diff options
author | Simon Rettberg | 2017-08-08 13:55:14 +0200 |
---|---|---|
committer | Simon Rettberg | 2017-08-08 13:55:14 +0200 |
commit | bd999de22f4ff49521c608d66879d07218753c43 (patch) | |
tree | 5838c98c94c611087e93f2623c29e479b90edfd5 | |
parent | Request headers again; IdP request MUST be Content-Type: text/xml apparently (diff) | |
download | ecp-client-lean-bd999de22f4ff49521c608d66879d07218753c43.tar.gz ecp-client-lean-bd999de22f4ff49521c608d66879d07218753c43.tar.xz ecp-client-lean-bd999de22f4ff49521c608d66879d07218753c43.zip |
Update apache httpclient, minor cleanups
-rw-r--r-- | pom.xml | 4 | ||||
-rw-r--r-- | src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java | 1 | ||||
-rw-r--r-- | src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java | 27 | ||||
-rw-r--r-- | src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java | 45 | ||||
-rw-r--r-- | src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java | 17 |
5 files changed, 38 insertions, 56 deletions
@@ -3,7 +3,7 @@ <modelVersion>4.0.0</modelVersion>
<groupId>org.openslx.ecp</groupId>
<artifactId>ecp-client-lean</artifactId>
- <version>0.0.2-SNAPSHOT</version>
+ <version>0.0.3-SNAPSHOT</version>
<name>Lean ECP Client</name>
<description>ECP Client w/o OpenSAML Libs</description>
@@ -38,7 +38,7 @@ <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
- <version>[4.1,4.2.99]</version>
+ <version>[4.5.3,4.5.99]</version>
</dependency>
</dependencies>
</project>
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java index 0fc8b90..dca424f 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java @@ -17,6 +17,7 @@ public class ECPAuthenticationInfo { this.password = password;
this.idpEcpEndpoint = idpEcpEndpoint;
this.spUrl = spUrl;
+ this.authState = ECPAuthState.NOT_STARTED;
}
public String getUsername() {
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java index 60833a1..ce41f62 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java @@ -13,8 +13,7 @@ import org.apache.http.ParseException; import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.params.HttpParams;
+import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -23,24 +22,19 @@ import org.xml.sax.SAXException; public class ECPAuthenticator extends ECPAuthenticatorBase {
- public ECPAuthenticator(DefaultHttpClient client, String username, String password,
+ public ECPAuthenticator(CloseableHttpClient client, String username, String password,
URI idpEcpEndpoint, URI spUrl) {
super(client);
authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl);
- authInfo.setAuthState(ECPAuthState.NOT_STARTED);
}
public ECPAuthenticator(String username, String password,
URI idpEcpEndpoint, URI spUrl) {
- this(new DefaultHttpClient(), username, password, idpEcpEndpoint, spUrl);
- HttpParams params = client.getParams();
- params.setParameter("http.socket.timeout", 6000);
- params.setParameter("http.connection.timeout", 3000);
- params.setParameter("http.connection-manager.timeout", new Long(3000));
- params.setParameter("http.protocol.head-body-timeout", 5000);
+ super();
+ authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl);
}
- public void authenticate() throws ECPAuthenticationException {
+ public HttpResponse authenticate() throws ECPAuthenticationException {
logger.info("Starting authentication");
logger.info("Contacting SP " + authInfo.getSpUrl());
@@ -59,6 +53,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { try {
httpResponse = client.execute(httpGet);
responseBody = EntityUtils.toString(httpResponse.getEntity());
+ httpGet.reset();
} catch (IOException | ParseException e) {
logger.debug("Initial SP Request failed");
throw new ECPAuthenticationException(e);
@@ -123,7 +118,8 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { try {
httpPost.setEntity(new StringEntity(documentToString(idpResponse)));
httpResponse = client.execute(httpPost);
- responseBody = EntityUtils.toString(httpResponse.getEntity());
+ logger.info("Asserting resulted in " + httpResponse.getStatusLine());
+ httpPost.reset();
} catch (TransformerException | IOException e) {
logger.debug("Could not post assertion back to SP");
throw new ECPAuthenticationException(e);
@@ -133,14 +129,11 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { httpGet = new HttpGet(authInfo.getSpUrl().toString());
try {
httpResponse = client.execute(httpGet);
- responseBody = EntityUtils.toString(httpResponse.getEntity());
-
- logger.info(responseBody);
- } catch (IOException | ParseException e) {
+ } catch (IOException e) {
logger.debug("Could not request original URL");
throw new ECPAuthenticationException(e);
}
-
+ return httpResponse;
}
private String getStatusCode(Document idpResponse) {
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java index 048f1c7..84122bb 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java @@ -3,7 +3,6 @@ package edu.kit.scc.dei.ecplean; import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
import java.util.Observable;
import javax.xml.namespace.QName;
@@ -28,10 +27,12 @@ import org.apache.http.HttpStatus; import org.apache.http.ParseException;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.w3c.dom.Document;
