Class AbstractHttpSession
- All Implemented Interfaces:
AdapterAware
,IConfigurationAware
,IScopeProvider
,HasKeystore
,HasTruststore
,ConfigurableLifecycle
,HasStatistics
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationContextAware
,org.springframework.context.Lifecycle
,org.springframework.context.Phased
,org.springframework.context.SmartLifecycle
- Direct Known Subclasses:
AbstractHttpSender
,HttpSession
Note 1:
Some certificates require the <java_home>/jre/lib/security/xxx_policy.jar files to be upgraded to unlimited strength. Typically, in such a case, an error message like
Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters
is observed.
For IBM JDKs these files can be downloaded from http://www.ibm.com/developerworks/java/jdk/security/50/ (scroll down to 'IBM SDK Policy files')
- local_policy.jar
- US_export_policy.jar
Note 2: To debug ssl-related problems, set the following system property:
-Djavax.net.debug=all
Note 3:
In case javax.net.ssl.SSLHandshakeException: unknown certificate
exceptions are thrown,
probably the certificate of the other party is not trusted. Try to use one of the certificates in the path as your truststore by doing the following:
- open the URL you are trying to reach in InternetExplorer
- click on the yellow padlock on the right in the bottom-bar. This opens the certificate information window
- click on tab 'Certificeringspad'
- double click on root certificate in the tree displayed. This opens the certificate information window for the root certificate
- click on tab 'Details'
- click on 'Kopieren naar bestand'
- click 'next', choose 'DER Encoded Binary X.509 (.CER)'
- click 'next', choose a filename
- click 'next' and 'finish'
- Start IBM key management tool ikeyman.bat, located in Program Files/IBM/WebSphere Studio/Application Developer/v5.1.2/runtimes/base_v51/bin (or similar)
- create a new key-database (Sleuteldatabase -> Nieuw...), or open the default key.jks (default password="changeit")
- add the generated certificate (Toevoegen...)
- store the key-database in JKS format
- if you didn't use the standard keydatabase, then reference the file in the truststore-attribute in Configuration.xml (include the file as a resource)
- use jks for the truststoreType-attribute
- restart your application
- instead of IBM ikeyman you can use the standard java tool
keytool
as follows:keytool -import -alias yourAlias -file pathToSavedCertificate
Note 4:
In case cannot create or initialize SocketFactory: (IOException) Unable to verify MAC
exceptions are thrown,
please check password or authAlias configuration of the corresponding certificate.
- Since:
- 7.0
- Author:
- Niels Meijer
-
Nested Class Summary
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
protected final org.apache.logging.log4j.Logger
Fields inherited from interface org.springframework.context.SmartLifecycle
DEFAULT_PHASE
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
void
Configure this component.protected org.apache.http.HttpResponse
execute
(URI targetUri, org.apache.http.client.methods.HttpRequestBase httpRequestBase, PipeLineSession session) org.springframework.context.ApplicationContext
This ClassLoader is set upon creation of the object, used to retrieve resources configured by the Ibis application.int
int
org.apache.http.auth.Credentials
org.apache.http.client.protocol.HttpClientContext
org.apache.http.impl.client.CloseableHttpClient
int
int
getName()
int
int
getScope()
protected org.apache.http.conn.ssl.SSLConnectionSocketFactory
int
int
int
protected URI
Makes sure only http(s) requests can be performed.boolean
boolean
boolean
boolean
boolean
boolean
boolean
boolean
boolean
void
setAdapter
(Adapter adapter) void
setAllowSelfSignedCertificates
(boolean allowSelfSignedCertificates) Iftrue
, self signed certificates are acceptedvoid
setApplicationContext
(org.springframework.context.ApplicationContext applicationContext) void
setAuthAlias
(String string) Authentication alias used for authentication to the hostvoid
setAuthDomain
(String string) Deprecated.void
setAuthenticatedTokenRequest
(boolean authenticatedTokenRequest) Deprecated, for removal: This API element is subject to removal in a future version.void
setClientAlias
(String clientAuthAlias) Alias used to obtain client_id and client_secret for authentication totokenEndpoint
void
setClientId
(String clientId) Client_id used in authentication totokenEndpoint
void
setClientSecret
(String clientSecret) Client_secret used in authentication totokenEndpoint
void
setConfigurationMetrics
(MetricsInitializer configurationMetrics) void
setConnectionIdleTimeout
(int idleTimeout) Maximum Time for connection to stay idle in the pool.void
setConnectionTimeToLive
(int timeToLive) Maximum Time to Live for connections in the pool.void
