Class AbstractHttpSession

java.lang.Object
org.frankframework.http.AbstractHttpSession
All Implemented Interfaces:
AdapterAware, IConfigurationAware, IScopeProvider, HasKeystore, HasTruststore, ConfigurableLifecycle, HasStatistics, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.context.Lifecycle, org.springframework.context.Phased, org.springframework.context.SmartLifecycle
Direct Known Subclasses:
AbstractHttpSender, HttpSession

public abstract class AbstractHttpSession extends Object implements ConfigurableLifecycle, HasKeystore, HasTruststore, HasStatistics, AdapterAware

Note 1: Some certificates require the <java_home>/jre/lib/security/xxx_policy.jar files to be upgraded to unlimited strength. Typically, in such a case, an error message like Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters is observed. For IBM JDKs these files can be downloaded from http://www.ibm.com/developerworks/java/jdk/security/50/ (scroll down to 'IBM SDK Policy files')

Replace in the directory java\jre\lib\security the following files:
  • local_policy.jar
  • US_export_policy.jar

Note 2: To debug ssl-related problems, set the following system property:

  • -Djavax.net.debug=all

Note 3: In case javax.net.ssl.SSLHandshakeException: unknown certificate exceptions are thrown, probably the certificate of the other party is not trusted. Try to use one of the certificates in the path as your truststore by doing the following:

  • open the URL you are trying to reach in InternetExplorer
  • click on the yellow padlock on the right in the bottom-bar. This opens the certificate information window
  • click on tab 'Certificeringspad'
  • double click on root certificate in the tree displayed. This opens the certificate information window for the root certificate
  • click on tab 'Details'
  • click on 'Kopieren naar bestand'
  • click 'next', choose 'DER Encoded Binary X.509 (.CER)'
  • click 'next', choose a filename
  • click 'next' and 'finish'
  • Start IBM key management tool ikeyman.bat, located in Program Files/IBM/WebSphere Studio/Application Developer/v5.1.2/runtimes/base_v51/bin (or similar)
  • create a new key-database (Sleuteldatabase -> Nieuw...), or open the default key.jks (default password="changeit")
  • add the generated certificate (Toevoegen...)
  • store the key-database in JKS format
  • if you didn't use the standard keydatabase, then reference the file in the truststore-attribute in Configuration.xml (include the file as a resource)
  • use jks for the truststoreType-attribute
  • restart your application
  • instead of IBM ikeyman you can use the standard java tool keytool as follows: keytool -import -alias yourAlias -file pathToSavedCertificate

Note 4: In case cannot create or initialize SocketFactory: (IOException) Unable to verify MAC exceptions are thrown, please check password or authAlias configuration of the corresponding certificate.

Since:
7.0
Author:
Niels Meijer
  • Field Details

    • log

      protected final org.apache.logging.log4j.Logger log
    • AUTHENTICATION_METHOD_KEY

      public static final String AUTHENTICATION_METHOD_KEY
      See Also:
  • Constructor Details

    • AbstractHttpSession

      public AbstractHttpSession()
  • Method Details

    • getURI

      protected URI getURI(@Nonnull String url) throws URISyntaxException
      Makes sure only http(s) requests can be performed.
      Throws:
      URISyntaxException
    • configure

      public void configure() throws ConfigurationException
      Description copied from interface: ConfigurableLifecycle
      Configure this component.

      In the case of a container, this will propagate the start signal to all components that apply.

      Specified by:
      configure in interface ConfigurableLifecycle
      Throws:
      ConfigurationException - in case it was not able to configure the component.
    • start

      public void start()
      Specified by:
      start in interface org.springframework.context.Lifecycle
    • setHttpClient

      protected void setHttpClient(org.apache.http.impl.client.CloseableHttpClient httpClient)
    • setHttpContext

      protected void setHttpContext(org.apache.http.client.protocol.HttpClientContext httpContext)
    • isRunning

      public boolean isRunning()
      Specified by:
      isRunning in interface org.springframework.context.Lifecycle
    • stop

      public void stop()
      Specified by:
      stop in interface org.springframework.context.Lifecycle
    • getCredentials

      public org.apache.http.auth.Credentials getCredentials()
    • getSSLConnectionSocketFactory

