1 /*
2 * $Header: /home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commons//httpclient/src/java/org/apache/commons/httpclient/HttpMethodDirector.java,v 1.34 2005/01/14 19:40:39 olegk Exp $
3 * $Revision: 486658 $
4 * $Date: 2006-12-13 15:05:50 +0100 (Wed, 13 Dec 2006) $
5 *
6 * ====================================================================
7 *
8 * Licensed to the Apache Software Foundation (ASF) under one or more
9 * contributor license agreements. See the NOTICE file distributed with
10 * this work for additional information regarding copyright ownership.
11 * The ASF licenses this file to You under the Apache License, Version 2.0
12 * (the "License"); you may not use this file except in compliance with
13 * the License. You may obtain a copy of the License at
14 *
15 * http://www.apache.org/licenses/LICENSE-2.0
16 *
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
22 * ====================================================================
23 *
24 * This software consists of voluntary contributions made by many
25 * individuals on behalf of the Apache Software Foundation. For more
26 * information on the Apache Software Foundation, please see
27 * <http://www.apache.org/>.
28 *
29 */
30
31 package org.apache.commons.httpclient;
32
33 import java.io.IOException;
34 import java.util.Collection;
35 import java.util.HashSet;
36 import java.util.Iterator;
37 import java.util.Map;
38 import java.util.Set;
39
40 import org.apache.commons.httpclient.auth.AuthChallengeException;
41 import org.apache.commons.httpclient.auth.AuthChallengeParser;
42 import org.apache.commons.httpclient.auth.AuthChallengeProcessor;
43 import org.apache.commons.httpclient.auth.AuthScheme;
44 import org.apache.commons.httpclient.auth.AuthState;
45 import org.apache.commons.httpclient.auth.AuthenticationException;
46 import org.apache.commons.httpclient.auth.CredentialsProvider;
47 import org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
48 import org.apache.commons.httpclient.auth.AuthScope;
49 import org.apache.commons.httpclient.auth.MalformedChallengeException;
50 import org.apache.commons.httpclient.params.HostParams;
51 import org.apache.commons.httpclient.params.HttpClientParams;
52 import org.apache.commons.httpclient.params.HttpConnectionParams;
53 import org.apache.commons.httpclient.params.HttpMethodParams;
54 import org.apache.commons.httpclient.params.HttpParams;
55 import org.apache.commons.logging.Log;
56 import org.apache.commons.logging.LogFactory;
57
58 /**
59 * Handles the process of executing a method including authentication, redirection and retries.
60 *
61 * @since 3.0
62 */
63 class HttpMethodDirector {
64
65 /** The www authenticate challange header. */
66 public static final String WWW_AUTH_CHALLENGE = "WWW-Authenticate";
67
68 /** The www authenticate response header. */
69 public static final String WWW_AUTH_RESP = "Authorization";
70
71 /** The proxy authenticate challange header. */
72 public static final String PROXY_AUTH_CHALLENGE = "Proxy-Authenticate";
73
74 /** The proxy authenticate response header. */
75 public static final String PROXY_AUTH_RESP = "Proxy-Authorization";
76
77 private static final Log LOG = LogFactory.getLog(HttpMethodDirector.class);
78
79 private ConnectMethod connectMethod;
80
81 private HttpState state;
82
83 private HostConfiguration hostConfiguration;
84
85 private HttpConnectionManager connectionManager;
86
87 private HttpClientParams params;
88
89 private HttpConnection conn;
90
91 /** A flag to indicate if the connection should be released after the method is executed. */
92 private boolean releaseConnection = false;
93
94 /** Authentication processor */
95 private AuthChallengeProcessor authProcessor = null;
96
97 private Set redirectLocations = null;
98
99 public HttpMethodDirector(
100 final HttpConnectionManager connectionManager,
101 final HostConfiguration hostConfiguration,
102 final HttpClientParams params,
103 final HttpState state
104 ) {
105 super();
106 this.connectionManager = connectionManager;
107 this.hostConfiguration = hostConfiguration;
108 this.params = params;
109 this.state = state;
110 this.authProcessor = new AuthChallengeProcessor(this.params);
111 }
112
113
114 /**
115 * Executes the method associated with this method director.
116 *
117 * @throws IOException
118 * @throws HttpException
119 */
120 public void executeMethod(final HttpMethod method) throws IOException, HttpException {
121 if (method == null) {
122 throw new IllegalArgumentException("Method may not be null");
123 }
124 // Link all parameter collections to form the hierarchy:
125 // Global -> HttpClient -> HostConfiguration -> HttpMethod
126 this.hostConfiguration.getParams().setDefaults(this.params);
127 method.getParams().setDefaults(this.hostConfiguration.getParams());
128
129 // Generate default request headers
130 Collection defaults = (Collection)this.hostConfiguration.getParams().
131 getParameter(HostParams.DEFAULT_HEADERS);
132 if (defaults != null) {
133 Iterator i = defaults.iterator();
134 while (i.hasNext()) {
135 method.addRequestHeader((Header)i.next());
136 }
137 }
138
139 try {
140 int maxRedirects = this.params.getIntParameter(HttpClientParams.MAX_REDIRECTS, 100);
141
142 for (int redirectCount = 0;;) {
143
144 // make sure the connection we have is appropriate
145 if (this.conn != null && !hostConfiguration.hostEquals(this.conn)) {
146 this.conn.setLocked(false);
147 this.conn.releaseConnection();
148 this.conn = null;
149 }
150
151 // get a connection, if we need one
152 if (this.conn == null) {
153 this.conn = connectionManager.getConnectionWithTimeout(
154 hostConfiguration,
155 this.params.getConnectionManagerTimeout()
156 );
157 this.conn.setLocked(true);
158 if (this.params.isAuthenticationPreemptive()
159 || this.state.isAuthenticationPreemptive())
160 {
161 LOG.debug("Preemptively sending default basic credentials");
162 method.getHostAuthState().setPreemptive();
163 method.getHostAuthState().setAuthAttempted(true);
164 if (this.conn.isProxied() && !this.conn.isSecure()) {
165 method.getProxyAuthState().setPreemptive();
166 method.getProxyAuthState().setAuthAttempted(true);
167 }
168 }
169 }
170 authenticate(method);
171 executeWithRetry(method);
172 if (this.connectMethod != null) {
173 fakeResponse(method);
174 break;
175 }
176
177 boolean retry = false;
178 if (isRedirectNeeded(method)) {
179 if (processRedirectResponse(method)) {
180 retry = true;
181 ++redirectCount;
182 if (redirectCount >= maxRedirects) {
183 LOG.error("Narrowly avoided an infinite loop in execute");
184 throw new RedirectException("Maximum redirects ("
185 + maxRedirects + ") exceeded");
186 }
187 if (LOG.isDebugEnabled()) {
188 LOG.debug("Execute redirect " + redirectCount + " of " + maxRedirects);
189 }
190 }
191 }
192 if (isAuthenticationNeeded(method)) {
193 if (processAuthenticationResponse(method)) {
194 LOG.debug("Retry authentication");
195 retry = true;
196 }
197 }
198 if (!retry) {
199 break;
200 }
201 // retry - close previous stream. Caution - this causes
202 // responseBodyConsumed to be called, which may also close the
203 // connection.
204 if (method.getResponseBodyAsStream() != null) {
205 method.getResponseBodyAsStream().close();
206 }
207
208 } //end of retry loop
209 } finally {
210 if (this.conn != null) {
211 this.conn.setLocked(false);
212 }
213 // If the response has been fully processed, return the connection
214 // to the pool. Use this flag, rather than other tests (like
215 // responseStream == null), as subclasses, might reset the stream,
216 // for example, reading the entire response into a file and then
217 // setting the file as the stream.