setDisableCookies
(boolean disableCookies) Disables the use of cookies, making the sender completely statelessvoid
setFollowRedirects
(boolean b) Iftrue
, a redirect request will be honoured, e.g. to switch to HTTPSprotected void
setHttpClient
(org.apache.http.impl.client.CloseableHttpClient httpClient) protected void
setHttpContext
(org.apache.http.client.protocol.HttpClientContext httpContext) void
setIgnoreCertificateExpiredException
(boolean b) Iftrue
, CertificateExpiredExceptions are ignoredvoid
setIgnoreRedirects
(boolean b) If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successfulvoid
setKeyManagerAlgorithm
(String keyManagerAlgorithm) Key manager algorithm.void
setKeystore
(String string) resource URL to keystore or certificate to be used for authentication.void
setKeystoreAlias
(String string) Alias to obtain specific certificate or key in keystorevoid
setKeystoreAliasAuthAlias
(String string) Authentication alias to authenticate access to certificate or key indicated bykeystoreAlias
void
setKeystoreAliasPassword
(String string) Default password to authenticate access to certificate or key indicated bykeystoreAlias
void
setKeystoreAuthAlias
(String string) Authentication alias used to obtain keystore passwordvoid
setKeystorePassword
(String string) Default password to access keystorevoid
setKeystoreType
(KeystoreType value) Type of keystorevoid
setMaxConnections
(int i) The maximum number of concurrent connectionsvoid
setMaxExecuteRetries
(int i) The maximum number of times the execution is retriedvoid
void
setOauthAuthenticationMethod
(AbstractHttpSession.OauthAuthenticationMethod oauthAuthenticationMethod) Only used when tokenEndpoint has been configured.void
setPassword
(String string) Password used for authentication to the hostvoid
setPrefillProxyAuthCache
(boolean b) Create a pre-emptive login context for the proxy connection(s).void
setProtocol
(String protocol) Secure socket protocol (such as 'TLSv1.2') to use when a SSLContext object is generated.void
setProxyAuthAlias
(String string) Alias used to obtain credentials for authentication to proxyvoid
setProxyHost
(String string) Proxy hostvoid
setProxyPassword
(String string) Proxy passwordvoid
setProxyPort
(int i) Proxy portvoid
setProxyRealm
(String string) Proxy realmvoid
setProxyUsername
(String string) Proxy usernamevoid
setSamlAssertionExpiry
(int expiry) The time to live (in seconds) until the generated SAML assertion should be valid.void
setSamlAudience
(String samlAudience) The audience to be added during the creation of the SAML assertion.void
setSamlIssuer
(String samlIssuer) The issuer to be added during the creation of the SAML assertion.void
setSamlNameId
(String samlNameId) The nameId to be added during the creation of the SAML assertion.void
Space or comma separated list of scope items requested for accessToken, e.g.void
setStaleChecking
(boolean b) Controls whether connections checked to be stale, i.e. appear open, but are not.void
setStaleTimeout
(int timeout) Used whenstaleChecking
istrue
.void
setSupportedCipherSuites
(String supportedCipherSuites) Allows you to choose which CipherSuites are used when connecting to an endpoint.void
setTimeout
(int i) Timeout in ms of obtaining a connection/result.void
setTokenEndpoint
(String string) Endpoint to obtain OAuth accessToken.void
setTokenExpiry
(int value) If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed.void
setTrustManagerAlgorithm
(String trustManagerAlgorithm) Trust manager algorithm.void
setTruststore
(String string) Resource URL to truststore to be used for authenticating peer.void
setTruststoreAuthAlias
(String string) Authentication alias used to obtain truststore passwordvoid
setTruststorePassword
(String string) Default password to access truststorevoid
setTruststoreType
(KeystoreType value) Type of truststorevoid
setUsername
(String username) Username used for authentication to the hostvoid
setVerifyHostname
(boolean b) Iftrue
, the hostname in the certificate will be checked against the actual hostname of the peervoid
start()
void
stop()
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.frankframework.lifecycle.ConfigurableLifecycle
getPhase, isAutoStartup
Methods inherited from interface org.springframework.context.SmartLifecycle
stop
-
Field Details
-
log
protected final org.apache.logging.log4j.Logger log -
AUTHENTICATION_METHOD_KEY
- See Also:
-
-
Constructor Details
-
AbstractHttpSession
public AbstractHttpSession()
-
-
Method Details
-
getURI
Makes sure only http(s) requests can be performed.- Throws:
URISyntaxException
-
configure
Description copied from interface:ConfigurableLifecycle
Configure this component.In the case of a container, this will propagate the start signal to all components that apply.