      @Nonnull protected org.apache.http.conn.ssl.SSLConnectionSocketFactory getSSLConnectionSocketFactory() throws ConfigurationException
      Throws:
      ConfigurationException
    • execute

      protected org.apache.http.HttpResponse execute(URI targetUri, org.apache.http.client.methods.HttpRequestBase httpRequestBase, PipeLineSession session) throws IOException
      Throws:
      IOException
    • setTimeout

      public void setTimeout(int i)
      Timeout in ms of obtaining a connection/result.
      Default value
      10000
    • setMaxConnections

      public void setMaxConnections(int i)
      The maximum number of concurrent connections
      Default value
      10
    • setMaxExecuteRetries

      public void setMaxExecuteRetries(int i)
      The maximum number of times the execution is retried
      Default value
      1 (for repeatable messages) else 0
    • setAuthAlias

      public void setAuthAlias(String string)
      Authentication alias used for authentication to the host
    • setUsername

      public void setUsername(String username)
      Username used for authentication to the host
    • setAuthDomain

      @Deprecated @ConfigurationWarning("Please use the UPN or the full sAM-AccountName instead") public void setAuthDomain(String string)
      Deprecated.
      Corporate domain name. Should only be used in combination with sAMAccountName, never with an UPN.

      Assuming the following user:
      UPN: john.doe@CorpDomain.biz
      sAMAccountName: CORPDOMAIN\john.doe

      The username attribute may be set to john.doe
      The AuthDomain attribute may be set to CORPDOMAIN
    • setPassword

      public void setPassword(String string)
      Password used for authentication to the host
    • setTokenEndpoint

      public void setTokenEndpoint(String string)
      Endpoint to obtain OAuth accessToken. If authAlias or username( and password) are specified, then a PasswordGrant is used, otherwise a ClientCredentials grant. The obtained accessToken will be added to the regular requests in an HTTP Header 'Authorization' with a 'Bearer' prefix.
    • setTokenExpiry

      public void setTokenExpiry(int value)
      If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed. Otherwise the token will be refreshed when it is half way its lifetime as defined by the expires_in clause of the token response, or when the regular server returns a 401 status with a challenge. If not specified, and the accessTokens lifetime is not found in the token response, the accessToken will not be refreshed preemptively.
      Default value
      -1
    • setClientAlias

      public void setClientAlias(String clientAuthAlias)
      Alias used to obtain client_id and client_secret for authentication to tokenEndpoint
    • setClientId

      public void setClientId(String clientId)
      Client_id used in authentication to tokenEndpoint
    • setClientSecret

      public void setClientSecret(String clientSecret)
      Client_secret used in authentication to tokenEndpoint
    • setScope

      public void setScope(String string)
      Space or comma separated list of scope items requested for accessToken, e.g. read write. Only used when tokenEndpoint is specified
    • setAuthenticatedTokenRequest

      @Deprecated(forRemoval=true, since="9.0") @ConfigurationWarning("Use oauthAuthenticationMethod to set this behaviour") public void setAuthenticatedTokenRequest(boolean authenticatedTokenRequest)
      Deprecated, for removal: This API element is subject to removal in a future version.
      if set true, clientId and clientSecret will be added as Basic Authentication header to the tokenRequest, instead of as request parameters
    • setOauthAuthenticationMethod

      public void setOauthAuthenticationMethod(AbstractHttpSession.OauthAuthenticationMethod oauthAuthenticationMethod)
      Only used when tokenEndpoint has been configured. Sets the OAuth authentication method and controls which authentication flow should be used.
    • setSamlNameId

      public void setSamlNameId(String samlNameId)
      The nameId to be added during the creation of the SAML assertion.
    • setSamlIssuer

      public void setSamlIssuer(String samlIssuer)
      The issuer to be added during the creation of the SAML assertion.
    • setSamlAudience

      public void setSamlAudience(String samlAudience)
      The audience to be added during the creation of the SAML assertion.
    • setSamlAssertionExpiry

      public void setSamlAssertionExpiry(int expiry)
      The time to live (in seconds) until the generated SAML assertion should be valid. A new assertion will be generated when the previous assertion is no longer valid.
    • setProxyHost