218 if (
219 (releaseConnection || method.getResponseBodyAsStream() == null)
220 && this.conn != null
221 ) {
222 this.conn.releaseConnection();
223 }
224 }
225
226 }
227
228
229 private void authenticate(final HttpMethod method) {
230 try {
231 if (this.conn.isProxied() && !this.conn.isSecure()) {
232 authenticateProxy(method);
233 }
234 authenticateHost(method);
235 } catch (AuthenticationException e) {
236 LOG.error(e.getMessage(), e);
237 }
238 }
239
240
241 private boolean cleanAuthHeaders(final HttpMethod method, final String name) {
242 Header[] authheaders = method.getRequestHeaders(name);
243 boolean clean = true;
244 for (int i = 0; i < authheaders.length; i++) {
245 Header authheader = authheaders[i];
246 if (authheader.isAutogenerated()) {
247 method.removeRequestHeader(authheader);
248 } else {
249 clean = false;
250 }
251 }
252 return clean;
253 }
254
255
256 private void authenticateHost(final HttpMethod method) throws AuthenticationException {
257 // Clean up existing authentication headers
258 if (!cleanAuthHeaders(method, WWW_AUTH_RESP)) {
259 // User defined authentication header(s) present
260 return;
261 }
262 AuthState authstate = method.getHostAuthState();
263 AuthScheme authscheme = authstate.getAuthScheme();
264 if (authscheme == null) {
265 return;
266 }
267 if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
268 String host = method.getParams().getVirtualHost();
269 if (host == null) {
270 host = conn.getHost();
271 }
272 int port = conn.getPort();
273 AuthScope authscope = new AuthScope(
274 host, port,
275 authscheme.getRealm(),
276 authscheme.getSchemeName());
277 if (LOG.isDebugEnabled()) {
278 LOG.debug("Authenticating with " + authscope);
279 }
280 Credentials credentials = this.state.getCredentials(authscope);
281 if (credentials != null) {
282 String authstring = authscheme.authenticate(credentials, method);
283 if (authstring != null) {
284 method.addRequestHeader(new Header(WWW_AUTH_RESP, authstring, true));
285 }
286 } else {
287 if (LOG.isWarnEnabled()) {
288 LOG.warn("Required credentials not available for " + authscope);
289 if (method.getHostAuthState().isPreemptive()) {
290 LOG.warn("Preemptive authentication requested but no default " +
291 "credentials available");
292 }
293 }
294 }
295 }
296 }
297
298
299 private void authenticateProxy(final HttpMethod method) throws AuthenticationException {
300 // Clean up existing authentication headers
301 if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) {
302 // User defined authentication header(s) present
303 return;
304 }
305 AuthState authstate = method.getProxyAuthState();
306 AuthScheme authscheme = authstate.getAuthScheme();
307 if (authscheme == null) {
308 return;
309 }
310 if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
311 AuthScope authscope = new AuthScope(
312 conn.getProxyHost(), conn.getProxyPort(),
313 authscheme.getRealm(),
314 authscheme.getSchemeName());
315 if (LOG.isDebugEnabled()) {
316 LOG.debug("Authenticating with " + authscope);
317 }
318 Credentials credentials = this.state.getProxyCredentials(authscope);
319 if (credentials != null) {
320 String authstring = authscheme.authenticate(credentials, method);
321 if (authstring != null) {
322 method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true));
323 }
324 } else {
325 if (LOG.isWarnEnabled()) {
326 LOG.warn("Required proxy credentials not available for " + authscope);
327 if (method.getProxyAuthState().isPreemptive()) {
328 LOG.warn("Preemptive authentication requested but no default " +
329 "proxy credentials available");
330 }
331 }
332 }
333 }
334 }
335
336
337 /**
338 * Applies connection parameters specified for a given method
339 *
340 * @param method HTTP method
341 *
342 * @throws IOException if an I/O occurs setting connection parameters
343 */
344 private void applyConnectionParams(final HttpMethod method) throws IOException {
345 int timeout = 0;
346 // see if a timeout is given for this method
347 Object param = method.getParams().getParameter(HttpMethodParams.SO_TIMEOUT);
348 if (param == null) {
349 // if not, use the default value
350 param = this.conn.getParams().getParameter(HttpConnectionParams.SO_TIMEOUT);
351 }
352 if (param != null) {
353 timeout = ((Integer)param).intValue();
354 }
355 this.conn.setSocketTimeout(timeout);
356 }
357
358 /**
359 * Executes a method with the current hostConfiguration.
