From bd999de22f4ff49521c608d66879d07218753c43 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 8 Aug 2017 13:55:14 +0200 Subject: Update apache httpclient, minor cleanups --- pom.xml | 4 +- .../kit/scc/dei/ecplean/ECPAuthenticationInfo.java | 1 + .../edu/kit/scc/dei/ecplean/ECPAuthenticator.java | 27 +++++-------- .../kit/scc/dei/ecplean/ECPAuthenticatorBase.java | 45 +++++++++------------- .../java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java | 17 +++----- 5 files changed, 38 insertions(+), 56 deletions(-) diff --git a/pom.xml b/pom.xml index aeb1c82..8499597 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ 4.0.0 org.openslx.ecp ecp-client-lean - 0.0.2-SNAPSHOT + 0.0.3-SNAPSHOT Lean ECP Client ECP Client w/o OpenSAML Libs @@ -38,7 +38,7 @@ org.apache.httpcomponents httpclient - [4.1,4.2.99] + [4.5.3,4.5.99] diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java index 0fc8b90..dca424f 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java @@ -17,6 +17,7 @@ public class ECPAuthenticationInfo { this.password = password; this.idpEcpEndpoint = idpEcpEndpoint; this.spUrl = spUrl; + this.authState = ECPAuthState.NOT_STARTED; } public String getUsername() { diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java index 60833a1..ce41f62 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java @@ -13,8 +13,7 @@ import org.apache.http.ParseException; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.params.HttpParams; +import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.util.EntityUtils; import org.w3c.dom.Document; import org.w3c.dom.Node; @@ -23,24 +22,19 @@ import org.xml.sax.SAXException; public class ECPAuthenticator extends ECPAuthenticatorBase { - public ECPAuthenticator(DefaultHttpClient client, String username, String password, + public ECPAuthenticator(CloseableHttpClient client, String username, String password, URI idpEcpEndpoint, URI spUrl) { super(client); authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl); - authInfo.setAuthState(ECPAuthState.NOT_STARTED); } public ECPAuthenticator(String username, String password, URI idpEcpEndpoint, URI spUrl) { - this(new DefaultHttpClient(), username, password, idpEcpEndpoint, spUrl); - HttpParams params = client.getParams(); - params.setParameter("http.socket.timeout", 6000); - params.setParameter("http.connection.timeout", 3000); - params.setParameter("http.connection-manager.timeout", new Long(3000)); - params.setParameter("http.protocol.head-body-timeout", 5000); + super(); + authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl); } - public void authenticate() throws ECPAuthenticationException { + public HttpResponse authenticate() throws ECPAuthenticationException { logger.info("Starting authentication"); logger.info("Contacting SP " + authInfo.getSpUrl()); @@ -59,6 +53,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { try { httpResponse = client.execute(httpGet); responseBody = EntityUtils.toString(httpResponse.getEntity()); + httpGet.reset(); } catch (IOException | ParseException e) { logger.debug("Initial SP Request failed"); throw new ECPAuthenticationException(e); @@ -123,7 +118,8 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { try { httpPost.setEntity(new StringEntity(documentToString(idpResponse))); httpResponse = client.execute(httpPost); - responseBody = EntityUtils.toString(httpResponse.getEntity()); + logger.info("Asserting resulted in " + httpResponse.getStatusLine()); + httpPost.reset(); } catch (TransformerException | IOException e) { logger.debug("Could not post assertion back to SP"); throw new ECPAuthenticationException(e); @@ -133,14 +129,11 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { httpGet = new HttpGet(authInfo.getSpUrl().toString()); try { httpResponse = client.execute(httpGet); - responseBody = EntityUtils.toString(httpResponse.getEntity()); - - logger.info(responseBody); - } catch (IOException | ParseException e) { + } catch (IOException e) { logger.debug("Could not request original URL"); throw new ECPAuthenticationException(e); } - + return httpResponse; } private String getStatusCode(Document idpResponse) { diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java index 048f1c7..84122bb 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java @@ -3,7 +3,6 @@ package edu.kit.scc.dei.ecplean; import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; -import java.io.UnsupportedEncodingException; import java.util.Observable; import javax.xml.namespace.QName; @@ -28,10 +27,12 @@ import org.apache.http.HttpStatus; import org.apache.http.ParseException; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.ClientProtocolException; import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.protocol.HttpClientContext; import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.client.BasicCredentialsProvider; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; import org.w3c.dom.Document; import org.xml.sax.EntityResolver; @@ -41,15 +42,16 @@ import org.xml.sax.SAXException; public abstract class ECPAuthenticatorBase extends Observable { protected static Log logger = LogFactory.getLog(ECPAuthenticatorBase.class); + protected ECPAuthenticationInfo authInfo; - protected DefaultHttpClient client; + protected CloseableHttpClient client; protected DocumentBuilderFactory documentBuilderFactory; protected XPathFactory xpathFactory; protected NamespaceResolver namespaceResolver; protected TransformerFactory transformerFactory; - public ECPAuthenticatorBase(DefaultHttpClient client) { - this.client = client; + public ECPAuthenticatorBase(CloseableHttpClient client) { + this.client = client == null ? HttpClients.createSystem() : client; documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); @@ -64,41 +66,31 @@ public abstract class ECPAuthenticatorBase extends Observable { } public ECPAuthenticatorBase() { - this(new DefaultHttpClient()); + this(null); } protected Document authenticateIdP(Document idpRequest) throws ECPAuthenticationException { logger.info("Sending initial IdP Request"); - client.getCredentialsProvider().setCredentials( - new AuthScope(authInfo.getIdpEcpEndpoint().getHost(), authInfo.getIdpEcpEndpoint().getPort()), + BasicCredentialsProvider bcp = new BasicCredentialsProvider(); + bcp.setCredentials(new AuthScope(authInfo.getIdpEcpEndpoint().getHost(), authInfo.getIdpEcpEndpoint().getPort()), new UsernamePasswordCredentials(authInfo.getUsername(), authInfo.getPassword())); + HttpClientContext passwordContext = HttpClientContext.create(); + passwordContext.setCredentialsProvider(bcp); + HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString()); HttpResponse httpResponse; try { httpPost.setEntity(new StringEntity(documentToString(idpRequest))); - //httpPost.setHeader("Accept", "text/xml, text/html, application/vnd.paos+xml, application/soap+xml, text/xml, */*;q=0.1"); - //httpPost.setHeader("PAOS", "ver='urn:liberty:paos:2003-08';'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'"); httpPost.setHeader("Content-Type", "text/xml; charset=utf-8"); - httpResponse = client.execute(httpPost); + httpResponse = client.execute(httpPost, passwordContext); if (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED) { throw new ECPAuthenticationException("User not authorized"); } - } catch (UnsupportedEncodingException e) { - logger.debug("Could not submit PAOS request to IdP"); - throw new ECPAuthenticationException(e); - } catch (TransformerConfigurationException e) { - logger.debug("Could not submit PAOS request to IdP"); - throw new ECPAuthenticationException(e); - } catch (ClientProtocolException e) { - logger.debug("Could not submit PAOS request to IdP"); - throw new ECPAuthenticationException(e); - } catch (TransformerException e) { - logger.debug("Could not submit PAOS request to IdP"); - throw new ECPAuthenticationException(e); - } catch (IOException e) { + } catch (Exception e) { + httpPost.reset(); logger.debug("Could not submit PAOS request to IdP"); throw new ECPAuthenticationException(e); } @@ -106,6 +98,7 @@ public abstract class ECPAuthenticatorBase extends Observable { String responseBody; try { responseBody = EntityUtils.toString(httpResponse.getEntity()); + httpPost.reset(); return buildDocumentFromString(responseBody); } catch (ParseException e) { logger.debug("Could not read response from IdP"); @@ -153,7 +146,7 @@ public abstract class ECPAuthenticatorBase extends Observable { return result.getWriter().toString(); } - public DefaultHttpClient getHttpClient() { + public CloseableHttpClient getHttpClient() { return client; } diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java index 0eb035b..54227e6 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java @@ -4,31 +4,29 @@ import java.io.IOException; import java.net.URI; import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerConfigurationException; import javax.xml.transform.TransformerException; import javax.xml.xpath.XPathConstants; import javax.xml.xpath.XPathException; -import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.client.CloseableHttpClient; import org.w3c.dom.Document; import org.w3c.dom.Node; import org.xml.sax.SAXException; public class ECPIdPAuth extends ECPAuthenticatorBase { - + public ECPIdPAuth(String username, String password, URI idpEcpEndpoint) { - this(new DefaultHttpClient(), username, password, idpEcpEndpoint); + super(); + authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, null); } - public ECPIdPAuth(DefaultHttpClient client, String username, String password, + public ECPIdPAuth(CloseableHttpClient client, String username, String password, URI idpEcpEndpoint) { super(client); - authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, null); - authInfo.setAuthState(ECPAuthState.NOT_STARTED); } - + public String authenticate(String paosMessage) throws ECPAuthenticationException { Document initResponse; @@ -70,9 +68,6 @@ public class ECPIdPAuth extends ECPAuthenticatorBase { try { return documentToString(idpResponse); - } catch (TransformerConfigurationException e) { - logger.debug("documentToString failed"); - throw new ECPAuthenticationException(e); } catch (TransformerException e) { logger.debug("documentToString failed"); throw new ECPAuthenticationException(e); -- cgit v1.2.3-55-g7522