org.apache.commons.httpclient.auth.AuthPolicy Java Examples
The following examples show how to use
org.apache.commons.httpclient.auth.AuthPolicy.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: DavGatewayHttpClientFacade.java From davmail with GNU General Public License v2.0 | 6 votes |
|
/**
* Enable NTLM authentication on http client
*
* @param httpClient HttpClient instance
*/
public static void addNTLM(HttpClient httpClient) {
// disable preemptive authentication
httpClient.getParams().setParameter(HttpClientParams.PREEMPTIVE_AUTHENTICATION, false);
ArrayList<String> authPrefs = new ArrayList<>();
authPrefs.add(AuthPolicy.NTLM);
authPrefs.add(AuthPolicy.DIGEST);
authPrefs.add(AuthPolicy.BASIC);
httpClient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs);
// make sure NTLM is always active
needNTLM = true;
// separate domain from username in credentials
AuthScope authScope = new AuthScope(null, -1);
NTCredentials credentials = (NTCredentials) httpClient.getState().getCredentials(authScope);
if (credentials != null && (credentials.getDomain() == null || credentials.getDomain().isEmpty())) {
setCredentials(httpClient, credentials.getUserName(), credentials.getPassword());
}
}
Example #2
| Source File: Http3Util.java From httpsig-java with The Unlicense | 6 votes |
|
public static void enableAuth(HttpClient client, Keychain keychain, KeyId keyId) {
Signer signer = new Signer(keychain, keyId);
CredentialsProvider credProvider =
(CredentialsProvider) client.getParams()
.getParameter(CredentialsProvider.PROVIDER);
CredentialsProvider newProvider;
if (credProvider instanceof SignerCredentialsProvider) {
newProvider = new SignerCredentialsProvider(signer,
((SignerCredentialsProvider) credProvider).getDelegatee());
} else {
newProvider = new SignerCredentialsProvider(signer, credProvider);
}
client.getParams().setParameter(CredentialsProvider.PROVIDER, newProvider);
AuthPolicy.registerAuthScheme(Constants.SCHEME, Http3SignatureAuthScheme.class);
List<String> schemes = new ArrayList<String>();
schemes.add(Constants.SCHEME);
Collection authSchemePriority = (Collection) DefaultHttpParams.getDefaultParams().getParameter(AuthPolicy.AUTH_SCHEME_PRIORITY);
if (authSchemePriority != null) {
schemes.addAll(authSchemePriority);
}
client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes);
}
Example #3
| Source File: RestConsumer.java From RestServices with Apache License 2.0 | 5 votes |
|
public static void registerNTCredentials(String urlBasePath, String username, String password, String domain) throws MalformedURLException
{
client.getParams().setAuthenticationPreemptive(true);
URL url = new URL(urlBasePath);
Core.getLogger("NTLM").info(url.getHost());
Credentials defaultcreds = new NTCredentials(username, password, url.getHost(), domain);
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, restservices.util.JCIFS_NTLMScheme.class);
List<String> authpref = new ArrayList<String>();
authpref.add(AuthPolicy.NTLM);
client.getParams().setParameter("http.auth.target-scheme-pref", authpref);
client.getState().setCredentials(new AuthScope(AuthScope.ANY), defaultcreds);
}
Example #4
| Source File: CredentialsUtils.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
|
private static void initNTLMv2() {
if (!registeredNTLM) {
try {
logger.info(" adding NTLMv2 based authentication schema for HttpClient");
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM,
com.jivesoftware.authHelper.customescheme.ntlm2.CustomNTLM2Scheme.class);
registeredNTLM = true;
} catch (Throwable e) {
logger.log(java.util.logging.Level.SEVERE,
"Could not add NTLM based on JCIFS authentication schema for HttpClient.", e);
}
}
}
Example #5
| Source File: CredentialsUtils.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
|
private static void initKERBEROS(HttpClient httpClient) {
if (!registeredKERBEROS) {
try {
logger.info("Globally adding KERBEROS ");
System.setProperty(USE_SUBJECT_CREDS, "false");
AuthPolicy.registerAuthScheme(NEGOTIATE,
com.jivesoftware.authHelper.customescheme.negotiate.CustomNegotiateScheme.class);
registeredKERBEROS = true;
} catch (Throwable e) {
logger.log(java.util.logging.Level.SEVERE, "Could not add KERBEROS for HttpClient.", e);
}
}
}
Example #6
