下面列出了怎么用org.apache.commons.httpclient.auth.AuthScheme的API类实例代码及写法,或者点击链接到github查看源代码。
/**
* Close any authentication resources that we may still have open and perform any after-response duties that we need to perform.
* @param method The method that has been executed
* @throws IOException If any issues arise during post processing
*/
private void afterExecute(HttpMethod method) throws IOException {
AuthState hostAuthState = method.getHostAuthState();
if (hostAuthState.isPreemptive() || hostAuthState.isAuthAttempted()) {
AuthScheme authScheme = hostAuthState.getAuthScheme();
if (authScheme instanceof SpnegoAuthScheme && settings.getNetworkSpnegoAuthMutual()) {
// Perform Mutual Authentication
SpnegoAuthScheme spnegoAuthScheme = ((SpnegoAuthScheme) authScheme);
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders(WWW_AUTHENTICATE));
String id = spnegoAuthScheme.getSchemeName();
String challenge = (String) challenges.get(id.toLowerCase());
if (challenge == null) {
throw new IOException(id + " authorization challenge expected, but not found");
}
spnegoAuthScheme.ensureMutualAuth(challenge);
}
}
}
public Credentials getCredentials(AuthScheme scheme, String host, int port, boolean proxy)
throws CredentialsNotAvailableException {
if (Constants.SCHEME.equals(scheme.getSchemeName())) {
if (signer == null) {
throw new CredentialsNotAvailableException("SSHKey Signer not available");
} else {
return new SignerCredentials(signer);
}
} else {
if (this.delegatee != null) {
return this.delegatee.getCredentials(scheme, host, port, proxy);
}
}
return null;
}
private void authenticateProxy(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getProxyAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
AuthScope authscope = new AuthScope(
conn.getProxyHost(), conn.getProxyPort(),
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getProxyCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required proxy credentials not available for " + authscope);
if (method.getProxyAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"proxy credentials available");
}
}
}
}
}
private Credentials promptForCredentials(
final AuthScheme authScheme,
final HttpParams params,
final AuthScope authscope)
{
LOG.debug("Credentials required");
Credentials creds = null;
CredentialsProvider credProvider =
(CredentialsProvider)params.getParameter(CredentialsProvider.PROVIDER);
if (credProvider != null) {
try {
creds = credProvider.getCredentials(
authScheme, authscope.getHost(), authscope.getPort(), false);
} catch (CredentialsNotAvailableException e) {
LOG.warn(e.getMessage());
}
if (creds != null) {
this.state.setCredentials(authscope, creds);
if (LOG.isDebugEnabled()) {
LOG.debug(authscope + " new credentials given");
}
}
} else {
LOG.debug("Credentials provider not available");
}
return creds;
}
private Credentials promptForProxyCredentials(
final AuthScheme authScheme,
final HttpParams params,
final AuthScope authscope)
{
LOG.debug("Proxy credentials required");
Credentials creds = null;
CredentialsProvider credProvider =
(CredentialsProvider)params.getParameter(CredentialsProvider.PROVIDER);
if (credProvider != null) {
try {
creds = credProvider.getCredentials(
authScheme, authscope.getHost(), authscope.getPort(), true);
} catch (CredentialsNotAvailableException e) {
LOG.warn(e.getMessage());
}
if (creds != null) {
this.state.setProxyCredentials(authscope, creds);
if (LOG.isDebugEnabled()) {
LOG.debug(authscope + " new credentials given");
}
}
} else {
LOG.debug("Proxy credentials provider not available");
}
return creds;
}
private void authenticateProxy(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getProxyAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
AuthScope authscope = new AuthScope(
conn.getProxyHost(), conn.getProxyPort(),
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getProxyCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required proxy credentials not available for " + authscope);
if (method.getProxyAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"proxy credentials available");
}
}
}
}
}
private Credentials promptForCredentials(
final AuthScheme authScheme,
final HttpParams params,
final AuthScope authscope)
{
LOG.debug("Credentials required");
Credentials creds = null;
CredentialsProvider credProvider =
(CredentialsProvider)params.getParameter(CredentialsProvider.PROVIDER);
if (credProvider != null) {
try {
creds = credProvider.getCredentials(
authScheme, authscope.getHost(), authscope.getPort(), false);
} catch (CredentialsNotAvailableException e) {
LOG.warn(e.getMessage());
}
if (creds != null) {
this.state.setCredentials(authscope, creds);
if (LOG.isDebugEnabled()) {
LOG.debug(authscope + " new credentials given");
}
}
} else {
LOG.debug("Credentials provider not available");
}
return creds;
}
private Credentials promptForProxyCredentials(
final AuthScheme authScheme,
final HttpParams params,
final AuthScope authscope)
{
LOG.debug("Proxy credentials required");
Credentials creds = null;
CredentialsProvider credProvider =
(CredentialsProvider)params.getParameter(CredentialsProvider.PROVIDER);
if (credProvider != null) {
try {
creds = credProvider.getCredentials(
authScheme, authscope.getHost(), authscope.getPort(), true);
} catch (CredentialsNotAvailableException e) {
LOG.warn(e.getMessage());
}
if (creds != null) {
this.state.setProxyCredentials(authscope, creds);
if (LOG.isDebugEnabled()) {
LOG.debug(authscope + " new credentials given");
}
}
} else {
LOG.debug("Proxy credentials provider not available");
}
return creds;
}
/**
* Close the underlying authscheme if it is a Closeable object.
* @param method Executing method
* @throws IOException If the scheme could not be closed
*/
private void closeAuthSchemeQuietly(HttpMethod method) {
AuthScheme scheme = method.getHostAuthState().getAuthScheme();
if (scheme instanceof Closeable) {
try {
((Closeable) scheme).close();
} catch (IOException e) {
log.error("Could not close [" + scheme.getSchemeName() + "] auth scheme", e);
}
}
}
private void authenticateHost(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, WWW_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getHostAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
String host = method.getParams().getVirtualHost();
if (host == null) {
host = conn.getHost();
}
int port = conn.getPort();
AuthScope authscope = new AuthScope(
host, port,
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(WWW_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required credentials not available for " + authscope);
if (method.getHostAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"credentials available");
}
}
}
}
}
private void authenticateHost(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, WWW_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getHostAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
String host = method.getParams().getVirtualHost();
if (host == null) {
host = conn.getHost();
}
int port = conn.getPort();
AuthScope authscope = new AuthScope(
host, port,
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(WWW_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required credentials not available for " + authscope);
if (method.getHostAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"credentials available");
}
}
}
}
}
@Test
public void testAuth() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), KerberosSuite.PRINCIPAL_SERVER);
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
@Test
public void testAuthWithHostBasedServicePrincipal() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
Map<String, String> dnsMappings = new HashMap<String, String>();
dnsMappings.put("es.build.elastic.co", "127.0.0.1");
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
method.setURI(new org.apache.commons.httpclient.URI("http", null, "es.build.elastic.co", 9200));
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
// Replace scheme with test harness scheme
authScheme = new TestScheme(dnsMappings);
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
@Test
public void testAuthWithReverseLookupServicePrincipal() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
Map<String, String> dnsMappings = new HashMap<String, String>();
dnsMappings.put("es.build.elastic.co", "127.0.0.1");
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
method.setURI(new org.apache.commons.httpclient.URI("http", null, "127.0.0.1", 9200));
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
// Replace scheme with test harness scheme
authScheme = new TestScheme(dnsMappings);
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}