[1.9.x] + move perConnection and perRequest authentication methods to com.ning.util.AuthenticationUtils and use them in Grizzly provider

Author: oleksiys

src/main/java/com/ning/http/client/providers/grizzly/AsyncHttpClientFilter.java

@@ -36,6 +36,8 @@
 import java.util.List;
 import java.util.Map;
 import org.glassfish.grizzly.Connection;
+import org.glassfish.grizzly.Grizzly;
+import org.glassfish.grizzly.attributes.Attribute;
 import org.glassfish.grizzly.filterchain.BaseFilter;
 import org.glassfish.grizzly.filterchain.FilterChainContext;
 import org.glassfish.grizzly.filterchain.FilterChainEvent;
@@ -61,6 +63,10 @@
 final class AsyncHttpClientFilter extends BaseFilter {
     private final static Logger LOGGER = LoggerFactory.getLogger(AsyncHttpClientFilter.class);
 
+    private final static Attribute<Boolean> USED_CONNECTION =
+            Grizzly.DEFAULT_ATTRIBUTE_BUILDER.createAttribute(
+                    AsyncHttpClientFilter.class.getName() + ".used-connection");
+    
     // Lazy NTLM instance holder
     private static class NTLM_INSTANCE_HOLDER {
         private final static NTLMEngine ntlmEngine = new NTLMEngine();
@@ -104,6 +110,13 @@ public NextAction handleEvent(final FilterChainContext ctx, final FilterChainEve
 
     private boolean sendAsGrizzlyRequest(final HttpTransactionContext httpTxCtx, final FilterChainContext ctx) throws IOException {
         final Connection connection = ctx.getConnection();
+        
+        final boolean isUsedConnection = Boolean.TRUE.equals(USED_CONNECTION.get(connection));
+        if (!isUsedConnection) {
+            USED_CONNECTION.set(connection, Boolean.TRUE);
+        }
+
+        
         final Request ahcRequest = httpTxCtx.getAhcRequest();
         if (isUpgradeRequest(httpTxCtx.getAsyncHandler()) && isWSRequest(httpTxCtx.requestUri)) {
             httpTxCtx.isWSRequest = true;
@@ -120,7 +133,7 @@ private boolean sendAsGrizzlyRequest(final HttpTransactionContext httpTxCtx, fin
             // once the tunnel is established, sendAsGrizzlyRequest will
             // be called again and we'll finally send the request over the tunnel
             return establishConnectTunnel(proxy, httpTxCtx, uri, ctx);
-        }
+        }        
         final HttpRequestPacket.Builder builder = HttpRequestPacket.builder().protocol(Protocol.HTTP_1_1).method(method);
 
         if (useProxy && !((secure || httpTxCtx.isWSRequest) &&
@@ -164,9 +177,14 @@ private boolean sendAsGrizzlyRequest(final HttpTransactionContext httpTxCtx, fin
         addHostHeaderIfNeeded(ahcRequest, uri, requestPacket);
         addServiceHeaders(requestPacket);
         addAcceptHeaders(requestPacket);
-        addAuthorizationHeader(connection, getRealm(ahcRequest), requestPacket);
+        
+        final Realm realm = getRealm(ahcRequest);
+        addAuthorizationHeader(ahcRequest, requestPacket, realm,
+                uri, proxy, isUsedConnection);
+        
         if (useProxy) {
-            addProxyHeaders(proxy, requestPacket);
+            addProxyHeaders(ahcRequest, requestPacket, realm, proxy,
+                    isUsedConnection, false);
         }
 
         ctx.notifyDownstream(new SSLSwitchingEvent(connection, secure,
@@ -193,8 +211,10 @@ private boolean establishConnectTunnel(final ProxyServer proxy,
         final Request request = httpCtx.getAhcRequest();
         addHostHeaderIfNeeded(request, uri, requestPacket);
         addServiceHeaders(requestPacket);
-        addAuthorizationHeader(connection, getRealm(request), requestPacket);
-        addProxyHeaders(proxy, requestPacket);
+        
+        final Realm realm = getRealm(request);
+        addAuthorizationHeader(request, requestPacket, realm, uri, proxy, false);
+        addProxyHeaders(request, requestPacket, realm, proxy, false, true);
 
         // turn off SSL, because CONNECT will be sent in plain mode
         ctx.notifyDownstream(new SSLSwitchingEvent(connection, false));
@@ -265,22 +285,57 @@ private boolean isPayloadAllowed(final Method method) {
         return method.getPayloadExpectation() != Method.PayloadExpectation.NOT_ALLOWED;
     }
 
