Package org.codelibs.spnego
Class SpnegoHttpURLConnection
- java.lang.Object
-
- org.codelibs.spnego.SpnegoHttpURLConnection
-
public final class SpnegoHttpURLConnection extends Object
This Class may be used by custom clients as a convenience when connecting to a protected HTTP server.This mechanism is an alternative to HTTP Basic Authentication where the HTTP server does not support Basic Auth but instead has SPNEGO support (take a look at
SpnegoHttpFilter).A krb5.conf and a login.conf is required when using this class. Take a look at the spnego.sourceforge.net documentation for an example krb5.conf and login.conf file. Also, you must provide a keytab file, or a username and password, or allowtgtsessionkey.
Example usage (username/password):
public static void main(final String[] args) throws Exception { System.setProperty("java.security.krb5.conf", "krb5.conf"); System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("java.security.auth.login.config", "login.conf"); SpnegoHttpURLConnection spnego = null; try { spnego = new SpnegoHttpURLConnection("spnego-client", "dfelix", "myp@s5"); spnego.connect(new URL("http://medusa:8080/index.jsp")); System.out.println(spnego.getResponseCode()); } finally { if (null != spnego) { spnego.disconnect(); } } }Alternatively, if the server supports HTTP Basic Authentication, this Class is NOT needed and instead you can do something like the following:
public static void main(final String[] args) throws Exception { final String creds = "dfelix:myp@s5"; final String token = Base64.encode(creds.getBytes()); URL url = new URL("http://medusa:8080/index.jsp"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestProperty(Constants.AUTHZ_HEADER , Constants.BASIC_HEADER + " " + token); conn.connect(); System.out.println("Response Code:" + conn.getResponseCode()); }To see a working example and instructions on how to use a keytab, take a look at the creating a client keytab example.
Finally, the
SpnegoSOAPConnectionclass is another example of a class that uses this class.- Author:
- Darwin V. Felix
-
-
Constructor Summary
Constructors Constructor Description SpnegoHttpURLConnection(String loginModuleName)Creates an instance where the LoginContext relies on a keytab file being specified by "java.security.auth.login.config" or where LoginContext relies on tgtsessionkey.SpnegoHttpURLConnection(String loginModuleName, String username, String password)Creates an instance where the LoginContext does not require a keytab file.SpnegoHttpURLConnection(GSSCredential creds)Create an instance where the GSSCredential is specified by the parameter and where the GSSCredential is automatically disposed after use.SpnegoHttpURLConnection(GSSCredential creds, boolean dispose)Create an instance where the GSSCredential is specified by the parameter and whether the GSSCredential should be disposed after use.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddRequestProperty(String key, String value)Adds an HTTP Request property.HttpURLConnectionconnect(URL url)Opens a communications link to the resource referenced by this URL, if such a connection has not already been established.HttpURLConnectionconnect(URL url, ByteArrayOutputStream dooutput)Opens a communications link to the resource referenced by this URL, if such a connection has not already been established.voiddisconnect()Logout and clear request properties.InputStreamgetErrorStream()Returns an error stream that reads from this open connection.StringgetHeaderField(int index)Get header value at specified index.StringgetHeaderField(String name)Get header value by header name.StringgetHeaderFieldKey(int index)Get header field key at specified index.InputStreamgetInputStream()Returns an input stream that reads from this open connection.booleangetInstanceFollowRedirects()OutputStreamgetOutputStream()Returns an output stream that writes to this open connection.intgetResponseCode()Returns HTTP Status code.StringgetResponseMessage()Returns HTTP Status message.booleanisContextEstablished()Returns true if GSSContext has been established.voidrequestCredDeleg(boolean requestDelegation)Request that this GSSCredential be allowed for delegation.voidsetConfidentiality(boolean confidential)Specify if GSSContext should request Confidentiality.voidsetInstanceFollowRedirects(boolean followRedirects)voidsetMessageIntegrity(boolean integrity)Specify if GSSContext should request Message Integrity.voidsetMutualAuth(boolean mutual)Specify if GSSContext should request Mutual Auth.voidsetReplayDetection(boolean replay)Specify if if GSSContext should request should request Replay Detection.voidsetRequestMethod(String method)May override the default GET method.voidsetRequestProperty(String key, String value)Sets an HTTP Request property.voidsetSequenceDetection(boolean sequence)Specify if if GSSContext should request Sequence Detection.
-
-
-
Constructor Detail
-
SpnegoHttpURLConnection
public SpnegoHttpURLConnection(String loginModuleName) throws LoginException
Creates an instance where the LoginContext relies on a keytab file being specified by "java.security.auth.login.config" or where LoginContext relies on tgtsessionkey.- Parameters:
loginModuleName-- Throws:
LoginException
-
SpnegoHttpURLConnection
public SpnegoHttpURLConnection(GSSCredential creds)
Create an instance where the GSSCredential is specified by the parameter and where the GSSCredential is automatically disposed after use.- Parameters:
creds- credentials to use
-
SpnegoHttpURLConnection
public SpnegoHttpURLConnection(GSSCredential creds, boolean dispose)
Create an instance where the GSSCredential is specified by the parameter and whether the GSSCredential should be disposed after use.- Parameters:
creds- credentials to usedispose- true if GSSCredential should be diposed after use
-
SpnegoHttpURLConnection
public SpnegoHttpURLConnection(String loginModuleName, String username, String password) throws LoginException
Creates an instance where the LoginContext does not require a keytab file. However, the "java.security.auth.login.config" property must still be set prior to instantiating this object.- Parameters:
loginModuleName-username-password-- Throws:
LoginException
-
-
Method Detail
-
connect
public HttpURLConnection connect(URL url) throws GSSException, PrivilegedActionException, IOException
Opens a communications link to the resource referenced by this URL, if such a connection has not already been established.This implementation simply calls this objects connect(URL, ByteArrayOutputStream) method but passing in a null for the second argument.