| Source File: EsHadoopAuthPolicies.java From elasticsearch-hadoop with Apache License 2.0 | 5 votes |
|
public synchronized static void registerAuthSchemes() {
if (!REGISTERED) {
REGISTERED = true;
AuthPolicy.registerAuthScheme(NEGOTIATE, SpnegoAuthScheme.class);
AuthPolicy.registerAuthScheme(APIKEY, EsApiKeyAuthScheme.class);
}
}
Example #7
| Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
|
@Test
public void testAuth() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), KerberosSuite.PRINCIPAL_SERVER);
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
Example #8
| Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
|
@Test
public void testAuthWithHostBasedServicePrincipal() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
Map<String, String> dnsMappings = new HashMap<String, String>();
dnsMappings.put("es.build.elastic.co", "127.0.0.1");
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
method.setURI(new org.apache.commons.httpclient.URI("http", null, "es.build.elastic.co", 9200));
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
// Replace scheme with test harness scheme
authScheme = new TestScheme(dnsMappings);
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
Example #9
| Source File: AbstractSpnegoAuthSchemeTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
|
@Test
public void testAuthWithReverseLookupServicePrincipal() throws Exception {
// Configure logins
Configuration configuration = new Configuration();
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
UserGroupInformation.setConfiguration(configuration);
// Login as Client and Execute Test
UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath());
client.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpParams params = new HttpClientParams();
// Order auth schemes
EsHadoopAuthPolicies.registerAuthSchemes();
List<String> authPreferences = new ArrayList<String>();
authPreferences.add(EsHadoopAuthPolicies.NEGOTIATE);
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPreferences);
AuthChallengeProcessor authChallengeProcessor = new AuthChallengeProcessor(params);
Map<String, String> dnsMappings = new HashMap<String, String>();
dnsMappings.put("es.build.elastic.co", "127.0.0.1");
TestMethod method = new TestMethod();
method.setHeaders(new Header[]{new Header("WWW-Authenticate", "Negotiate")});
method.setURI(new org.apache.commons.httpclient.URI("http", null, "127.0.0.1", 9200));
Credentials credentials = new SpnegoCredentials(HadoopUserProvider.create(new TestSettings()), "HTTP/[email protected]");
// Parse Challenge
Map challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders("WWW-Authenticate"));
assertThat(challenges.isEmpty(), not(true));
assertThat(challenges.containsKey("negotiate"), is(true));
assertThat(challenges.get("negotiate"), is("Negotiate"));
AuthScheme scheme = authChallengeProcessor.processChallenge(method.getHostAuthState(), challenges);
assertNotNull(scheme);
assertThat(scheme, instanceOf(SpnegoAuthScheme.class));
method.getHostAuthState().setAuthAttempted(true);
// Execute Auth
Header[] authHeaders = method.getRequestHeaders("Authorization");
for (Header authHeader : authHeaders) {
if (authHeader.isAutogenerated()) {
method.removeRequestHeader(authHeader);
}
}
AuthState authState = method.getHostAuthState();
AuthScheme authScheme = authState.getAuthScheme();
assertNotNull(authScheme);
assertThat(authScheme.isConnectionBased(), is(not(true)));
// Replace scheme with test harness scheme
authScheme = new TestScheme(dnsMappings);
String authString = authScheme.authenticate(credentials, method);
assertNotNull(authString);
assertThat(authString, startsWith("Negotiate "));
method.addRequestHeader(new Header("Authorization", authString, true));
return null;
}
});
}
Example #10
| Source File: DavGatewayHttpClientFacade.java From davmail with GNU General Public License v2.0 | 2 votes |
|
/**
* Test if NTLM auth scheme is enabled.
*
* @param httpClient HttpClient instance
* @return true if NTLM is enabled
*/
public static boolean hasNTLMorNegotiate(HttpClient httpClient) {
Object authPrefs = httpClient.getParams().getParameter(AuthPolicy.AUTH_SCHEME_PRIORITY);
return authPrefs == null || (authPrefs instanceof List<?> &&
(((Collection) authPrefs).contains(AuthPolicy.NTLM) || ((Collection) authPrefs).contains("Negotiate")));
}