360 *
361 * @throws IOException if an I/O (transport) error occurs. Some transport exceptions
362 * can be recovered from.
363 * @throws HttpException if a protocol exception occurs. Usually protocol exceptions
364 * cannot be recovered from.
365 */
366 private void executeWithRetry(final HttpMethod method)
367 throws IOException, HttpException {
368
369 /** How many times did this transparently handle a recoverable exception? */
370 int execCount = 0;
371 // loop until the method is successfully processed, the retryHandler
372 // returns false or a non-recoverable exception is thrown
373 try {
374 while (true) {
375 execCount++;
376 try {
377
378 if (LOG.isTraceEnabled()) {
379 LOG.trace("Attempt number " + execCount + " to process request");
380 }
381 if (this.conn.getParams().isStaleCheckingEnabled()) {
382 this.conn.closeIfStale();
383 }
384 if (!this.conn.isOpen()) {
385 // this connection must be opened before it can be used
386 // This has nothing to do with opening a secure tunnel
387 this.conn.open();
388 if (this.conn.isProxied() && this.conn.isSecure()
389 && !(method instanceof ConnectMethod)) {
390 // we need to create a secure tunnel before we can execute the real method
391 if (!executeConnect()) {
392 // abort, the connect method failed
393 return;
394 }
395 }
396 }
397 applyConnectionParams(method);
398 method.execute(state, this.conn);
399 break;
400 } catch (HttpException e) {
401 // filter out protocol exceptions which cannot be recovered from
402 throw e;
403 } catch (IOException e) {
404 LOG.debug("Closing the connection.");
405 this.conn.close();
406 // test if this method should be retried
407 // ========================================
408 // this code is provided for backward compatibility with 2.0
409 // will be removed in the next major release
410 if (method instanceof HttpMethodBase) {
411 MethodRetryHandler handler =
412 ((HttpMethodBase)method).getMethodRetryHandler();
413 if (handler != null) {
414 if (!handler.retryMethod(
415 method,
416 this.conn,
417 new HttpRecoverableException(e.getMessage()),
418 execCount,
419 method.isRequestSent())) {
420 LOG.debug("Method retry handler returned false. "
421 + "Automatic recovery will not be attempted");
422 throw e;
423 }
424 }
425 }
426 // ========================================
427 HttpMethodRetryHandler handler =
428 (HttpMethodRetryHandler)method.getParams().getParameter(
429 HttpMethodParams.RETRY_HANDLER);
430 if (handler == null) {
431 handler = new DefaultHttpMethodRetryHandler();
432 }
433 if (!handler.retryMethod(method, e, execCount)) {
434 LOG.debug("Method retry handler returned false. "
435 + "Automatic recovery will not be attempted");
436 throw e;
437 }
438 if (LOG.isInfoEnabled()) {
439 LOG.info("I/O exception ("+ e.getClass().getName() +") caught when processing request: "
440 + e.getMessage());
441 }
442 if (LOG.isDebugEnabled()) {
443 LOG.debug(e.getMessage(), e);
444 }
445 LOG.info("Retrying request");
446 }
447 }
448 } catch (IOException e) {
449 if (this.conn.isOpen()) {
450 LOG.debug("Closing the connection.");
451 this.conn.close();
452 }
453 releaseConnection = true;
454 throw e;
455 } catch (RuntimeException e) {
456 if (this.conn.isOpen()) {
457 LOG.debug("Closing the connection.");
458 this.conn.close();
459 }
460 releaseConnection = true;
461 throw e;
462 }
463 }
464
465 /**
466 * Executes a ConnectMethod to establish a tunneled connection.
