All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.facebook.presto.jdbc.internal.google.auth.http.HttpCredentialsAdapter Maven / Gradle / Ivy

There is a newer version: 0.289
Show newest version
/*
 * Copyright 2015, Google Inc. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 *    * Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
 *    * Redistributions in binary form must reproduce the above
 * copyright notice, this list of conditions and the following disclaimer
 * in the documentation and/or other materials provided with the
 * distribution.
 *
 *    * Neither the name of Google Inc. nor the names of its
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

package com.facebook.presto.jdbc.internal.google.auth.http;

import com.facebook.presto.jdbc.internal.google.auth.Credentials;
import com.facebook.presto.jdbc.internal.google.api.client.http.HttpHeaders;
import com.facebook.presto.jdbc.internal.google.api.client.http.HttpRequest;
import com.facebook.presto.jdbc.internal.google.api.client.http.HttpRequestInitializer;
import com.facebook.presto.jdbc.internal.google.api.client.http.HttpResponse;
import com.facebook.presto.jdbc.internal.google.api.client.http.HttpStatusCodes;
import com.facebook.presto.jdbc.internal.google.api.client.http.HttpUnsuccessfulResponseHandler;
import com.facebook.presto.jdbc.internal.google.api.client.util.Preconditions;

import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;

/**
 * A wrapper for using Credentials with the Google API Client Libraries for Java with Http.
 */
public class HttpCredentialsAdapter
    implements HttpRequestInitializer, HttpUnsuccessfulResponseHandler {

  private static final Logger LOGGER = Logger.getLogger(HttpCredentialsAdapter.class.getName());

  /**
   * In case an abnormal HTTP response is received with {@code WWW-Authenticate} header, and its
   * value contains this error pattern, we will try to refresh the token.
   */
  private static final Pattern INVALID_TOKEN_ERROR =
      Pattern.compile("\\s*error\\s*=\\s*\"?invalid_token\"?");

  private final Credentials credentials;

  /**
   * @param credentials Credentials instance to adapt for HTTP
   */
  public HttpCredentialsAdapter(Credentials credentials) {
    Preconditions.checkNotNull(credentials);
    this.credentials = credentials;
  }

  /**
   * {@inheritDoc}
   *
   * Initialize the HTTP request prior to execution.
   *
   * @param request HTTP request
   */
  @Override
  public void initialize(HttpRequest request) throws IOException {
    request.setUnsuccessfulResponseHandler(this);

    if (!credentials.hasRequestMetadata()) {
      return;
    }
    HttpHeaders requestHeaders = request.getHeaders();
    URI uri = null;
    if (request.getUrl() != null) {
      uri = request.getUrl().toURI();
    }
    Map> credentialHeaders = credentials.getRequestMetadata(uri);
    if (credentialHeaders == null) {
      return;
    }
    for (Map.Entry> entry : credentialHeaders.entrySet()) {
      String headerName = entry.getKey();
      List requestValues = new ArrayList<>();
      requestValues.addAll(entry.getValue());
      requestHeaders.put(headerName, requestValues);
    }
  }

  /**
   * {@inheritDoc}
   * 

* Checks if {@code WWW-Authenticate} exists and contains a "Bearer" value * (see rfc6750 section 3.1 for more * details). If so, it refreshes the token in case the error code contains * {@code invalid_token}. If there is no "Bearer" in {@code WWW-Authenticate} and the status code * is {@link HttpStatusCodes#STATUS_CODE_UNAUTHORIZED} it refreshes the token. If * the token refresh throws an I/O exception, this implementation will log the * exception and return {@code false}. *

*/ @Override public boolean handleResponse(HttpRequest request, HttpResponse response, boolean supportsRetry) { boolean refreshToken = false; boolean bearer = false; List authenticateList = response.getHeaders().getAuthenticateAsList(); // if authenticate list is not null we will check if one of the entries contains "Bearer" if (authenticateList != null) { for (String authenticate : authenticateList) { if (authenticate.startsWith(InternalAuthHttpConstants.BEARER_PREFIX)) { // mark that we found a "Bearer" value, and check if there is a invalid_token error bearer = true; refreshToken = INVALID_TOKEN_ERROR.matcher(authenticate).find(); break; } } } // if "Bearer" wasn't found, we will refresh the token, if we got 401 if (!bearer) { refreshToken = response.getStatusCode() == HttpStatusCodes.STATUS_CODE_UNAUTHORIZED; } if (refreshToken) { try { credentials.refresh(); initialize(request); return true; } catch (IOException exception) { LOGGER.log(Level.SEVERE, "unable to refresh token", exception); } } return false; } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy