View Javadoc

1   /*
2    *  soapUI, copyright (C) 2004-2010 eviware.com 
3    *
4    *  soapUI is free software; you can redistribute it and/or modify it under the 
5    *  terms of version 2.1 of the GNU Lesser General Public License as published by 
6    *  the Free Software Foundation.
7    *
8    *  soapUI is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without 
9    *  even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
10   *  See the GNU Lesser General Public License for more details at gnu.org.
11   */
12  
13  package com.eviware.soapui.impl.wsdl.submit.filters;
14  
15  import java.io.IOException;
16  
17  import org.apache.commons.httpclient.Credentials;
18  import org.apache.commons.httpclient.HttpClient;
19  import org.apache.commons.httpclient.HttpMethod;
20  import org.apache.commons.httpclient.HttpState;
21  import org.apache.commons.httpclient.NTCredentials;
22  import org.apache.commons.httpclient.UsernamePasswordCredentials;
23  import org.apache.commons.httpclient.auth.AuthScheme;
24  import org.apache.commons.httpclient.auth.AuthScope;
25  import org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
26  import org.apache.commons.httpclient.auth.CredentialsProvider;
27  import org.apache.commons.httpclient.auth.NTLMScheme;
28  import org.apache.commons.httpclient.auth.RFC2617Scheme;
29  import org.apache.log4j.Logger;
30  
31  import com.eviware.soapui.impl.support.AbstractHttpRequest;
32  import com.eviware.soapui.impl.wsdl.WsdlRequest;
33  import com.eviware.soapui.impl.wsdl.submit.transports.http.BaseHttpRequestTransport;
34  import com.eviware.soapui.model.iface.SubmitContext;
35  import com.eviware.soapui.model.propertyexpansion.PropertyExpander;
36  import com.eviware.soapui.model.settings.Settings;
37  import com.eviware.soapui.settings.HttpSettings;
38  import com.eviware.soapui.support.StringUtils;
39  
40  /***
41   * RequestFilter for setting preemptive authentication and related credentials
42   */
43  
44  public class HttpAuthenticationRequestFilter extends AbstractRequestFilter
45  {
46  	@Override
47  	public void filterAbstractHttpRequest( SubmitContext context, AbstractHttpRequest<?> wsdlRequest )
48  	{
49  		String username = PropertyExpander.expandProperties( context, wsdlRequest.getUsername() );
50  
51  		// check for authorization prerequisites
52  		if( username == null || username.length() == 0 )
53  			return;
54  
55  		Settings settings = wsdlRequest.getSettings();
56  		String password = PropertyExpander.expandProperties( context, wsdlRequest.getPassword() );
57  		String domain = PropertyExpander.expandProperties( context, wsdlRequest.getDomain() );
58  
59  		String wssPasswordType = null;
60  
61  		if( wsdlRequest instanceof WsdlRequest )
62  		{
63  			wssPasswordType = PropertyExpander.expandProperties( context, ( ( WsdlRequest )wsdlRequest )
64  					.getWssPasswordType() );
65  		}
66  
67  		if( StringUtils.isNullOrEmpty( wssPasswordType ) )
68  		{
69  			initRequestCredentials( context, username, settings, password, domain );
70  		}
71  	}
72  
73  	public static void initRequestCredentials( SubmitContext context, String username, Settings settings,
74  			String password, String domain )
75  	{
76  		HttpClient httpClient = ( HttpClient )context.getProperty( BaseHttpRequestTransport.HTTP_CLIENT );
77  		HttpMethod httpMethod = ( HttpMethod )context.getProperty( BaseHttpRequestTransport.HTTP_METHOD );
78  
79  		if( StringUtils.isNullOrEmpty( username ) && StringUtils.isNullOrEmpty( password ) )
80  		{
81  			httpClient.getParams().setAuthenticationPreemptive( false );
82  			httpMethod.setDoAuthentication( false );
83  		}
84  		else
85  		{
86  			// set preemptive authentication
87  			if( settings.getBoolean( HttpSettings.AUTHENTICATE_PREEMPTIVELY ) )
88  			{
89  				httpClient.getParams().setAuthenticationPreemptive( true );
90  				HttpState state = ( HttpState )context.getProperty( SubmitContext.HTTP_STATE_PROPERTY );
91  
92  				if( state != null )
93  				{
94  					Credentials defaultcreds = new UsernamePasswordCredentials( username, password == null ? "" : password );
95  					state.setCredentials( AuthScope.ANY, defaultcreds );
96  				}
97  			}
98  			else
99  			{
100 				httpClient.getParams().setAuthenticationPreemptive( false );
101 			}
102 
103 			httpMethod.getParams().setParameter( CredentialsProvider.PROVIDER,
104 					new UPDCredentialsProvider( username, password, domain ) );
105 
106 			httpMethod.setDoAuthentication( true );
107 		}
108 	}
109 
110 	public static class UPDCredentialsProvider implements CredentialsProvider
111 	{
112 		private boolean checkedCredentials;
113 		private final static Logger logger = Logger.getLogger( WsdlRequestCredentialsProvider.class );
114 		private final String username;
115 		private final String password;
116 		private final String domain;
117 
118 		public UPDCredentialsProvider( String username, String password, String domain )
119 		{
120 			this.username = username;
121 			this.password = password == null ? "" : password;
122 			this.domain = domain;
123 		}
124 
125 		public Credentials getCredentials( final AuthScheme authscheme, final String host, int port, boolean proxy )
126 				throws CredentialsNotAvailableException
127 		{
128 			if( checkedCredentials )
129 				throw new CredentialsNotAvailableException( "Missing valid credentials" );
130 
131 			if( authscheme == null )
132 			{
133 				return null;
134 			}
135 			try
136 			{
137 				if( authscheme instanceof NTLMScheme )
138 				{
139 					logger.info( host + ":" + port + " requires Windows authentication" );
140 					return new NTCredentials( username, password, host, domain );
141 				}
142 				else if( authscheme instanceof RFC2617Scheme )
143 				{
144 					logger.info( host + ":" + port + " requires authentication with the realm '" + authscheme.getRealm()
145 							+ "'" );
146 					return new UsernamePasswordCredentials( username, password );
147 				}
148 				else
149 				{
150 					throw new CredentialsNotAvailableException( "Unsupported authentication scheme: "
151 							+ authscheme.getSchemeName() );
152 				}
153 			}
154 			catch( IOException e )
155 			{
156 				throw new CredentialsNotAvailableException( e.getMessage(), e );
157 			}
158 			finally
159 			{
160 				checkedCredentials = true;
161 			}
162 		}
163 	}
164 }