467 *
468 * @return <code>true</code> if the connect was successful
469 *
470 * @throws IOException
471 * @throws HttpException
472 */
473 private boolean executeConnect()
474 throws IOException, HttpException {
475
476 this.connectMethod = new ConnectMethod(this.hostConfiguration);
477 this.connectMethod.getParams().setDefaults(this.hostConfiguration.getParams());
478
479 int code;
480 for (;;) {
481 if (!this.conn.isOpen()) {
482 this.conn.open();
483 }
484 if (this.params.isAuthenticationPreemptive()
485 || this.state.isAuthenticationPreemptive()) {
486 LOG.debug("Preemptively sending default basic credentials");
487 this.connectMethod.getProxyAuthState().setPreemptive();
488 this.connectMethod.getProxyAuthState().setAuthAttempted(true);
489 }
490 try {
491 authenticateProxy(this.connectMethod);
492 } catch (AuthenticationException e) {
493 LOG.error(e.getMessage(), e);
494 }
495 applyConnectionParams(this.connectMethod);
496 this.connectMethod.execute(state, this.conn);
497 code = this.connectMethod.getStatusCode();
498 boolean retry = false;
499 AuthState authstate = this.connectMethod.getProxyAuthState();
500 authstate.setAuthRequested(code == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED);
501 if (authstate.isAuthRequested()) {
502 if (processAuthenticationResponse(this.connectMethod)) {
503 retry = true;
504 }
505 }
506 if (!retry) {
507 break;
508 }
509 if (this.connectMethod.getResponseBodyAsStream() != null) {
510 this.connectMethod.getResponseBodyAsStream().close();
511 }
512 }
513 if ((code >= 200) && (code < 300)) {
514 this.conn.tunnelCreated();
515 // Drop the connect method, as it is no longer needed
516 this.connectMethod = null;
517 return true;
518 } else {
519 this.conn.close();
520 return false;
521 }
522 }
523
524 /**
525 * Fake response
526 * @param method
527 * @return
528 */
529
530 private void fakeResponse(final HttpMethod method)
531 throws IOException, HttpException {
532 // What is to follow is an ugly hack.
533 // I REALLY hate having to resort to such
534 // an appalling trick
535 // The only feasible solution is to split monolithic
536 // HttpMethod into HttpRequest/HttpResponse pair.
537 // That would allow to execute CONNECT method
538 // behind the scene and return CONNECT HttpResponse
539 // object in response to the original request that
540 // contains the correct status line, headers &
541 // response body.
542 LOG.debug("CONNECT failed, fake the response for the original method");
543 // Pass the status, headers and response stream to the wrapped
544 // method.
545 // To ensure that the connection is not released more than once
546 // this method is still responsible for releasing the connection.
547 // This will happen when the response body is consumed, or when
548 // the wrapped method closes the response connection in
549 // releaseConnection().
550 if (method instanceof HttpMethodBase) {
551 ((HttpMethodBase) method).fakeResponse(
552 this.connectMethod.getStatusLine(),
553 this.connectMethod.getResponseHeaderGroup(),
554 this.connectMethod.getResponseBodyAsStream()
555 );
556 method.getProxyAuthState().setAuthScheme(
557 this.connectMethod.getProxyAuthState().getAuthScheme());
558 this.connectMethod = null;
559 } else {
560 releaseConnection = true;
561 LOG.warn(
562 "Unable to fake response on method as it is not derived from HttpMethodBase.");
563 }
564 }
565
566 /**
567 * Process the redirect response.
568 *
569 * @return <code>true</code> if the redirect was successful
570 */
571 private boolean processRedirectResponse(final HttpMethod method)
572 throws RedirectException {
573 //get the location header to find out where to redirect to
574 Header locationHeader = method.getResponseHeader("location");
575 if (locationHeader == null) {
576 // got a redirect response, but no location header
577 LOG.error("Received redirect response " + method.getStatusCode()
578 + " but no location header");
579 return false;
580 }
581 String location = locationHeader.getValue();
582 if (LOG.isDebugEnabled()) {
583 LOG.debug("Redirect requested to location '" + location + "'");
584 }
585
586 //rfc2616 demands the location value be a complete URI
587 //Location = "Location" ":" absoluteURI
588 URI redirectUri = null;
589 URI currentUri = null;
590
591 try {
592 currentUri = new URI(
593 this.conn.getProtocol().getScheme(),
594 null,
595 this.conn.getHost(),
596 this.conn.getPort(),
597 method.getPath()
598 );
599
600 String charset = method.getParams().getUriCharset();
601 redirectUri = new URI(location, true, charset);
602
603 if (redirectUri.isRelativeURI()) {
604 if (this.params.isParameterTrue(HttpClientParams.REJECT_RELATIVE_REDIRECT)) {
605 LOG.warn("Relative redirect location '" + location + "' not allowed");
606 return false;
607 } else {
608 //location is incomplete, use current values for defaults
609 LOG.debug("Redirect URI is not absolute - parsing as relative");
610 redirectUri = new URI(currentUri, redirectUri);
611 }
612 } else {
613 // Reset the default params
614 method.getParams().setDefaults(this.params);
615 }
616 method.setURI(redirectUri);
617 hostConfiguration.setHost(redirectUri);
618 } catch (URIException ex) {
619 throw new InvalidRedirectLocationException(
620 "Invalid redirect location: " + location, location, ex);
621 }
622
623 if (this.params.isParameterFalse(HttpClientParams.ALLOW_CIRCULAR_REDIRECTS)) {
624 if (this.redirectLocations == null) {
625 this.redirectLocations = new HashSet();
626 }
627 this.redirectLocations.add(currentUri);
628 try {
629 if(redirectUri.hasQuery()) {
630 redirectUri.setQuery(null);
631 }
632 } catch (URIException e) {
633 // Should never happen
634 return false;
635 }
636
637 if (this.redirectLocations.contains(redirectUri)) {
638 throw new CircularRedirectException("Circular redirect to '" +
639 redirectUri + "'");
640 }
641 }
642
643 if (LOG.isDebugEnabled()) {
644 LOG.debug("Redirecting from '" + currentUri.getEscapedURI()
645 + "' to '" + redirectUri.getEscapedURI());
646 }
647 //And finally invalidate the actual authentication scheme
648 method.getHostAuthState().invalidate();
649 return true;
650 }
651
652 /**
653 * Processes a response that requires authentication
654 *
655 * @param method the current {@link HttpMethod HTTP method}
656 *
657 * @return <tt>true</tt> if the authentication challenge can be responsed to,
658 * (that is, at least one of the requested authentication scheme is supported,
659 * and matching credentials have been found), <tt>false</tt> otherwise.
