From bd999de22f4ff49521c608d66879d07218753c43 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 8 Aug 2017 13:55:14 +0200
Subject: Update apache httpclient, minor cleanups
---
pom.xml | 4 +-
.../kit/scc/dei/ecplean/ECPAuthenticationInfo.java | 1 +
.../edu/kit/scc/dei/ecplean/ECPAuthenticator.java | 27 +++++--------
.../kit/scc/dei/ecplean/ECPAuthenticatorBase.java | 45 +++++++++-------------
.../java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java | 17 +++-----
5 files changed, 38 insertions(+), 56 deletions(-)
diff --git a/pom.xml b/pom.xml
index aeb1c82..8499597 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
4.0.0
org.openslx.ecp
ecp-client-lean
- 0.0.2-SNAPSHOT
+ 0.0.3-SNAPSHOT
Lean ECP Client
ECP Client w/o OpenSAML Libs
@@ -38,7 +38,7 @@
org.apache.httpcomponents
httpclient
- [4.1,4.2.99]
+ [4.5.3,4.5.99]
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java
index 0fc8b90..dca424f 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticationInfo.java
@@ -17,6 +17,7 @@ public class ECPAuthenticationInfo {
this.password = password;
this.idpEcpEndpoint = idpEcpEndpoint;
this.spUrl = spUrl;
+ this.authState = ECPAuthState.NOT_STARTED;
}
public String getUsername() {
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
index 60833a1..ce41f62 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
@@ -13,8 +13,7 @@ import org.apache.http.ParseException;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.params.HttpParams;
+import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -23,24 +22,19 @@ import org.xml.sax.SAXException;
public class ECPAuthenticator extends ECPAuthenticatorBase {
- public ECPAuthenticator(DefaultHttpClient client, String username, String password,
+ public ECPAuthenticator(CloseableHttpClient client, String username, String password,
URI idpEcpEndpoint, URI spUrl) {
super(client);
authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl);
- authInfo.setAuthState(ECPAuthState.NOT_STARTED);
}
public ECPAuthenticator(String username, String password,
URI idpEcpEndpoint, URI spUrl) {
- this(new DefaultHttpClient(), username, password, idpEcpEndpoint, spUrl);
- HttpParams params = client.getParams();
- params.setParameter("http.socket.timeout", 6000);
- params.setParameter("http.connection.timeout", 3000);
- params.setParameter("http.connection-manager.timeout", new Long(3000));
- params.setParameter("http.protocol.head-body-timeout", 5000);
+ super();
+ authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl);
}
- public void authenticate() throws ECPAuthenticationException {
+ public HttpResponse authenticate() throws ECPAuthenticationException {
logger.info("Starting authentication");
logger.info("Contacting SP " + authInfo.getSpUrl());
@@ -59,6 +53,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
try {
httpResponse = client.execute(httpGet);
responseBody = EntityUtils.toString(httpResponse.getEntity());
+ httpGet.reset();
} catch (IOException | ParseException e) {
logger.debug("Initial SP Request failed");
throw new ECPAuthenticationException(e);
@@ -123,7 +118,8 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
try {
httpPost.setEntity(new StringEntity(documentToString(idpResponse)));
httpResponse = client.execute(httpPost);
- responseBody = EntityUtils.toString(httpResponse.getEntity());
+ logger.info("Asserting resulted in " + httpResponse.getStatusLine());
+ httpPost.reset();
} catch (TransformerException | IOException e) {
logger.debug("Could not post assertion back to SP");
throw new ECPAuthenticationException(e);
@@ -133,14 +129,11 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
httpGet = new HttpGet(authInfo.getSpUrl().toString());
try {
httpResponse = client.execute(httpGet);
- responseBody = EntityUtils.toString(httpResponse.getEntity());
-
- logger.info(responseBody);
- } catch (IOException | ParseException e) {
+ } catch (IOException e) {
logger.debug("Could not request original URL");
throw new ECPAuthenticationException(e);
}
-
+ return httpResponse;
}
private String getStatusCode(Document idpResponse) {
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
index 048f1c7..84122bb 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
@@ -3,7 +3,6 @@ package edu.kit.scc.dei.ecplean;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
import java.util.Observable;
import javax.xml.namespace.QName;
@@ -28,10 +27,12 @@ import org.apache.http.HttpStatus;
import org.apache.http.ParseException;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.w3c.dom.Document;
import org.xml.sax.EntityResolver;
@@ -41,15 +42,16 @@ import org.xml.sax.SAXException;
public abstract class ECPAuthenticatorBase extends Observable {
protected static Log logger = LogFactory.getLog(ECPAuthenticatorBase.class);
+
protected ECPAuthenticationInfo authInfo;
- protected DefaultHttpClient client;
