下面列出了怎么用org.apache.commons.httpclient.auth.AuthPolicy的API类实例代码及写法,或者点击链接到github查看源代码。
/**
* Enable NTLM authentication on http client
*
* @param httpClient HttpClient instance
*/
public static void addNTLM(HttpClient httpClient) {
// disable preemptive authentication
httpClient.getParams().setParameter(HttpClientParams.PREEMPTIVE_AUTHENTICATION, false);
ArrayList<String> authPrefs = new ArrayList<>();
authPrefs.add(AuthPolicy.NTLM);
authPrefs.add(AuthPolicy.DIGEST);
authPrefs.add(AuthPolicy.BASIC);
httpClient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs);
// make sure NTLM is always active
needNTLM = true;
// separate domain from username in credentials
AuthScope authScope = new AuthScope(null, -1);
NTCredentials credentials = (NTCredentials) httpClient.getState().getCredentials(authScope);
if (credentials != null && (credentials.getDomain() == null || credentials.getDomain().isEmpty())) {
setCredentials(httpClient, credentials.getUserName(), credentials.getPassword());
}
}
public static void enableAuth(HttpClient client, Keychain keychain, KeyId keyId) {
Signer signer = new Signer(keychain, keyId);
CredentialsProvider credProvider =
(CredentialsProvider) client.getParams()
.getParameter(CredentialsProvider.PROVIDER);
CredentialsProvider newProvider;
if (credProvider instanceof SignerCredentialsProvider) {
newProvider = new SignerCredentialsProvider(signer,
((SignerCredentialsProvider) credProvider).getDelegatee());
} else {
newProvider = new SignerCredentialsProvider(signer, credProvider);
}
client.getParams().setParameter(CredentialsProvider.PROVIDER, newProvider);
AuthPolicy.registerAuthScheme(Constants.SCHEME, Http3SignatureAuthScheme.class);
List<String> schemes = new ArrayList<String>();
schemes.add(Constants.SCHEME);
Collection authSchemePriority = (Collection) DefaultHttpParams.getDefaultParams().getParameter(AuthPolicy.AUTH_SCHEME_PRIORITY);
if (authSchemePriority != null) {
schemes.addAll(authSchemePriority);
}
client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes);
}
public static void registerNTCredentials(String urlBasePath, String username, String password, String domain) throws MalformedURLException
{
client.getParams().setAuthenticationPreemptive(true);
URL url = new URL(urlBasePath);
Core.getLogger("NTLM").info(url.getHost());
Credentials defaultcreds = new NTCredentials(username, password, url.getHost(), domain);
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, restservices.util.JCIFS_NTLMScheme.class);
List<String> authpref = new ArrayList<String>();
authpref.add(AuthPolicy.NTLM);
client.getParams().setParameter("http.auth.target-scheme-pref", authpref);
client.getState().setCredentials(new AuthScope(AuthScope.ANY), defaultcreds);
}
private static void initNTLMv2() {
if (!registeredNTLM) {
try {
logger.info(" adding NTLMv2 based authentication schema for HttpClient");
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM,
com.jivesoftware.authHelper.customescheme.ntlm2.CustomNTLM2Scheme.class);
registeredNTLM = true;
} catch (Throwable e) {
logger.log(java.util.logging.Level.SEVERE,
"Could not add NTLM based on JCIFS authentication schema for HttpClient.", e);
}
}
}
private static void initKERBEROS(HttpClient httpClient) {
if (!registeredKERBEROS) {
try {
logger.info("Globally adding KERBEROS ");
System.setProperty(USE_SUBJECT_CREDS, "false");
AuthPolicy.registerAuthScheme(NEGOTIATE,
com.jivesoftware.authHelper.customescheme.negotiate.CustomNegotiateScheme.class);
registeredKERBEROS = true;
} catch (Throwable e) {
logger.log(java.util.logging.Level.SEVERE, "Could not add KERBEROS for HttpClient.", e);
}
}
}
public synchronized static void registerAuthSchemes() {
if (!REGISTERED) {
REGISTERED = true;
AuthPolicy.registerAuthScheme(NEGOTIATE, SpnegoAuthScheme.class);
AuthPolicy.registerAuthScheme(APIKEY, EsApiKeyAuthScheme.class);
}
}
@Test
public void testAuth() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), KerberosSuite.PRINCIPAL_SERVER);
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
@Test
public void testAuthWithHostBasedServicePrincipal() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
Map<String, String> dnsMappings = new HashMap<String, String>();
dnsMappings.put("es.build.elastic.co", "127.0.0.1");
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
method.setURI(new org.apache.commons.httpclient.URI("http", null, "es.build.elastic.co", 9200));
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
// Replace scheme with test harness scheme
authScheme = new TestScheme(dnsMappings);
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
@Test
public void testAuthWithReverseLookupServicePrincipal() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
Map<String, String> dnsMappings = new HashMap<String, String>();
dnsMappings.put("es.build.elastic.co", "127.0.0.1");
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
method.setURI(new org.apache.commons.httpclient.URI("http", null, "127.0.0.1", 9200));
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
// Replace scheme with test harness scheme
authScheme = new TestScheme(dnsMappings);
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
/**
* Test if NTLM auth scheme is enabled.
*
* @param httpClient HttpClient instance
* @return true if NTLM is enabled
*/
public static boolean hasNTLMorNegotiate(HttpClient httpClient) {
Object authPrefs = httpClient.getParams().getParameter(AuthPolicy.AUTH_SCHEME_PRIORITY);
return authPrefs == null || (authPrefs instanceof List<?> &&
(((Collection) authPrefs).contains(AuthPolicy.NTLM) || ((Collection) authPrefs).contains("Negotiate")));
}