660 */
661 private boolean processAuthenticationResponse(final HttpMethod method) {
662 LOG.trace("enter HttpMethodBase.processAuthenticationResponse("
663 + "HttpState, HttpConnection)");
664
665 try {
666 switch (method.getStatusCode()) {
667 case HttpStatus.SC_UNAUTHORIZED:
668 return processWWWAuthChallenge(method);
669 case HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED:
670 return processProxyAuthChallenge(method);
671 default:
672 return false;
673 }
674 } catch (Exception e) {
675 if (LOG.isErrorEnabled()) {
676 LOG.error(e.getMessage(), e);
677 }
678 return false;
679 }
680 }
681
682 private boolean processWWWAuthChallenge(final HttpMethod method)
683 throws MalformedChallengeException, AuthenticationException
684 {
685 AuthState authstate = method.getHostAuthState();
686 Map challenges = AuthChallengeParser.parseChallenges(
687 method.getResponseHeaders(WWW_AUTH_CHALLENGE));
688 if (challenges.isEmpty()) {
689 LOG.debug("Authentication challenge(s) not found");
690 return false;
691 }
692 AuthScheme authscheme = null;
693 try {
694 authscheme = this.authProcessor.processChallenge(authstate, challenges);
695 } catch (AuthChallengeException e) {
696 if (LOG.isWarnEnabled()) {
697 LOG.warn(e.getMessage());
698 }
699 }
700 if (authscheme == null) {
701 return false;
702 }
703 String host = method.getParams().getVirtualHost();
704 if (host == null) {
705 host = conn.getHost();
706 }
707 int port = conn.getPort();
708 AuthScope authscope = new AuthScope(
709 host, port,
710 authscheme.getRealm(),
711 authscheme.getSchemeName());
712
713 if (LOG.isDebugEnabled()) {
714 LOG.debug("Authentication scope: " + authscope);
715 }
716 if (authstate.isAuthAttempted() && authscheme.isComplete()) {
717 // Already tried and failed
718 Credentials credentials = promptForCredentials(
719 authscheme, method.getParams(), authscope);
720 if (credentials == null) {
721 if (LOG.isInfoEnabled()) {
722 LOG.info("Failure authenticating with " + authscope);
723 }
724 return false;
725 } else {
726 return true;
727 }
728 } else {
729 authstate.setAuthAttempted(true);
730 Credentials credentials = this.state.getCredentials(authscope);
731 if (credentials == null) {
732 credentials = promptForCredentials(
733 authscheme, method.getParams(), authscope);
734 }
735 if (credentials == null) {
736 if (LOG.isInfoEnabled()) {
737 LOG.info("No credentials available for " + authscope);
738 }
739 return false;
740 } else {
741 return true;
742 }
743 }
744 }
745
746 private boolean processProxyAuthChallenge(final HttpMethod method)
747 throws MalformedChallengeException, AuthenticationException
748 {
749 AuthState authstate = method.getProxyAuthState();
750 Map proxyChallenges = AuthChallengeParser.parseChallenges(
751 method.getResponseHeaders(PROXY_AUTH_CHALLENGE));
752 if (proxyChallenges.isEmpty()) {
753 LOG.debug("Proxy authentication challenge(s) not found");
754 return false;
755 }
756 AuthScheme authscheme = null;
757 try {
758 authscheme = this.authProcessor.processChallenge(authstate, proxyChallenges);
759 } catch (AuthChallengeException e) {
760 if (LOG.isWarnEnabled()) {
761 LOG.warn(e.getMessage());
762 }
763 }
764 if (authscheme == null) {
765 return false;
766 }
767 AuthScope authscope = new AuthScope(
768 conn.getProxyHost(), conn.getProxyPort(),
769 authscheme.getRealm(),
770 authscheme.getSchemeName());
771
772 if (LOG.isDebugEnabled()) {
773 LOG.debug("Proxy authentication scope: " + authscope);
774 }
775 if (authstate.isAuthAttempted() && authscheme.isComplete()) {
776 // Already tried and failed
777 Credentials credentials = promptForProxyCredentials(
778 authscheme, method.getParams(), authscope);
779 if (credentials == null) {
780 if (LOG.isInfoEnabled()) {
781 LOG.info("Failure authenticating with " + authscope);
782 }
783 return false;
784 } else {
785 return true;
786 }
787 } else {
788 authstate.setAuthAttempted(true);
789 Credentials credentials = this.state.getProxyCredentials(authscope);
790 if (credentials == null) {
791 credentials = promptForProxyCredentials(
792 authscheme, method.getParams(), authscope);
793 }
794 if (credentials == null) {
795 if (LOG.isInfoEnabled()) {
796 LOG.info("No credentials available for " + authscope);
797 }
798 return false;
799 } else {
800 return true;
801 }
802 }
803 }
804
805 /**
806 * Tests if the {@link HttpMethod method} requires a redirect to another location.
807 *
808 * @param method HTTP method
809 *
810 * @return boolean <tt>true</tt> if a retry is needed, <tt>false</tt> otherwise.
