nl.nn.adapterframework.http

Class HttpSessionBase

java.lang.Object

nl.nn.adapterframework.http.HttpSessionBase

All Implemented Interfaces:

IConfigurationAware, IScopeProvider, HasKeystore, HasTruststore, ConfigurableLifecycle, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.context.Lifecycle

Direct Known Subclasses:

HttpSenderBase, HttpSession

public abstract class HttpSessionBase
extends Object
implements ConfigurableLifecycle, HasKeystore, HasTruststore

Note 1: Some certificates require the <java_home>/jre/lib/security/xxx_policy.jar files to be upgraded to unlimited strength. Typically, in such a case, an error message like Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters is observed. For IBM JDKs these files can be downloaded from http://www.ibm.com/developerworks/java/jdk/security/50/ (scroll down to 'IBM SDK Policy files')

Replace in the directory java\jre\lib\security the following files:

• local_policy.jar
• US_export_policy.jar

Note 2: To debug ssl-related problems, set the following system property:

• IBM / WebSphere: -Djavax.net.debug=true
• SUN: -Djavax.net.debug=all

Note 3: In case javax.net.ssl.SSLHandshakeException: unknown certificate-exceptions are thrown, probably the certificate of the other party is not trusted. Try to use one of the certificates in the path as your truststore by doing the following:

• open the URL you are trying to reach in InternetExplorer
• click on the yellow padlock on the right in the bottom-bar. This opens the certificate information window
• click on tab 'Certificeringspad'
• double click on root certificate in the tree displayed. This opens the certificate information window for the root certificate
• click on tab 'Details'
• click on 'Kopieren naar bestand'
• click 'next', choose 'DER Encoded Binary X.509 (.CER)'
• click 'next', choose a filename
• click 'next' and 'finish'
• Start IBM key management tool ikeyman.bat, located in Program Files/IBM/WebSphere Studio/Application Developer/v5.1.2/runtimes/base_v51/bin (or similar)
• create a new key-database (Sleuteldatabase -> Nieuw...), or open the default key.jks (default password="changeit")
• add the generated certificate (Toevoegen...)
• store the key-database in JKS format
• if you didn't use the standard keydatabase, then reference the file in the truststore-attribute in Configuration.xml (include the file as a resource)
• use jks for the truststoreType-attribute
• restart your application
• instead of IBM ikeyman you can use the standard java tool keytool as follows: keytool -import -alias yourAlias -file pathToSavedCertificate

Note 4: In case cannot create or initialize SocketFactory: (IOException) Unable to verify MAC-exceptions are thrown, please check password or authAlias configuration of the corresponding certificate.

Since:

7.0

Author:

Niels Meijer

Field Summary

Fields

Modifier and Type	Field and Description
protected org.apache.logging.log4j.Logger	log

Constructor Summary

Constructors

Constructor and Description
HttpSessionBase()

Method Summary

Modifier and Type	Method and Description
boolean	areCookiesDisabled()
protected void	buildHttpClient()
void	configure() Configure this component.
void	configureConnectionManager() In order to support multiThreading and connectionPooling.
protected org.apache.http.HttpResponse	execute(URI targetUri, org.apache.http.client.methods.HttpRequestBase httpRequestBase)
protected org.apache.http.conn.ssl.SSLConnectionSocketFactory	getSSLConnectionSocketFactory()
protected URI	getURI(String url) Makes sure only http(s) requests can be performed.
boolean	isRunning()
protected void	preAuthenticate()
void	setAllowSelfSignedCertificates(boolean allowSelfSignedCertificates) If true, self signed certificates are accepted
void	setAuthAlias(String string) Authentication alias used for authentication to the host
void	setAuthDomain(String string) Deprecated.
void	setAuthenticatedTokenRequest(boolean authenticatedTokenRequest) if set true, clientId and clientSecret will be added as Basic Authentication header to the tokenRequest, instead of as request parameters
void	setClientAlias(String clientAuthAlias) Alias used to obtain client_id and client_secret for authentication to tokenEndpoint
void	setClientId(String clientId) Client_id used in authentication to tokenEndpoint
void	setClientSecret(String clientSecret) Client_secret used in authentication to tokenEndpoint
void	setConnectionIdleTimeout(int idleTimeout) Maximum Time for connection to stay idle in the pool.
void	setConnectionTimeToLive(int timeToLive) Maximum Time to Live for connections in the pool.
void	setDisableCookies(boolean disableCookies) Disables the use of cookies, making the sender completely stateless
void	setFollowRedirects(boolean b) If true, a redirect request will be honoured, e.g.
protected void	setHttpClient(org.apache.http.impl.client.CloseableHttpClient httpClient)
void	setIgnoreCertificateExpiredException(boolean b) If true, CertificateExpiredExceptions are ignored
void	setIgnoreRedirects(boolean b) If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successful
void	setKeyManagerAlgorithm(String keyManagerAlgorithm) Key manager algorithm.
void	setKeystore(String string) resource URL to keystore or certificate to be used for authentication.
void	setKeystoreAlias(String string) Alias to obtain specific certificate or key in keystore
void	setKeystoreAliasAuthAlias(String string) Authentication alias to authenticate access to certificate or key indicated by keystoreAlias
void	setKeystoreAliasPassword(String string) Default password to authenticate access to certificate or key indicated by keystoreAlias
void	setKeystoreAuthAlias(String string) Authentication alias used to obtain keystore password
void	setKeystorePassword(String string) Default password to access keystore
void	setKeystoreType(KeystoreType value) Type of keystore
void	setMaxConnections(int i) The maximum number of concurrent connections
void	setMaxExecuteRetries(int i) The maximum number of times the execution is retried
void	setPassword(String string) Password used for authentication to the host
void	setPrefillProxyAuthCache(boolean b) Create a pre-emptive login context for the proxy connection(s).
void	setProtocol(String protocol) Secure socket protocol (such as 'SSL' and 'TLS') to use when a SSLContext object is generated.
void	setProxyAuthAlias(String string) Alias used to obtain credentials for authentication to proxy
void	setProxyHost(String string) Proxy host
void	setProxyPassword(String string) Proxy password
void	setProxyPort(int i) Proxy port
void	setProxyRealm(String string) Proxy realm
void	setProxyUsername(String string) Proxy username
void	setScope(String string) Space or comma separated list of scope items requested for accessToken, e.g.
void	setStaleChecking(boolean b) Controls whether connections checked to be stale, i.e.
void	setStaleTimeout(int timeout) Used when StaleChecking=true.
void	setTimeout(int i) Timeout in ms of obtaining a connection/result.
void	setTokenEndpoint(String string) Endpoint to obtain OAuth accessToken.
void	setTokenExpiry(int value) If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed.
void	setTrustManagerAlgorithm(String trustManagerAlgorithm) Trust manager algorithm.
void	setTruststore(String string) Resource url to truststore.
void	setTruststoreAuthAlias(String string) Authentication alias used to obtain truststore password
void	setTruststorePassword(String string) Default password to access truststore
void	setTruststoreType(KeystoreType value) Type of truststore
void	setUsername(String username) Username used for authentication to the host
void	setVerifyHostname(boolean b) If true, the hostname in the certificate will be checked against the actual hostname of the peer
void	start()
void	stop()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface nl.nn.adapterframework.encryption.HasKeystore

getKeyManagerAlgorithm, getKeystore, getKeystoreAlias, getKeystoreAliasAuthAlias, getKeystoreAliasPassword, getKeystoreAuthAlias, getKeystorePassword, getKeystoreType

Methods inherited from interface nl.nn.adapterframework.core.IConfigurationAware

getApplicationContext, getName

Methods inherited from interface nl.nn.adapterframework.core.IScopeProvider

getConfigurationClassLoader

Methods inherited from interface org.springframework.context.ApplicationContextAware

setApplicationContext

Methods inherited from interface nl.nn.adapterframework.encryption.HasTruststore

getTrustManagerAlgorithm, getTruststore, getTruststoreAuthAlias, getTruststorePassword, getTruststoreType, isAllowSelfSignedCertificates, isIgnoreCertificateExpiredException, isVerifyHostname

Field Detail

log

protected final org.apache.logging.log4j.Logger log

Constructor Detail

HttpSessionBase

public HttpSessionBase()

Method Detail

getURI

protected URI getURI(String url)
              throws URISyntaxException

Makes sure only http(s) requests can be performed.

Throws:

URISyntaxException

configure

public void configure()
               throws ConfigurationException

Description copied from interface: ConfigurableLifecycle

Configure this component.

In the case of a container, this will propagate the start signal to all components that apply.

