1 /*
2 * ====================================================================
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 * ====================================================================
20 *
21 * This software consists of voluntary contributions made by many
22 * individuals on behalf of the Apache Software Foundation. For more
23 * information on the Apache Software Foundation, please see
24 * <http://www.apache.org/>.
25 *
26 */
27 package org.apache.hc.client5.http.impl;
28
29 import java.security.Principal;
30
31 import javax.net.ssl.SSLSession;
32
33 import org.apache.hc.client5.http.HttpRoute;
34 import org.apache.hc.client5.http.UserTokenHandler;
35 import org.apache.hc.client5.http.auth.AuthExchange;
36 import org.apache.hc.client5.http.auth.AuthScheme;
37 import org.apache.hc.client5.http.protocol.HttpClientContext;
38 import org.apache.hc.core5.annotation.Contract;
39 import org.apache.hc.core5.annotation.ThreadingBehavior;
40 import org.apache.hc.core5.http.protocol.HttpContext;
41
42 /**
43 * Default implementation of {@link UserTokenHandler}. This class will use
44 * an instance of {@link Principal} as a state object for HTTP connections,
45 * if it can be obtained from the given execution context. This helps ensure
46 * persistent connections created with a particular user identity within
47 * a particular security context can be reused by the same user only.
48 * <p>
49 * DefaultUserTokenHandler will use the user principal of connection
50 * based authentication schemes such as NTLM or that of the SSL session
51 * with the client authentication turned on. If both are unavailable,
52 * {@code null} token will be returned.
53 * </p>
54 *
55 * @since 4.0
56 */
57 @Contract(threading = ThreadingBehavior.STATELESS)
58 public class DefaultUserTokenHandler implements UserTokenHandler {
59
60 public static final DefaultUserTokenHandlererTokenHandler.html#DefaultUserTokenHandler">DefaultUserTokenHandler INSTANCE = new DefaultUserTokenHandler();
61
62 @Override
63 public Object getUserToken(final HttpRoute route, final HttpContext context) {
64
65 final HttpClientContext clientContext = HttpClientContext.adapt(context);
66
67 Principal userPrincipal = null;
68
69 final AuthExchange targetAuthExchnage = clientContext.getAuthExchange(route.getTargetHost());
70 if (targetAuthExchnage != null) {
71 userPrincipal = getAuthPrincipal(targetAuthExchnage);
72 if (userPrincipal == null && route.getProxyHost() != null) {
73 final AuthExchange proxyAuthExchange = clientContext.getAuthExchange(route.getProxyHost());
74 userPrincipal = getAuthPrincipal(proxyAuthExchange);
75 }
76 }
77
78 if (userPrincipal == null) {
79 final SSLSession sslSession = clientContext.getSSLSession();
80 if (sslSession != null) {
81 userPrincipal = sslSession.getLocalPrincipal();
82 }
83 }
84
85 return userPrincipal;
86 }
87
88 private static Principal getAuthPrincipal(final AuthExchange authExchange) {
89 final AuthScheme scheme = authExchange.getAuthScheme();
90 if (scheme != null && scheme.isConnectionBased()) {
91 return scheme.getPrincipal();
92 }
93 return null;
94 }
95
96 }