View Javadoc

1   /*
2    *  soapUI, copyright (C) 2004-2007 eviware.com 
3    *
4    *  soapUI is free software; you can redistribute it and/or modify it under the 
5    *  terms of version 2.1 of the GNU Lesser General Public License as published by 
6    *  the Free Software Foundation.
7    *
8    *  soapUI is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without 
9    *  even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
10   *  See the GNU Lesser General Public License for more details at gnu.org.
11   */
12  
13  package com.eviware.soapui.impl.wsdl.submit.filters;
14  
15  import java.io.IOException;
16  
17  import org.apache.commons.httpclient.Credentials;
18  import org.apache.commons.httpclient.HttpClient;
19  import org.apache.commons.httpclient.HttpState;
20  import org.apache.commons.httpclient.NTCredentials;
21  import org.apache.commons.httpclient.UsernamePasswordCredentials;
22  import org.apache.commons.httpclient.auth.AuthScheme;
23  import org.apache.commons.httpclient.auth.AuthScope;
24  import org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
25  import org.apache.commons.httpclient.auth.CredentialsProvider;
26  import org.apache.commons.httpclient.auth.NTLMScheme;
27  import org.apache.commons.httpclient.auth.RFC2617Scheme;
28  import org.apache.log4j.Logger;
29  
30  import com.eviware.soapui.impl.wsdl.WsdlRequest;
31  import com.eviware.soapui.impl.wsdl.submit.transports.http.BaseHttpRequestTransport;
32  import com.eviware.soapui.impl.wsdl.submit.transports.http.TimeablePostMethod;
33  import com.eviware.soapui.model.iface.SubmitContext;
34  import com.eviware.soapui.model.propertyexpansion.PropertyExpansionUtils;
35  import com.eviware.soapui.model.settings.Settings;
36  import com.eviware.soapui.settings.HttpSettings;
37  import com.eviware.soapui.support.StringUtils;
38  
39  /***
40   * RequestFilter for setting preemptive authentication and related credentials 
41   */
42  
43  public class HttpAuthenticationRequestFilter extends AbstractRequestFilter
44  {
45  	public void filterRequest(SubmitContext context, WsdlRequest wsdlRequest)
46  	{
47  		String username = PropertyExpansionUtils.expandProperties( context, wsdlRequest.getUsername());
48  		
49  		// check for authorization prerequisites
50  		if( username == null || username.length() == 0 )
51  			return;
52  		
53  		Settings settings = wsdlRequest.getSettings();
54  		String password = PropertyExpansionUtils.expandProperties( context,  wsdlRequest.getPassword() );
55  		String domain = PropertyExpansionUtils.expandProperties( context, wsdlRequest.getDomain() );
56  		
57  		String wssPasswordType = wsdlRequest.getWssPasswordType();
58  		if( StringUtils.isNullOrEmpty( wssPasswordType ))
59  		{
60  			initRequestCredentials( context, username, settings, password, domain );
61  		}
62  	}
63  
64  	public static void initRequestCredentials( SubmitContext context, String username, Settings settings, String password, String domain )
65  	{
66  		HttpClient httpClient = (HttpClient) context.getProperty( BaseHttpRequestTransport.HTTP_CLIENT );
67  		TimeablePostMethod postMethod = (TimeablePostMethod) context.getProperty( BaseHttpRequestTransport.POST_METHOD );
68  		
69  		if( StringUtils.isNullOrEmpty( username ) && StringUtils.isNullOrEmpty( password ))
70  		{
71  			httpClient.getParams().setAuthenticationPreemptive(false);
72  			postMethod.setDoAuthentication( false );
73  		}
74  		else
75  		{
76  			//	 set preemptive authentication
77  			if (settings.getBoolean(HttpSettings.AUTHENTICATE_PREEMPTIVELY))
78  			{
79  				httpClient.getParams().setAuthenticationPreemptive(true);
80  				HttpState state = (HttpState) context.getProperty( SubmitContext.HTTP_STATE_PROPERTY );
81  				
82  				if( state != null )
83  				{
84  					Credentials defaultcreds = new UsernamePasswordCredentials(username, password);
85  					state.setCredentials(AuthScope.ANY, defaultcreds);
86  				}
87  			}
88  			else
89  			{
90  				httpClient.getParams().setAuthenticationPreemptive(false);
91  			}
92  			
93  			postMethod.getParams().setParameter(CredentialsProvider.PROVIDER, 
94  						new UPDCredentialsProvider( username, password, domain ));
95  			
96  			postMethod.setDoAuthentication(true);
97  		}
98  	}
99  	
100 	public static class UPDCredentialsProvider implements CredentialsProvider
101 	{	
102 		private boolean checkedCredentials;
103 		private final static Logger logger = Logger.getLogger(WsdlRequestCredentialsProvider.class);
104 		private final String username;
105 		private final String password;
106 		private final String domain;
107 
108 		public UPDCredentialsProvider(String username, String password, String domain)
109 		{
110 			this.username = username;
111 			this.password = password;
112 			this.domain = domain;
113 		}
114 
115 		public Credentials getCredentials(final AuthScheme authscheme, final String host, int port, boolean proxy)
116 		throws CredentialsNotAvailableException
117 		{
118 			if (checkedCredentials)
119 				throw new CredentialsNotAvailableException("Missing valid credentials");
120 
121 			if (authscheme == null)
122 			{
123 				return null;
124 			}
125 			try
126 			{
127 				if (authscheme instanceof NTLMScheme)
128 				{
129 					logger.info(host + ":" + port + " requires Windows authentication");
130 					return new NTCredentials(username, password, host, domain );
131 				}
132 				else if (authscheme instanceof RFC2617Scheme)
133 				{
134 					logger.info(host + ":" + port + " requires authentication with the realm '" + authscheme.getRealm() + "'");
135 					return new UsernamePasswordCredentials(username, password);
136 				}
137 				else
138 				{
139 					throw new CredentialsNotAvailableException("Unsupported authentication scheme: "
140 							+ authscheme.getSchemeName());
141 				}
142 			}
143 			catch (IOException e)
144 			{
145 				throw new CredentialsNotAvailableException(e.getMessage(), e);
146 			}
147 			finally
148 			{
149 				checkedCredentials = true;
150 			}
151 		}
152 	}
153 }