/*
* Copyright 2004-2014 SmartBear Software
*
* Licensed under the EUPL, Version 1.1 or - as soon as they will be approved by the European Commission - subsequent
* versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
*
* http://ec.europa.eu/idabc/eupl
*
* Unless required by applicable law or agreed to in writing, software distributed under the Licence is
* distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the Licence for the specific language governing permissions and limitations
* under the Licence.
*/
package com.eviware.soapui.impl.wsdl.submit.filters;
import com.eviware.soapui.config.CredentialsConfig.AuthType;
import com.eviware.soapui.config.CredentialsConfig.AuthType.Enum;
import com.eviware.soapui.impl.support.AbstractHttpRequest;
import com.eviware.soapui.impl.wsdl.WsdlRequest;
import com.eviware.soapui.impl.wsdl.submit.transports.http.BaseHttpRequestTransport;
import com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport;
import com.eviware.soapui.model.iface.SubmitContext;
import com.eviware.soapui.model.propertyexpansion.PropertyExpander;
import com.eviware.soapui.model.settings.Settings;
import com.eviware.soapui.settings.HttpSettings;
import com.eviware.soapui.support.StringUtils;
import org.apache.http.Header;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.params.AuthPolicy;
import org.apache.http.client.protocol.ClientContext;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.auth.NTLMSchemeFactory;
import org.apache.http.impl.auth.NegotiateSchemeFactory;
import org.apache.http.protocol.HttpContext;
import org.apache.log4j.Logger;
import java.net.InetAddress;
import java.net.UnknownHostException;
/**
* RequestFilter for setting preemptive authentication and related credentials
*/
public class HttpAuthenticationRequestFilter extends AbstractRequestFilter {
@Override
public void filterAbstractHttpRequest(SubmitContext context, AbstractHttpRequest<?> wsdlRequest) {
String username = PropertyExpander.expandProperties(context, wsdlRequest.getUsername());
// check for authorization prerequisites
if (username == null || username.length() == 0) {
return;
}
Settings settings = wsdlRequest.getSettings();
String password = PropertyExpander.expandProperties(context, wsdlRequest.getPassword());
String domain = PropertyExpander.expandProperties(context, wsdlRequest.getDomain());
Enum authType = Enum.forString(wsdlRequest.getAuthType());
registerSpnegoAuthSchemeFactory(authType);
String wssPasswordType = null;
if (wsdlRequest instanceof WsdlRequest) {
wssPasswordType = PropertyExpander.expandProperties(context,
((WsdlRequest) wsdlRequest).getWssPasswordType());
}
if (StringUtils.isNullOrEmpty(wssPasswordType)) {
initRequestCredentials(context, username, settings, password, domain, authType);
}
}
private void registerSpnegoAuthSchemeFactory(Enum authtype) {
// Due to a bug in apache http client 4.1.1 (HTTPCLIENT-1107) the user must explicitly set the auth type on the request.
// For more info, see SOAP-1021
if (authtype == AuthType.NTLM) {
HttpClientSupport.getHttpClient().getAuthSchemes().register(AuthPolicy.SPNEGO, new NTLMSchemeFactory());
} else if (authtype == AuthType.SPNEGO_KERBEROS) {
HttpClientSupport.getHttpClient().getAuthSchemes().register(AuthPolicy.SPNEGO, new NegotiateSchemeFactory(null, true));
}
}
public static void initRequestCredentials(SubmitContext context, String username, Settings settings,
String password, String domain, Enum authType) {
HttpRequestBase httpMethod = (HttpRequestBase) context.getProperty(BaseHttpRequestTransport.HTTP_METHOD);
HttpContext httpContext = (HttpContext) context.getProperty(SubmitContext.HTTP_STATE_PROPERTY);
if (!StringUtils.isNullOrEmpty(username) && !StringUtils.isNullOrEmpty(password)) {
// set preemptive authentication
if ((authType.equals(AuthType.GLOBAL_HTTP_SETTINGS) && settings.getBoolean(HttpSettings.AUTHENTICATE_PREEMPTIVELY))
|| authType.equals(AuthType.PREEMPTIVE)) {
UsernamePasswordCredentials creds = new UsernamePasswordCredentials(username, password);
Header header = BasicScheme.authenticate(creds, "utf-8", false);
httpMethod.removeHeaders("Authorization");
httpMethod.addHeader(header);
}
}
httpContext.setAttribute(ClientContext.CREDS_PROVIDER, new UPDCredentialsProvider(username, password, domain));
}
public static class UPDCredentialsProvider implements CredentialsProvider {
private boolean checkedCredentials;
private final static Logger logger = Logger.getLogger(UPDCredentialsProvider.class);
private final String username;
private final String password;
private final String domain;
public UPDCredentialsProvider(String username, String password, String domain) {
this.username = username;
this.password = password == null ? "" : password;
this.domain = domain;
}
public Credentials getCredentials(final AuthScope authScope) {
if (checkedCredentials) {
return null;
}
if (authScope == null) {
throw new IllegalArgumentException("Authentication scope may not be null");
}
try {
if (AuthPolicy.NTLM.equalsIgnoreCase(authScope.getScheme())) {
logger.info(authScope.getHost() + ":" + authScope.getPort() + " requires Windows authentication");
String workstation = "";
try {
workstation = InetAddress.getLocalHost().getHostName();
} catch (UnknownHostException e) {
}
return new NTCredentials(username, password, workstation, domain);
} else if (AuthPolicy.BASIC.equalsIgnoreCase(authScope.getScheme())
|| AuthPolicy.DIGEST.equalsIgnoreCase(authScope.getScheme())
|| AuthPolicy.SPNEGO.equalsIgnoreCase(authScope.getScheme())) {
logger.info(authScope.getHost() + ":" + authScope.getPort()
+ " requires authentication with the realm '" + authScope.getRealm() + "'");
return new UsernamePasswordCredentials(username, password);
}
} finally {
checkedCredentials = true;
}
return null;
}
public void clear() {
}
public void setCredentials(final AuthScope authscope, final Credentials credentials) {
}
}
}