-    private void addAuthorizationHeader(final Connection c, final Realm realm, final HttpRequestPacket requestPacket) {
-        if (realm != null && realm.getUsePreemptiveAuth()) {
-            final String authHeaderValue = generateAuthHeader(c, realm);
-            if (authHeaderValue != null) {
-                requestPacket.addHeader(Header.Authorization, authHeaderValue);
+    private void addAuthorizationHeader(final Request req,
+            final HttpRequestPacket requestPacket,
+            final Realm realm,
+            final Uri uri, ProxyServer proxy,
+            final boolean isUsedConnection) throws IOException {
+        
+        if (!isUsedConnection) {
+            final String conAuth =
+                    AuthenticatorUtils.perConnectionAuthorizationHeader(
+                            req, uri, proxy, realm);
+            if (conAuth != null) {
+                requestPacket.addHeader(Header.Authorization, conAuth);
             }
         }
+        
+        final String reqAuth = AuthenticatorUtils.perRequestAuthorizationHeader(
+                req, uri, realm);
+        if (reqAuth != null) {
+            requestPacket.addHeader(Header.Authorization, reqAuth);
+        }
     }
 
-    private void addProxyHeaders(final ProxyServer proxy,
-            final HttpRequestPacket requestPacket) {
+    private void addProxyHeaders(
+            final Request req,
+            final HttpRequestPacket requestPacket,
+            final Realm realm,
+            final ProxyServer proxy,
+            final boolean isUsedConnection,
+            final boolean isConnect) throws IOException {
 
         setKeepAliveForHeader(Header.ProxyConnection, requestPacket);
+        setProxyAuthorizationHeader(req, requestPacket, proxy, realm,
+                isUsedConnection, isConnect);
+    }
+
+    private void setProxyAuthorizationHeader(final Request req, final HttpRequestPacket requestPacket, final ProxyServer proxy, final Realm realm, final boolean isUsedConnection, final boolean isConnect) throws IOException {
+        final String reqAuth = AuthenticatorUtils.perRequestProxyAuthorizationHeader(
+                req, realm, proxy, isConnect);
+        
+        if (reqAuth != null) {
+            requestPacket.setHeader(Header.ProxyAuthorization, reqAuth);
+            return;
+        }
 
-        if (proxy.getPrincipal() != null) {
-            requestPacket.setHeader(Header.ProxyAuthorization, AuthenticatorUtils.computeBasicAuthentication(proxy));
+        if (!isUsedConnection) {
+            final String conAuth =
+                    AuthenticatorUtils.perConnectionProxyAuthorizationHeader(
+                            req, proxy, isConnect);
+            if (conAuth != null) {
+                requestPacket.setHeader(Header.ProxyAuthorization, conAuth);
+            }
         }
     }
 

src/main/java/com/ning/http/client/providers/netty/handler/HttpProtocol.java

@@ -47,7 +47,7 @@
 import com.ning.http.client.providers.netty.response.NettyResponseBodyPart;
 import com.ning.http.client.providers.netty.response.NettyResponseHeaders;
 import com.ning.http.client.providers.netty.response.NettyResponseStatus;
-import com.ning.http.client.providers.netty.spnego.SpnegoEngine;
+import com.ning.http.client.spnego.SpnegoEngine;
 import com.ning.http.client.uri.Uri;
 
 import java.io.IOException;

src/main/java/com/ning/http/client/providers/netty/request/NettyRequestFactory.java

@@ -14,10 +14,9 @@
 package com.ning.http.client.providers.netty.request;
 
 import static com.ning.http.client.providers.netty.ws.WebSocketUtils.getKey;
-import static com.ning.http.util.AsyncHttpProviderUtils.DEFAULT_CHARSET;
 import static com.ning.http.util.AsyncHttpProviderUtils.*;
-import static com.ning.http.util.AuthenticatorUtils.computeBasicAuthentication;
-import static com.ning.http.util.AuthenticatorUtils.computeDigestAuthentication;
+import static com.ning.http.util.AuthenticatorUtils.perRequestAuthorizationHeader;
+import static com.ning.http.util.AuthenticatorUtils.perRequestProxyAuthorizationHeader;
 import static com.ning.http.util.MiscUtils.isNonEmpty;
 
