, getAuthenticationURI(request));
            if (authURI != null) {
                for (Authentication.HeaderInfo element : headerInfos) {
                    authentication = client.getAuthenticationStore().findAuthentication(element.getType(), authURI, element.getRealm());
                    if (authentication != null) {
                        headerInfo = element;
                        break;
                    }
                }
            }
            if (authentication == null) {
                if (LOG.isDebugEnabled())
                    LOG.debug("No authentication available for {}", request);
                forwardSuccessComplete(request, response);
                return;
            }
            ContentProvider requestContent = request.getContent();
            if (requestContent != null && !requestContent.isReproducible()) {
                if (LOG.isDebugEnabled())
                    LOG.debug("Request content not reproducible for {}", request);
                forwardSuccessComplete(request, response);
                return;
            }
            try {
                Authentication.Result authnResult = authentication.authenticate(request, response, headerInfo, conversation);
                if (LOG.isDebugEnabled())
                    LOG.debug("Authentication result {}", authnResult);
                if (authnResult == null) {
                    forwardSuccessComplete(request, response);
                    return;
                }
                conversation.setAttribute(authenticationAttribute, true);
                URI requestURI = request.getURI();
                String path = null;
                if (requestURI == null) {
                    requestURI = resolveURI(request, null);
                    path = request.getPath();
                }
                Request newRequest = client.copyRequest(request, requestURI);
                // Adjust the timeout of the new request, taking into account the
                // timeout of the previous request and the time already elapsed.
                long timeoutAt = request.getTimeoutAt();
                if (timeoutAt < Long.MAX_VALUE) {
                    long newTimeout = timeoutAt - System.nanoTime();
                    if (newTimeout > 0) {
                        newRequest.timeout(newTimeout, TimeUnit.NANOSECONDS);
                    } else {
                        TimeoutException failure = new TimeoutException("Total timeout " + request.getConversation().getTimeout() + " ms elapsed");
                        forwardFailureComplete(request, failure, response, failure);
                        return;
                    }
                }
                if (path != null)
                    newRequest.path(path);
                authnResult.apply(newRequest);
                // Copy existing, explicitly set, authorization headers.
                copyIfAbsent(request, newRequest, HttpHeader.AUTHORIZATION);
                copyIfAbsent(request, newRequest, HttpHeader.PROXY_AUTHORIZATION);
                AfterAuthenticationListener listener = new AfterAuthenticationListener(authnResult);
                Connection connection = (Connection) request.getAttributes().get(Connection.class.getName());
                if (connection != null)
                    connection.send(newRequest, listener);
                else
                    newRequest.send(listener);
            } catch (Throwable x) {
                if (LOG.isDebugEnabled())
                    LOG.debug("Authentication failed", x);
                forwardFailureComplete(request, null, response, x);
            }
        }

        private URI resolveURI(HttpRequest request, URI uri) {
            if (uri != null)
                return uri;
            String target = request.getScheme() + "://" + request.getHost();
            int port = request.getPort();
            if (port > 0)
                target += ":" + port;
            return URI.create(target);
        }

        private void copyIfAbsent(HttpRequest oldRequest, Request newRequest, HttpHeader header) {
            HttpField field = oldRequest.getHeaders().getField(header);
            if (field != null && !newRequest.getHeaders().contains(header))
                newRequest.getHeaders().put(field);
        }

        private void forwardSuccessComplete(HttpRequest request, Response response) {
            HttpConversation conversation = request.getConversation();
            conversation.updateResponseListeners(null);
            notifier.forwardSuccessComplete(conversation.getResponseListeners(), request, response);
        }

        private void forwardFailureComplete(HttpRequest request, Throwable requestFailure, Response response, Throwable responseFailure) {
            HttpConversation conversation = request.getConversation();
            conversation.updateResponseListeners(null);
            List responseListeners = conversation.getResponseListeners();
            if (responseFailure == null)
                notifier.forwardSuccess(responseListeners, response);
            else
                notifier.forwardFailure(responseListeners, response, responseFailure);
            notifier.notifyComplete(responseListeners, new Result(request, requestFailure, response, responseFailure));
        }

        private List parseAuthenticateHeader(Response response, HttpHeader header) {
            // TODO: these should be ordered by strength
            List result = new ArrayList<>();
            List values = response.getHeaders().getValuesList(header);
            for (String value : values) {
                try {
                    result.addAll(getHeaderInfo(value));
                } catch (IllegalArgumentException e) {
                    if (LOG.isDebugEnabled())
                        LOG.debug("Failed to parse authentication header", e);
                }
            }
            return result;
        }
    }

    // @deprecated The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported.
    @Deprecated(since = "2021-05-27")
    private class AfterAuthenticationListener extends Response.Listener.Adapter {

        private final Authentication.Result authenticationResult;

        private AfterAuthenticationListener(Authentication.Result authenticationResult) {
            this.authenticationResult = authenticationResult;
        }

        @Override
        public void onSuccess(Response response) {
            int status = response.getStatus();
            if (HttpStatus.isSuccess(status) || HttpStatus.isRedirection(status))
                client.getAuthenticationStore().addAuthenticationResult(authenticationResult);
        }
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy