1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.client5.testing.classic;
29
30 import java.io.IOException;
31 import java.util.ArrayList;
32 import java.util.List;
33
34 import org.apache.hc.client5.testing.auth.AuthResult;
35 import org.apache.hc.client5.testing.auth.AuthenticationHandler;
36 import org.apache.hc.client5.testing.auth.Authenticator;
37 import org.apache.hc.client5.testing.auth.BasicAuthenticationHandler;
38 import org.apache.hc.core5.http.ClassicHttpRequest;
39 import org.apache.hc.core5.http.ClassicHttpResponse;
40 import org.apache.hc.core5.http.Header;
41 import org.apache.hc.core5.http.HttpException;
42 import org.apache.hc.core5.http.HttpHeaders;
43 import org.apache.hc.core5.http.HttpStatus;
44 import org.apache.hc.core5.http.NameValuePair;
45 import org.apache.hc.core5.http.io.HttpServerRequestHandler;
46 import org.apache.hc.core5.http.io.entity.EntityUtils;
47 import org.apache.hc.core5.http.io.entity.StringEntity;
48 import org.apache.hc.core5.http.message.BasicClassicHttpResponse;
49 import org.apache.hc.core5.http.message.BasicNameValuePair;
50 import org.apache.hc.core5.http.protocol.HttpContext;
51 import org.apache.hc.core5.net.URIAuthority;
52 import org.apache.hc.core5.util.Args;
53
54 public class AuthenticatingDecorator implements HttpServerRequestHandler {
55
56 private final HttpServerRequestHandler requestHandler;
57 private final AuthenticationHandler<String> authenticationHandler;
58 private final Authenticator authenticator;
59
60
61
62
63 public AuthenticatingDecorator(final HttpServerRequestHandler requestHandler,
64 final AuthenticationHandler<String> authenticationHandler,
65 final Authenticator authenticator) {
66 this.requestHandler = Args.notNull(requestHandler, "Request handler");
67 this.authenticationHandler = Args.notNull(authenticationHandler, "Authentication handler");
68 this.authenticator = Args.notNull(authenticator, "Authenticator");
69 }
70
71 public AuthenticatingDecorator(final HttpServerRequestHandler requestHandler,
72 final Authenticator authenticator) {
73 this(requestHandler, new BasicAuthenticationHandler(), authenticator);
74 }
75
76 protected void customizeUnauthorizedResponse(final ClassicHttpResponse unauthorized) {
77 }
78
79 @Override
80 public void handle(
81 final ClassicHttpRequest request,
82 final ResponseTrigger responseTrigger,
83 final HttpContext context) throws HttpException, IOException {
84 final Header h = request.getFirstHeader(HttpHeaders.AUTHORIZATION);
85 final String challengeResponse = h != null ? authenticationHandler.extractAuthToken(h.getValue()) : null;
86
87 final URIAuthority authority = request.getAuthority();
88 final String requestUri = request.getRequestUri();
89
90 final AuthResult authResult = authenticator.perform(authority, requestUri, challengeResponse);
91 final Header expect = request.getFirstHeader(HttpHeaders.EXPECT);
92 final boolean expectContinue = expect != null && "100-continue".equalsIgnoreCase(expect.getValue());
93
94 if (authResult.isSuccess()) {
95 if (expectContinue) {
96 responseTrigger.sendInformation(new BasicClassicHttpResponse(HttpStatus.SC_CONTINUE));
97 }
98 requestHandler.handle(request, responseTrigger, context);
99 } else {
100 final ClassicHttpResponse unauthorized = new BasicClassicHttpResponse(HttpStatus.SC_UNAUTHORIZED);
101 final List<NameValuePair> challengeParams = new ArrayList<>();
102 final String realm = authenticator.getRealm(authority, requestUri);
103 if (realm != null) {
104 challengeParams.add(new BasicNameValuePair("realm", realm));
105 }
106 if (authResult.hasParams()) {
107 challengeParams.addAll(authResult.getParams());
108 }
109 final String challenge = authenticationHandler.challenge(challengeParams);
110 unauthorized.addHeader(HttpHeaders.WWW_AUTHENTICATE, challenge);
111 customizeUnauthorizedResponse(unauthorized);
112 if (unauthorized.getEntity() == null) {
113 unauthorized.setEntity(new StringEntity("Unauthorized"));
114 }
115 if (expectContinue || request.getEntity() == null) {
116
117 responseTrigger.submitResponse(unauthorized);
118
119 EntityUtils.consume(request.getEntity());
120 } else {
121
122 EntityUtils.consume(request.getEntity());
123
124 responseTrigger.submitResponse(unauthorized);
125 }
126 }
127 }
128
129 }