- Parameters:
url-- Returns:
- an HttpURLConnection object
- Throws:
GSSExceptionPrivilegedActionExceptionIOException- See Also:
URLConnection.connect()
-
connect
public HttpURLConnection connect(URL url, ByteArrayOutputStream dooutput) throws GSSException, PrivilegedActionException, IOException
Opens a communications link to the resource referenced by this URL, if such a connection has not already been established.- Parameters:
url-dooutput- optional message/payload to send to server- Returns:
- an HttpURLConnection object
- Throws:
GSSExceptionPrivilegedActionExceptionIOException- See Also:
URLConnection.connect()
-
disconnect
public void disconnect()
Logout and clear request properties.- See Also:
HttpURLConnection.disconnect()
-
isContextEstablished
public boolean isContextEstablished()
Returns true if GSSContext has been established.- Returns:
- true if GSSContext has been established, false otherwise.
-
addRequestProperty
public void addRequestProperty(String key, String value)
Adds an HTTP Request property.- Parameters:
key- request property namevalue- request propery value- See Also:
URLConnection.addRequestProperty(String, String)
-
setRequestProperty
public void setRequestProperty(String key, String value)
Sets an HTTP Request property.- Parameters:
key- request property namevalue- request property value- See Also:
URLConnection.setRequestProperty(String, String)
-
getErrorStream
public InputStream getErrorStream() throws IOException
Returns an error stream that reads from this open connection.- Returns:
- error stream that reads from this open connection
- Throws:
IOException- See Also:
HttpURLConnection.getErrorStream()
-
getHeaderField
public String getHeaderField(int index)
Get header value at specified index.- Parameters:
index-- Returns:
- header value at specified index
-
getHeaderField
public String getHeaderField(String name)
Get header value by header name.- Parameters:
name- name header- Returns:
- header value
- See Also:
URLConnection.getHeaderField(String)
-
getHeaderFieldKey
public String getHeaderFieldKey(int index)
Get header field key at specified index.- Parameters:
index-- Returns:
- header field key at specified index
-
getInstanceFollowRedirects
public boolean getInstanceFollowRedirects()
- Returns:
- true if it should follow redirects
- See Also:
HttpURLConnection.getInstanceFollowRedirects()
-
setInstanceFollowRedirects
public void setInstanceFollowRedirects(boolean followRedirects)
- Parameters:
followRedirects-- See Also:
HttpURLConnection.setInstanceFollowRedirects(boolean)
-
getInputStream
public InputStream getInputStream() throws IOException
Returns an input stream that reads from this open connection.- Returns:
- input stream that reads from this open connection
- Throws:
IOException- See Also:
URLConnection.getInputStream()
-
getOutputStream
public OutputStream getOutputStream() throws IOException
Returns an output stream that writes to this open connection.- Returns:
- output stream that writes to this connections
- Throws:
IOException- See Also:
URLConnection.getOutputStream()
-
getResponseCode
public int getResponseCode() throws IOExceptionReturns HTTP Status code.- Returns:
- HTTP Status Code
- Throws:
IOException- See Also:
HttpURLConnection.getResponseCode()
-
getResponseMessage
public String getResponseMessage() throws IOException
Returns HTTP Status message.- Returns:
- HTTP Status Message
- Throws:
IOException- See Also:
HttpURLConnection.getResponseMessage()
-
requestCredDeleg
public void requestCredDeleg(boolean requestDelegation)
Request that this GSSCredential be allowed for delegation.- Parameters:
requestDelegation- true to allow/request delegation
-
setConfidentiality
public void setConfidentiality(boolean confidential)
Specify if GSSContext should request Confidentiality. Default is true.- Parameters:
confidential- pass true for confidentiality
-
setMessageIntegrity
public void setMessageIntegrity(boolean integrity)
Specify if GSSContext should request Message Integrity. Default is true.- Parameters:
integrity- pass true for message integrity
-
setMutualAuth
public void setMutualAuth(boolean mutual)
Specify if GSSContext should request Mutual Auth. Default is true.- Parameters:
mutual- pass true for mutual authentication
-
setReplayDetection
public void setReplayDetection(boolean replay)
Specify if if GSSContext should request should request Replay Detection. Default is true.- Parameters:
replay- pass true for replay detection
-
setRequestMethod
public void setRequestMethod(String method)
May override the default GET method.- Parameters:
method-- See Also:
HttpURLConnection.setRequestMethod(String)
-
setSequenceDetection
public void setSequenceDetection(boolean sequence)
Specify if if GSSContext should request Sequence Detection. Default is true.- Parameters:
sequence- pass true for sequence detection
-
-