      public void setProxyHost(String string)
      Proxy host
    • setProxyPort

      public void setProxyPort(int i)
      Proxy port
      Default value
      80
    • setProxyAuthAlias

      public void setProxyAuthAlias(String string)
      Alias used to obtain credentials for authentication to proxy
    • setProxyUsername

      public void setProxyUsername(String string)
      Proxy username
      Default value
    • setProxyPassword

      public void setProxyPassword(String string)
      Proxy password
      Default value
    • setProxyRealm

      public void setProxyRealm(String string)
      Proxy realm
      Default value
    • setPrefillProxyAuthCache

      public void setPrefillProxyAuthCache(boolean b)
      Create a pre-emptive login context for the proxy connection(s).
    • setDisableCookies

      public void setDisableCookies(boolean disableCookies)
      Disables the use of cookies, making the sender completely stateless
      Default value
      false
    • areCookiesDisabled

      public boolean areCookiesDisabled()
    • setKeystore

      public void setKeystore(String string)
      resource URL to keystore or certificate to be used for authentication. If none specified, the JVMs default keystore will be used.
      Specified by:
      setKeystore in interface HasKeystore
    • setKeystoreType

      public void setKeystoreType(KeystoreType value)
      Description copied from interface: HasKeystore
      Type of keystore
      Specified by:
      setKeystoreType in interface HasKeystore
    • setKeystoreAuthAlias

      public void setKeystoreAuthAlias(String string)
      Description copied from interface: HasKeystore
      Authentication alias used to obtain keystore password
      Specified by:
      setKeystoreAuthAlias in interface HasKeystore
    • setKeystorePassword

      public void setKeystorePassword(String string)
      Description copied from interface: HasKeystore
      Default password to access keystore
      Specified by:
      setKeystorePassword in interface HasKeystore
    • setKeyManagerAlgorithm

      public void setKeyManagerAlgorithm(String keyManagerAlgorithm)
      Description copied from interface: HasKeystore
      Key manager algorithm. Can be left empty to use the servers default algorithm
      Specified by:
      setKeyManagerAlgorithm in interface HasKeystore
    • setKeystoreAlias

      public void setKeystoreAlias(String string)
      Description copied from interface: HasKeystore
      Alias to obtain specific certificate or key in keystore
      Specified by:
      setKeystoreAlias in interface HasKeystore
    • setKeystoreAliasAuthAlias

      public void setKeystoreAliasAuthAlias(String string)
      Description copied from interface: HasKeystore
      Authentication alias to authenticate access to certificate or key indicated by keystoreAlias
      Specified by:
      setKeystoreAliasAuthAlias in interface HasKeystore
    • setKeystoreAliasPassword

      public void setKeystoreAliasPassword(String string)
      Description copied from interface: HasKeystore
      Default password to authenticate access to certificate or key indicated by keystoreAlias
      Specified by:
      setKeystoreAliasPassword in interface HasKeystore
    • setTruststore

      public void setTruststore(String string)
      Resource URL to truststore to be used for authenticating peer. If none specified, the JVMs default truststore will be used.
      Specified by:
      setTruststore in interface HasTruststore
    • setTruststoreAuthAlias

      public void setTruststoreAuthAlias(String string)
      Description copied from interface: HasTruststore
      Authentication alias used to obtain truststore password
      Specified by:
      setTruststoreAuthAlias in interface HasTruststore
    • setTruststorePassword

      public void setTruststorePassword(String string)
      Description copied from interface: HasTruststore
      Default password to access truststore
      Specified by:
      setTruststorePassword in interface HasTruststore
    • setTruststoreType

      public void setTruststoreType(KeystoreType value)
      Description copied from interface: HasTruststore
      Type of truststore
      Specified by:
      setTruststoreType in interface HasTruststore
    • setTrustManagerAlgorithm

      public void setTrustManagerAlgorithm(String trustManagerAlgorithm)
      Description copied from interface: HasTruststore
      Trust manager algorithm. Can be left empty to use the servers default algorithm
      Specified by:
      setTrustManagerAlgorithm in interface HasTruststore
    • setVerifyHostname