 import org.jboss.netty.buffer.ChannelBuffer;
@@ -30,12 +29,10 @@
 import com.ning.http.client.AsyncHttpClientConfig;
 import com.ning.http.client.ProxyServer;
 import com.ning.http.client.Realm;
-import com.ning.http.client.Realm.AuthScheme;
 import com.ning.http.client.Request;
 import com.ning.http.client.cookie.CookieEncoder;
 import com.ning.http.client.generators.FileBodyGenerator;
 import com.ning.http.client.generators.InputStreamBodyGenerator;
-import com.ning.http.client.ntlm.NTLMEngine;
 import com.ning.http.client.providers.netty.NettyAsyncHttpProviderConfig;
 import com.ning.http.client.providers.netty.request.body.NettyBody;
 import com.ning.http.client.providers.netty.request.body.NettyBodyBody;
@@ -46,7 +43,6 @@
 import com.ning.http.client.providers.netty.request.body.NettyFileBody;
 import com.ning.http.client.providers.netty.request.body.NettyInputStreamBody;
 import com.ning.http.client.providers.netty.request.body.NettyMultipartBody;
-import com.ning.http.client.providers.netty.spnego.SpnegoEngine;
 import com.ning.http.client.uri.Uri;
 import com.ning.http.util.StringUtils;
 
@@ -94,120 +90,6 @@ private String hostHeader(Request request, Uri uri) {
         }
     }
 
-    public String firstRequestOnlyAuthorizationHeader(Request request, Uri uri, ProxyServer proxyServer, Realm realm) throws IOException {
-        String authorizationHeader = null;
-
-        if (realm != null && realm.getUsePreemptiveAuth()) {
-            switch (realm.getScheme()) {
-            case NTLM:
-                String msg = NTLMEngine.INSTANCE.generateType1Msg();
-                authorizationHeader = "NTLM " + msg;
-                break;
-            case KERBEROS:
-            case SPNEGO:
-                String host;
-                if (proxyServer != null)
-                    host = proxyServer.getHost();
-                else if (request.getVirtualHost() != null)
-                    host = request.getVirtualHost();
-                else
-                    host = uri.getHost();
-
-                try {
-                    authorizationHeader = "Negotiate " + SpnegoEngine.INSTANCE.generateToken(host);
-                } catch (Throwable e) {
-                    throw new IOException(e);
-                }
-                break;
-            default:
-                break;
-            }
-        }
-        
-        return authorizationHeader;
-    }
-    
-    private String systematicAuthorizationHeader(Request request, Uri uri, Realm realm) {
-
-        String authorizationHeader = null;
-
-        if (realm != null && realm.getUsePreemptiveAuth() && !realm.isTargetProxy()) {
-
-            switch (realm.getScheme()) {
-            case BASIC:
-                authorizationHeader = computeBasicAuthentication(realm);
-                break;
-            case DIGEST:
-                if (isNonEmpty(realm.getNonce()))
-                    authorizationHeader = computeDigestAuthentication(realm);
-                break;
-            case NTLM:
-            case KERBEROS:
-            case SPNEGO:
-                // NTLM, KERBEROS and SPNEGO are only set on the first request, see firstRequestOnlyAuthorizationHeader
-            case NONE:
-                break;
-            default:
-                throw new IllegalStateException("Invalid Authentication " + realm);
-            }
-        }
-
-        return authorizationHeader;
-    }
-
-    public String firstRequestOnlyProxyAuthorizationHeader(Request request, ProxyServer proxyServer, boolean connect) throws IOException {
-        String proxyAuthorization = null;
-
-        if (connect) {
-            List<String> auth = request.getHeaders().get(HttpHeaders.Names.PROXY_AUTHORIZATION);
-            String ntlmHeader = getNTLM(auth);
-            if (ntlmHeader != null) {
-                proxyAuthorization = ntlmHeader;
-            }
-
-        } else if (proxyServer != null && proxyServer.getPrincipal() != null && isNonEmpty(proxyServer.getNtlmDomain())) {
-            List<String> auth = request.getHeaders().get(HttpHeaders.Names.PROXY_AUTHORIZATION);
-            if (getNTLM(auth) == null) {
-                String msg = NTLMEngine.INSTANCE.generateType1Msg();
-                proxyAuthorization = "NTLM " + msg;
-            }
-        }
-
-        return proxyAuthorization;
-    }
-    
-    private String systematicProxyAuthorizationHeader(Request request, Realm realm, ProxyServer proxyServer, boolean connect) {
-
-        String proxyAuthorization = null;
-
-        if (!connect && proxyServer != null && proxyServer.getPrincipal() != null
-                && proxyServer.getScheme() == AuthScheme.BASIC) {
-            proxyAuthorization = computeBasicAuthentication(proxyServer);
-
-        } else if (realm != null && realm.getUsePreemptiveAuth() && realm.isTargetProxy()) {
-
-            switch (realm.getScheme()) {
-            case BASIC:
-                proxyAuthorization = computeBasicAuthentication(realm);
-                break;
-            case DIGEST:
-                if (isNonEmpty(realm.getNonce()))
-                    proxyAuthorization = computeDigestAuthentication(realm);
-                break;
-            case NTLM:
-            case KERBEROS:
-            case SPNEGO:
-                // NTLM, KERBEROS and SPNEGO are only set on the first request, see firstRequestOnlyAuthorizationHeader
-            case NONE:
-                break;
-            default:
-                throw new IllegalStateException("Invalid Authentication " + realm);
-            }
-        }
-
-        return proxyAuthorization;
-    }
-
     private NettyBody body(Request request, boolean connect) throws IOException {
         NettyBody nettyBody = null;
         if (!connect) {
@@ -340,9 +222,9 @@ public NettyRequest newNettyRequest(Request request, Uri uri, boolean forceConne
         Realm realm = request.getRealm() != null ? request.getRealm() : config.getRealm();
 
         // don't override authorization but append
-        addAuthorizationHeader(headers, systematicAuthorizationHeader(request, uri, realm));
+        addAuthorizationHeader(headers, perRequestAuthorizationHeader(request, uri, realm));
 
-        setProxyAuthorizationHeader(headers, systematicProxyAuthorizationHeader(request, realm, proxyServer, connect));
+        setProxyAuthorizationHeader(headers, perRequestProxyAuthorizationHeader(request, realm, proxyServer, connect));
 
         // Add default accept headers
         if (!headers.contains(HttpHeaders.Names.ACCEPT))

src/main/java/com/ning/http/client/providers/netty/request/NettyRequestSender.java

@@ -18,6 +18,8 @@
 import static com.ning.http.util.AsyncHttpProviderUtils.REMOTELY_CLOSED_EXCEPTION;
 import static com.ning.http.util.AsyncHttpProviderUtils.getDefaultPort;
 import static com.ning.http.util.AsyncHttpProviderUtils.requestTimeout;
+import static com.ning.http.util.AuthenticatorUtils.perConnectionAuthorizationHeader;
+import static com.ning.http.util.AuthenticatorUtils.perConnectionProxyAuthorizationHeader;
 import static com.ning.http.util.ProxyUtils.avoidProxy;
 import static com.ning.http.util.ProxyUtils.getProxyServer;
 
@@ -257,8 +259,8 @@ private <T> ListenableFuture<T> sendRequestWithNewChannel(//
         HttpHeaders headers = future.getNettyRequest().getHttpRequest().headers();
         Realm realm = request.getRealm() != null ? request.getRealm() : config.getRealm();
         boolean connect = future.getNettyRequest().getHttpRequest().getMethod() == HttpMethod.CONNECT;
-        requestFactory.addAuthorizationHeader(headers, requestFactory.firstRequestOnlyAuthorizationHeader(request, uri, proxy, realm));
-        requestFactory.setProxyAuthorizationHeader(headers, requestFactory.firstRequestOnlyProxyAuthorizationHeader(request, proxy, connect));
+        requestFactory.addAuthorizationHeader(headers, perConnectionAuthorizationHeader(request, uri, proxy, realm));
+        requestFactory.setProxyAuthorizationHeader(headers, perConnectionProxyAuthorizationHeader(request, proxy, connect));
 
         // Do not throw an exception when we need an extra connection for a
         // redirect

src/main/java/com/ning/http/client/providers/netty/spnego/SpnegoEngine.java renamed to src/main/java/com/ning/http/client/spnego/SpnegoEngine.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2012 Sonatype, Inc. All rights reserved.
+ * Copyright (c) 2010-2015 Sonatype, Inc. All rights reserved.
  *
  * This program is licensed to you under the Apache License Version 2.0,
  * and you may not use this file except in compliance with the Apache License Version 2.0.
@@ -35,7 +35,7 @@
  * <http://www.apache.org/>.
  */
 
-package com.ning.http.client.providers.netty.spnego;
+package com.ning.http.client.spnego;
 
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSException;

src/main/java/com/ning/http/client/providers/netty/spnego/SpnegoTokenGenerator.java renamed to src/main/java/com/ning/http/client/spnego/SpnegoTokenGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2012 Sonatype, Inc. All rights reserved.
+ * Copyright (c) 2010-2015 Sonatype, Inc. All rights reserved.
  *
  * This program is licensed to you under the Apache License Version 2.0,
  * and you may not use this file except in compliance with the Apache License Version 2.0.
@@ -36,7 +36,7 @@
  *
  */
 
-package com.ning.http.client.providers.netty.spnego;
+package com.ning.http.client.spnego;
 
 import java.io.IOException;