Specified by:

configure in interface ConfigurableLifecycle

Throws:

ConfigurationException - in case it was not able to configure the component.

configureConnectionManager

public void configureConnectionManager()

In order to support multiThreading and connectionPooling. The connectionManager has to be initialized with a sslSocketFactory. The pool must be re-created once closed.

start

public void start()

Specified by:

start in interface org.springframework.context.Lifecycle

buildHttpClient

protected void buildHttpClient()

setHttpClient

protected void setHttpClient(org.apache.http.impl.client.CloseableHttpClient httpClient)

isRunning

public boolean isRunning()

Specified by:

isRunning in interface org.springframework.context.Lifecycle

stop

public void stop()

Specified by:

stop in interface org.springframework.context.Lifecycle

preAuthenticate

protected void preAuthenticate()

getSSLConnectionSocketFactory

@Nonnull
protected org.apache.http.conn.ssl.SSLConnectionSocketFactory getSSLConnectionSocketFactory()
                                                                                              throws ConfigurationException

Throws:

ConfigurationException

execute

protected org.apache.http.HttpResponse execute(URI targetUri,
                                               org.apache.http.client.methods.HttpRequestBase httpRequestBase)
                                        throws IOException

Throws:

IOException

setTimeout

public void setTimeout(int i)

Timeout in ms of obtaining a connection/result. 0 means no timeout

Default value

10000

setMaxConnections

public void setMaxConnections(int i)

The maximum number of concurrent connections

Default value

10

setMaxExecuteRetries

public void setMaxExecuteRetries(int i)

The maximum number of times the execution is retried

Default value

1 (for repeatable messages) else 0

setAuthAlias

public void setAuthAlias(String string)

Authentication alias used for authentication to the host

setUsername

public void setUsername(String username)

Username used for authentication to the host

setAuthDomain

@Deprecated
 @ConfigurationWarning(value="Please use the UPN or the full sAM-AccountName instead")
public void setAuthDomain(String string)

Deprecated.

Corporate domain name. Should only be used in combination with sAMAccountName, never with an UPN.

Assuming the following user:
UPN: john.doe@CorpDomain.biz
sAMAccountName: CORPDOMAIN\john.doe

The username attribute may be set to john.doe
The AuthDomain attribute may be set to CORPDOMAIN

setPassword

public void setPassword(String string)

Password used for authentication to the host

setTokenEndpoint

public void setTokenEndpoint(String string)

Endpoint to obtain OAuth accessToken. If authAlias or username( and password) are specified, then a PasswordGrant is used, otherwise a ClientCredentials grant. The obtained accessToken will be added to the regular requests in an HTTP Header 'Authorization' with a 'Bearer' prefix.

setTokenExpiry

public void setTokenExpiry(int value)

If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed. Otherwise the token will be refreshed when it is half way its lifetime as defined by the expires_in clause of the token response, or when the regular server returns a 401 status with a challenge. If not specified, and the accessTokens lifetime is not found in the token response, the accessToken will not be refreshed preemptively.

Default value

-1

setClientAlias

public void setClientAlias(String clientAuthAlias)

Alias used to obtain client_id and client_secret for authentication to tokenEndpoint

setClientId

public void setClientId(String clientId)

Client_id used in authentication to tokenEndpoint

setClientSecret

public void setClientSecret(String clientSecret)

Client_secret used in authentication to tokenEndpoint

setScope

public void setScope(String string)

Space or comma separated list of scope items requested for accessToken, e.g. read write. Only used when tokenEndpoint is specified

setAuthenticatedTokenRequest

public void setAuthenticatedTokenRequest(boolean authenticatedTokenRequest)

if set true, clientId and clientSecret will be added as Basic Authentication header to the tokenRequest, instead of as request parameters

setProxyHost

public void setProxyHost(String string)

Proxy host

setProxyPort

public void setProxyPort(int i)

Proxy port

Default value

80

setProxyAuthAlias

public void setProxyAuthAlias(String string)

Alias used to obtain credentials for authentication to proxy

setProxyUsername

public void setProxyUsername(String string)

Proxy username

Default value

setProxyPassword

public void setProxyPassword(String string)

Proxy password

Default value

setProxyRealm

public void setProxyRealm(String string)

Proxy realm

Default value

setPrefillProxyAuthCache

public void setPrefillProxyAuthCache(boolean b)

Create a pre-emptive login context for the proxy connection(s).

setDisableCookies

public void setDisableCookies(boolean disableCookies)

Disables the use of cookies, making the sender completely stateless

Default value

false

areCookiesDisabled

public boolean areCookiesDisabled()

setKeystore

public void setKeystore(String string)

resource URL to keystore or certificate to be used for authentication. If none specified, the JVMs default keystore will be used.