      @Unsafe public void setVerifyHostname(boolean b)
      Description copied from interface: HasTruststore
      If true, the hostname in the certificate will be checked against the actual hostname of the peer
      Specified by:
      setVerifyHostname in interface HasTruststore
    • setAllowSelfSignedCertificates

      @Unsafe public void setAllowSelfSignedCertificates(boolean allowSelfSignedCertificates)
      Description copied from interface: HasTruststore
      If true, self signed certificates are accepted
      Specified by:
      setAllowSelfSignedCertificates in interface HasTruststore
    • setIgnoreCertificateExpiredException

      @Unsafe public void setIgnoreCertificateExpiredException(boolean b)
      Description copied from interface: HasTruststore
      If true, CertificateExpiredExceptions are ignored
      Specified by:
      setIgnoreCertificateExpiredException in interface HasTruststore
    • setFollowRedirects

      public void setFollowRedirects(boolean b)
      If true, a redirect request will be honoured, e.g. to switch to HTTPS
      Default value
      true
    • setIgnoreRedirects

      public void setIgnoreRedirects(boolean b)
      If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successful
      Default value
      false
    • setStaleChecking

      public void setStaleChecking(boolean b)
      Controls whether connections checked to be stale, i.e. appear open, but are not.
      Default value
      true
    • setStaleTimeout

      public void setStaleTimeout(int timeout)
      Used when staleChecking is true. Timeout after which an idle connection will be validated before being used.
      Default value
      5000 ms
    • setConnectionTimeToLive

      public void setConnectionTimeToLive(int timeToLive)
      Maximum Time to Live for connections in the pool. No connection will be re-used past its timeToLive value.
      Default value
      900 s
    • setConnectionIdleTimeout

      public void setConnectionIdleTimeout(int idleTimeout)
      Maximum Time for connection to stay idle in the pool. Connections that are idle longer will periodically be evicted from the pool
      Default value
      10 s
    • setProtocol

      public void setProtocol(String protocol)
      Secure socket protocol (such as 'TLSv1.2') to use when a SSLContext object is generated.
      See Also:
      Default value
      TLSv1.2
    • setSupportedCipherSuites

      public void setSupportedCipherSuites(String supportedCipherSuites)
      Allows you to choose which CipherSuites are used when connecting to an endpoint. Works in tandem with protocol as the provided Suite may not be valid for the provided Protocol See the Java Security Standard Algorithm Names Specification for all available options. Note that these may differ depending on the JRE you're using.
      See Also:
    • getConfigurationClassLoader

      public ClassLoader getConfigurationClassLoader()
      Description copied from interface: IScopeProvider
      This ClassLoader is set upon creation of the object, used to retrieve resources configured by the Ibis application.
      Specified by:
      getConfigurationClassLoader in interface IScopeProvider
      Returns:
      returns the ClassLoader created by the ClassLoaderManager.
    • getName

      public String getName()
      Specified by:
      getName in interface IConfigurationAware
    • setName

      public void setName(String name)
    • getApplicationContext

      public org.springframework.context.ApplicationContext getApplicationContext()
      Specified by:
      getApplicationContext in interface IConfigurationAware
    • setApplicationContext

      public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
      Specified by:
      setApplicationContext in interface org.springframework.context.ApplicationContextAware
    • setConfigurationMetrics

      public void setConfigurationMetrics(MetricsInitializer configurationMetrics)
    • getAdapter

      public Adapter getAdapter()
      Specified by:
      getAdapter in interface HasStatistics
    • setAdapter

      public void setAdapter(Adapter adapter)
      Specified by:
      setAdapter in interface AdapterAware
    • getTimeout

      public int getTimeout()
    • getMaxConnections

      public int getMaxConnections()
    • getMaxExecuteRetries

      public int getMaxExecuteRetries()
    • isStaleChecking

      public boolean isStaleChecking()
    • getStaleTimeout

      public int getStaleTimeout()
    • getConnectionTimeToLive

      public int getConnectionTimeToLive()
    • getConnectionIdleTimeout

      public int getConnectionIdleTimeout()
    • getDefaultHttpClientContext

      public org.apache.http.client.protocol.HttpClientContext getDefaultHttpClientContext()
    • getHttpClient