811 */
812 private boolean isRedirectNeeded(final HttpMethod method) {
813 switch (method.getStatusCode()) {
814 case HttpStatus.SC_MOVED_TEMPORARILY:
815 case HttpStatus.SC_MOVED_PERMANENTLY:
816 case HttpStatus.SC_SEE_OTHER:
817 case HttpStatus.SC_TEMPORARY_REDIRECT:
818 LOG.debug("Redirect required");
819 if (method.getFollowRedirects()) {
820 return true;
821 } else {
822 return false;
823 }
824 default:
825 return false;
826 } //end of switch
827 }
828
829 /**
830 * Tests if the {@link HttpMethod method} requires authentication.
831 *
832 * @param method HTTP method
833 *
834 * @return boolean <tt>true</tt> if a retry is needed, <tt>false</tt> otherwise.
835 */
836 private boolean isAuthenticationNeeded(final HttpMethod method) {
837 method.getHostAuthState().setAuthRequested(
838 method.getStatusCode() == HttpStatus.SC_UNAUTHORIZED);
839 method.getProxyAuthState().setAuthRequested(
840 method.getStatusCode() == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED);
841 if (method.getHostAuthState().isAuthRequested() ||
842 method.getProxyAuthState().isAuthRequested()) {
843 LOG.debug("Authorization required");
844 if (method.getDoAuthentication()) { //process authentication response
845 return true;
846 } else { //let the client handle the authenticaiton
847 LOG.info("Authentication requested but doAuthentication is "
848 + "disabled");
849 return false;
850 }
851 } else {
852 return false;
853 }
854 }
855
856 private Credentials promptForCredentials(
857 final AuthScheme authScheme,
858 final HttpParams params,
859 final AuthScope authscope)
860 {
861 LOG.debug("Credentials required");
862 Credentials creds = null;
863 CredentialsProvider credProvider =
864 (CredentialsProvider)params.getParameter(CredentialsProvider.PROVIDER);
865 if (credProvider != null) {
866 try {
867 creds = credProvider.getCredentials(
868 authScheme, authscope.getHost(), authscope.getPort(), false);
869 } catch (CredentialsNotAvailableException e) {
870 LOG.warn(e.getMessage());
871 }
872 if (creds != null) {
873 this.state.setCredentials(authscope, creds);
874 if (LOG.isDebugEnabled()) {
875 LOG.debug(authscope + " new credentials given");
876 }
877 }
878 } else {
879 LOG.debug("Credentials provider not available");
880 }
881 return creds;
882 }
883
884 private Credentials promptForProxyCredentials(
885 final AuthScheme authScheme,
886 final HttpParams params,
887 final AuthScope authscope)
888 {
889 LOG.debug("Proxy credentials required");
890 Credentials creds = null;
891 CredentialsProvider credProvider =
892 (CredentialsProvider)params.getParameter(CredentialsProvider.PROVIDER);
893 if (credProvider != null) {
894 try {
895 creds = credProvider.getCredentials(
896 authScheme, authscope.getHost(), authscope.getPort(), true);
897 } catch (CredentialsNotAvailableException e) {
898 LOG.warn(e.getMessage());
899 }
900 if (creds != null) {
901 this.state.setProxyCredentials(authscope, creds);
902 if (LOG.isDebugEnabled()) {
903 LOG.debug(authscope + " new credentials given");
904 }
905 }
906 } else {
907 LOG.debug("Proxy credentials provider not available");
908 }
909 return creds;
910 }
911
912 /**
913 * @return
914 */
915 public HostConfiguration getHostConfiguration() {
916 return hostConfiguration;
917 }
918
919 /**
920 * @return
921 */
922 public HttpState getState() {
923 return state;
924 }
925
926 /**
927 * @return
928 */
929 public HttpConnectionManager getConnectionManager() {
930 return connectionManager;
931 }
932
933 /**
934 * @return
935 */
936 public HttpParams getParams() {
937 return this.params;
938 }
939 }
Save This Page