+ protected CloseableHttpClient client;
protected DocumentBuilderFactory documentBuilderFactory;
protected XPathFactory xpathFactory;
protected NamespaceResolver namespaceResolver;
protected TransformerFactory transformerFactory;
- public ECPAuthenticatorBase(DefaultHttpClient client) {
- this.client = client;
+ public ECPAuthenticatorBase(CloseableHttpClient client) {
+ this.client = client == null ? HttpClients.createSystem() : client;
documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
@@ -64,41 +66,31 @@ public abstract class ECPAuthenticatorBase extends Observable {
}
public ECPAuthenticatorBase() {
- this(new DefaultHttpClient());
+ this(null);
}
protected Document authenticateIdP(Document idpRequest)
throws ECPAuthenticationException {
logger.info("Sending initial IdP Request");
- client.getCredentialsProvider().setCredentials(
- new AuthScope(authInfo.getIdpEcpEndpoint().getHost(), authInfo.getIdpEcpEndpoint().getPort()),
+ BasicCredentialsProvider bcp = new BasicCredentialsProvider();
+ bcp.setCredentials(new AuthScope(authInfo.getIdpEcpEndpoint().getHost(), authInfo.getIdpEcpEndpoint().getPort()),
new UsernamePasswordCredentials(authInfo.getUsername(), authInfo.getPassword()));
+ HttpClientContext passwordContext = HttpClientContext.create();
+ passwordContext.setCredentialsProvider(bcp);
+
HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString());
HttpResponse httpResponse;
try {
httpPost.setEntity(new StringEntity(documentToString(idpRequest)));
- //httpPost.setHeader("Accept", "text/xml, text/html, application/vnd.paos+xml, application/soap+xml, text/xml, */*;q=0.1");
- //httpPost.setHeader("PAOS", "ver='urn:liberty:paos:2003-08';'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'");
httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");
- httpResponse = client.execute(httpPost);
+ httpResponse = client.execute(httpPost, passwordContext);
if (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED) {
throw new ECPAuthenticationException("User not authorized");
}
- } catch (UnsupportedEncodingException e) {
- logger.debug("Could not submit PAOS request to IdP");
- throw new ECPAuthenticationException(e);
- } catch (TransformerConfigurationException e) {
- logger.debug("Could not submit PAOS request to IdP");
- throw new ECPAuthenticationException(e);
- } catch (ClientProtocolException e) {
- logger.debug("Could not submit PAOS request to IdP");
- throw new ECPAuthenticationException(e);
- } catch (TransformerException e) {
- logger.debug("Could not submit PAOS request to IdP");
- throw new ECPAuthenticationException(e);
- } catch (IOException e) {
+ } catch (Exception e) {
+ httpPost.reset();
logger.debug("Could not submit PAOS request to IdP");
throw new ECPAuthenticationException(e);
}
@@ -106,6 +98,7 @@ public abstract class ECPAuthenticatorBase extends Observable {
String responseBody;
try {
responseBody = EntityUtils.toString(httpResponse.getEntity());
+ httpPost.reset();
return buildDocumentFromString(responseBody);
} catch (ParseException e) {
logger.debug("Could not read response from IdP");
@@ -153,7 +146,7 @@ public abstract class ECPAuthenticatorBase extends Observable {
return result.getWriter().toString();
}
- public DefaultHttpClient getHttpClient() {
+ public CloseableHttpClient getHttpClient() {
return client;
}
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java
index 0eb035b..54227e6 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java
@@ -4,31 +4,29 @@ import java.io.IOException;
import java.net.URI;
import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathException;
-import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.client.CloseableHttpClient;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
public class ECPIdPAuth extends ECPAuthenticatorBase {
-
+
public ECPIdPAuth(String username, String password,
URI idpEcpEndpoint) {
- this(new DefaultHttpClient(), username, password, idpEcpEndpoint);
+ super();
+ authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, null);
}
- public ECPIdPAuth(DefaultHttpClient client, String username, String password,
+ public ECPIdPAuth(CloseableHttpClient client, String username, String password,
URI idpEcpEndpoint) {
super(client);
-
authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, null);
- authInfo.setAuthState(ECPAuthState.NOT_STARTED);
}
-
+
public String authenticate(String paosMessage) throws ECPAuthenticationException {
Document initResponse;
@@ -70,9 +68,6 @@ public class ECPIdPAuth extends ECPAuthenticatorBase {
try {
return documentToString(idpResponse);
- } catch (TransformerConfigurationException e) {
- logger.debug("documentToString failed");
- throw new ECPAuthenticationException(e);
} catch (TransformerException e) {
logger.debug("documentToString failed");
throw new ECPAuthenticationException(e);
--
cgit v1.2.3-55-g7522