      public org.apache.http.impl.client.CloseableHttpClient getHttpClient()
    • getAuthAlias

      public String getAuthAlias()
    • getUsername

      public String getUsername()
    • getPassword

      public String getPassword()
    • getAuthDomain

      public String getAuthDomain()
    • getTokenEndpoint

      public String getTokenEndpoint()
    • getTokenExpiry

      public int getTokenExpiry()
    • getClientAuthAlias

      public String getClientAuthAlias()
    • getClientId

      public String getClientId()
    • getClientSecret

      public String getClientSecret()
    • getScope

      public String getScope()
    • getSamlNameId

      public String getSamlNameId()
    • getSamlIssuer

      public String getSamlIssuer()
    • getSamlAudience

      public String getSamlAudience()
    • getSamlAssertionExpiry

      public int getSamlAssertionExpiry()
    • getOauthAuthenticationMethod

      public AbstractHttpSession.OauthAuthenticationMethod getOauthAuthenticationMethod()
    • getAuthenticator

      public IOauthAuthenticator getAuthenticator()
    • isAuthenticatedTokenRequest

      public boolean isAuthenticatedTokenRequest()
    • getProxyHost

      public String getProxyHost()
    • getProxyPort

      public int getProxyPort()
    • getProxyAuthAlias

      public String getProxyAuthAlias()
    • getProxyUsername

      public String getProxyUsername()
    • getProxyPassword

      public String getProxyPassword()
    • getProxyRealm

      public String getProxyRealm()
    • isPrefillProxyAuthCache

      public boolean isPrefillProxyAuthCache()
    • getKeystore

      public String getKeystore()
      Specified by:
      getKeystore in interface HasKeystore
    • getKeystoreAuthAlias

      public String getKeystoreAuthAlias()
      Specified by:
      getKeystoreAuthAlias in interface HasKeystore
    • getKeystorePassword

      public String getKeystorePassword()
      Specified by:
      getKeystorePassword in interface HasKeystore
    • getKeystoreType

      public KeystoreType getKeystoreType()
      Specified by:
      getKeystoreType in interface HasKeystore
    • getKeystoreAlias

      public String getKeystoreAlias()
      Specified by:
      getKeystoreAlias in interface HasKeystore
    • getKeystoreAliasAuthAlias

      public String getKeystoreAliasAuthAlias()
      Specified by:
      getKeystoreAliasAuthAlias in interface HasKeystore
    • getKeystoreAliasPassword

      public String getKeystoreAliasPassword()
      Specified by:
      getKeystoreAliasPassword in interface HasKeystore
    • getKeyManagerAlgorithm

      public String getKeyManagerAlgorithm()
      Specified by:
      getKeyManagerAlgorithm in interface HasKeystore
    • getTruststore

      public String getTruststore()
      Specified by:
      getTruststore in interface HasTruststore
    • getTruststoreAuthAlias

      public String getTruststoreAuthAlias()
      Specified by:
      getTruststoreAuthAlias in interface HasTruststore
    • getTruststorePassword

      public String getTruststorePassword()
      Specified by:
      getTruststorePassword in interface HasTruststore
    • getTruststoreType

      public KeystoreType getTruststoreType()
      Specified by:
      getTruststoreType in interface HasTruststore
    • getTrustManagerAlgorithm

      public String getTrustManagerAlgorithm()
      Specified by:
      getTrustManagerAlgorithm in interface HasTruststore
    • isAllowSelfSignedCertificates

      public boolean isAllowSelfSignedCertificates()
      Specified by:
      isAllowSelfSignedCertificates in interface HasTruststore
    • isVerifyHostname

      public boolean isVerifyHostname()
      Specified by:
      isVerifyHostname in interface HasTruststore
    • isIgnoreCertificateExpiredException

      public boolean isIgnoreCertificateExpiredException()
      Specified by:
      isIgnoreCertificateExpiredException in interface HasTruststore
    • isFollowRedirects

      public boolean isFollowRedirects()
    • isIgnoreRedirects

      public boolean isIgnoreRedirects()