import org.xml.sax.EntityResolver;
@@ -41,15 +42,16 @@ import org.xml.sax.SAXException; public abstract class ECPAuthenticatorBase extends Observable {
protected static Log logger = LogFactory.getLog(ECPAuthenticatorBase.class);
+
protected ECPAuthenticationInfo authInfo;
- protected DefaultHttpClient client;
+ protected CloseableHttpClient client;
protected DocumentBuilderFactory documentBuilderFactory;
protected XPathFactory xpathFactory;
protected NamespaceResolver namespaceResolver;
protected TransformerFactory transformerFactory;
- public ECPAuthenticatorBase(DefaultHttpClient client) {
- this.client = client;
+ public ECPAuthenticatorBase(CloseableHttpClient client) {
+ this.client = client == null ? HttpClients.createSystem() : client;
documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
@@ -64,41 +66,31 @@ public abstract class ECPAuthenticatorBase extends Observable { }
public ECPAuthenticatorBase() {
- this(new DefaultHttpClient());
+ this(null);
}
protected Document authenticateIdP(Document idpRequest)
throws ECPAuthenticationException {
logger.info("Sending initial IdP Request");
- client.getCredentialsProvider().setCredentials(
- new AuthScope(authInfo.getIdpEcpEndpoint().getHost(), authInfo.getIdpEcpEndpoint().getPort()),
+ BasicCredentialsProvider bcp = new BasicCredentialsProvider();
+ bcp.setCredentials(new AuthScope(authInfo.getIdpEcpEndpoint().getHost(), authInfo.getIdpEcpEndpoint().getPort()),
new UsernamePasswordCredentials(authInfo.getUsername(), authInfo.getPassword()));
+ HttpClientContext passwordContext = HttpClientContext.create();
+ passwordContext.setCredentialsProvider(bcp);
+
HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString());
HttpResponse httpResponse;
try {
httpPost.setEntity(new StringEntity(documentToString(idpRequest)));
- //httpPost.setHeader("Accept", "text/xml, text/html, application/vnd.paos+xml, application/soap+xml, text/xml, */*;q=0.1");
- //httpPost.setHeader("PAOS", "ver='urn:liberty:paos:2003-08';'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'");
httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");
- httpResponse = client.execute(httpPost);
+ httpResponse = client.execute(httpPost, passwordContext);
if (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED) {
throw new ECPAuthenticationException("User not authorized");
}
- } catch (UnsupportedEncodingException e) {
- logger.debug("Could not submit PAOS request to IdP");
- throw new ECPAuthenticationException(e);
- } catch (TransformerConfigurationException e) {
- logger.debug("Could not submit PAOS request to IdP");
- throw new ECPAuthenticationException(e);
- } catch (ClientProtocolException e) {
- logger.debug("Could not submit PAOS request to IdP");
- throw new ECPAuthenticationException(e);
- } catch (TransformerException e) {
- logger.debug("Could not submit PAOS request to IdP");
- throw new ECPAuthenticationException(e);
- } catch (IOException e) {
+ } catch (Exception e) {
+ httpPost.reset();
logger.debug("Could not submit PAOS request to IdP");
throw new ECPAuthenticationException(e);
}
@@ -106,6 +98,7 @@ public abstract class ECPAuthenticatorBase extends Observable { String responseBody;
try {
responseBody = EntityUtils.toString(httpResponse.getEntity());
+ httpPost.reset();
return buildDocumentFromString(responseBody);
} catch (ParseException e) {
logger.debug("Could not read response from IdP");
@@ -153,7 +146,7 @@ public abstract class ECPAuthenticatorBase extends Observable { return result.getWriter().toString();
}
- public DefaultHttpClient getHttpClient() {
+ public CloseableHttpClient getHttpClient() {
return client;
}
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java index 0eb035b..54227e6 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java @@ -4,31 +4,29 @@ import java.io.IOException; import java.net.URI;
import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathException;
-import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.client.CloseableHttpClient;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
public class ECPIdPAuth extends ECPAuthenticatorBase {
-
+
public ECPIdPAuth(String username, String password,
URI idpEcpEndpoint) {
- this(new DefaultHttpClient(), username, password, idpEcpEndpoint);
+ super();
+ authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, null);
}
- public ECPIdPAuth(DefaultHttpClient client, String username, String password,
+ public ECPIdPAuth(CloseableHttpClient client, String username, String password,
URI idpEcpEndpoint) {
super(client);
-
authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, null);
- authInfo.setAuthState(ECPAuthState.NOT_STARTED);
}
-
+
public String authenticate(String paosMessage) throws ECPAuthenticationException {
Document initResponse;
@@ -70,9 +68,6 @@ public class ECPIdPAuth extends ECPAuthenticatorBase { try {
return documentToString(idpResponse);
- } catch (TransformerConfigurationException e) {
- logger.debug("documentToString failed");
- throw new ECPAuthenticationException(e);
} catch (TransformerException e) {
logger.debug("documentToString failed");
throw new ECPAuthenticationException(e);
|