Specified by:

setKeystore in interface HasKeystore

setKeystoreType

public void setKeystoreType(KeystoreType value)

Description copied from interface: HasKeystore

Type of keystore

Specified by:

setKeystoreType in interface HasKeystore

setKeystoreAuthAlias

public void setKeystoreAuthAlias(String string)

Description copied from interface: HasKeystore

Authentication alias used to obtain keystore password

Specified by:

setKeystoreAuthAlias in interface HasKeystore

setKeystorePassword

public void setKeystorePassword(String string)

Description copied from interface: HasKeystore

Default password to access keystore

Specified by:

setKeystorePassword in interface HasKeystore

setKeyManagerAlgorithm

public void setKeyManagerAlgorithm(String keyManagerAlgorithm)

Description copied from interface: HasKeystore

Key manager algorithm. Can be left empty to use the servers default algorithm

Specified by:

setKeyManagerAlgorithm in interface HasKeystore

setKeystoreAlias

public void setKeystoreAlias(String string)

Description copied from interface: HasKeystore

Alias to obtain specific certificate or key in keystore

Specified by:

setKeystoreAlias in interface HasKeystore

setKeystoreAliasAuthAlias

public void setKeystoreAliasAuthAlias(String string)

Description copied from interface: HasKeystore

Authentication alias to authenticate access to certificate or key indicated by keystoreAlias

Specified by:

setKeystoreAliasAuthAlias in interface HasKeystore

setKeystoreAliasPassword

public void setKeystoreAliasPassword(String string)

Description copied from interface: HasKeystore

Default password to authenticate access to certificate or key indicated by keystoreAlias

Specified by:

setKeystoreAliasPassword in interface HasKeystore

setTruststore

public void setTruststore(String string)

Description copied from interface: HasTruststore

Resource url to truststore. If none specified, the JVMs default truststore will be used.

Specified by:

setTruststore in interface HasTruststore

setTruststoreAuthAlias

public void setTruststoreAuthAlias(String string)

Description copied from interface: HasTruststore

Authentication alias used to obtain truststore password

Specified by:

setTruststoreAuthAlias in interface HasTruststore

setTruststorePassword

public void setTruststorePassword(String string)

Description copied from interface: HasTruststore

Default password to access truststore

Specified by:

setTruststorePassword in interface HasTruststore

setTruststoreType

public void setTruststoreType(KeystoreType value)

Description copied from interface: HasTruststore

Type of truststore

Specified by:

setTruststoreType in interface HasTruststore

setTrustManagerAlgorithm

public void setTrustManagerAlgorithm(String trustManagerAlgorithm)

Description copied from interface: HasTruststore

Trust manager algorithm. Can be left empty to use the servers default algorithm

Specified by:

setTrustManagerAlgorithm in interface HasTruststore

setVerifyHostname

public void setVerifyHostname(boolean b)

Description copied from interface: HasTruststore

If true, the hostname in the certificate will be checked against the actual hostname of the peer

Specified by:

setVerifyHostname in interface HasTruststore

setAllowSelfSignedCertificates

public void setAllowSelfSignedCertificates(boolean allowSelfSignedCertificates)

Description copied from interface: HasTruststore

If true, self signed certificates are accepted

Specified by:

setAllowSelfSignedCertificates in interface HasTruststore

setIgnoreCertificateExpiredException

public void setIgnoreCertificateExpiredException(boolean b)

Description copied from interface: HasTruststore

If true, CertificateExpiredExceptions are ignored

Specified by:

setIgnoreCertificateExpiredException in interface HasTruststore

setFollowRedirects

public void setFollowRedirects(boolean b)

If true, a redirect request will be honoured, e.g. to switch to HTTPS

Default value

true

setIgnoreRedirects

public void setIgnoreRedirects(boolean b)

If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successful

Default value

false

setStaleChecking

public void setStaleChecking(boolean b)

Controls whether connections checked to be stale, i.e. appear open, but are not.

Default value

true

setStaleTimeout

public void setStaleTimeout(int timeout)

Used when StaleChecking=true. Timeout after which an idle connection will be validated before being used.

Default value

5000 ms

setConnectionTimeToLive

public void setConnectionTimeToLive(int timeToLive)

Maximum Time to Live for connections in the pool. No connection will be re-used past its timeToLive value.

Default value

900 s

setConnectionIdleTimeout

public void setConnectionIdleTimeout(int idleTimeout)

Maximum Time for connection to stay idle in the pool. Connections that are idle longer will periodically be evicted from the pool

Default value

10 s

setProtocol

public void setProtocol(String protocol)

Secure socket protocol (such as 'SSL' and 'TLS') to use when a SSLContext object is generated.

Default value

SSL