- Specified by:
configure
in interfaceConfigurableLifecycle
- Throws:
ConfigurationException
- in case it was not able to configure the component.
-
start
public void start()- Specified by:
start
in interfaceorg.springframework.context.Lifecycle
-
setHttpClient
protected void setHttpClient(org.apache.http.impl.client.CloseableHttpClient httpClient) -
setHttpContext
protected void setHttpContext(org.apache.http.client.protocol.HttpClientContext httpContext) -
isRunning
public boolean isRunning()- Specified by:
isRunning
in interfaceorg.springframework.context.Lifecycle
-
stop
public void stop()- Specified by:
stop
in interfaceorg.springframework.context.Lifecycle
-
getCredentials
public org.apache.http.auth.Credentials getCredentials() -
getSSLConnectionSocketFactory
@Nonnull protected org.apache.http.conn.ssl.SSLConnectionSocketFactory getSSLConnectionSocketFactory() throws ConfigurationException- Throws:
ConfigurationException
-
execute
protected org.apache.http.HttpResponse execute(URI targetUri, org.apache.http.client.methods.HttpRequestBase httpRequestBase, PipeLineSession session) throws IOException - Throws:
IOException
-
setTimeout
public void setTimeout(int i) Timeout in ms of obtaining a connection/result.- Default value
- 10000
-
setMaxConnections
public void setMaxConnections(int i) The maximum number of concurrent connections- Default value
- 10
-
setMaxExecuteRetries
public void setMaxExecuteRetries(int i) The maximum number of times the execution is retried- Default value
- 1 (for repeatable messages) else 0
-
setAuthAlias
Authentication alias used for authentication to the host -
setUsername
Username used for authentication to the host -
setAuthDomain
@Deprecated @ConfigurationWarning("Please use the UPN or the full sAM-AccountName instead") public void setAuthDomain(String string) Deprecated.Corporate domain name. Should only be used in combination with sAMAccountName, never with an UPN.
Assuming the following user:
UPN: john.doe@CorpDomain.biz
sAMAccountName: CORPDOMAIN\john.doe
The username attribute may be set tojohn.doe
The AuthDomain attribute may be set toCORPDOMAIN
-
setPassword
Password used for authentication to the host -
setTokenEndpoint
Endpoint to obtain OAuth accessToken. IfauthAlias
orusername
( andpassword
) are specified, then a PasswordGrant is used, otherwise a ClientCredentials grant. The obtained accessToken will be added to the regular requests in an HTTP Header 'Authorization' with a 'Bearer' prefix. -
setTokenExpiry
public void setTokenExpiry(int value) If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed. Otherwise the token will be refreshed when it is half way its lifetime as defined by theexpires_in
clause of the token response, or when the regular server returns a 401 status with a challenge. If not specified, and the accessTokens lifetime is not found in the token response, the accessToken will not be refreshed preemptively.- Default value
- -1
-
setClientAlias
Alias used to obtain client_id and client_secret for authentication totokenEndpoint
-
setClientId
Client_id used in authentication totokenEndpoint
-
setClientSecret
Client_secret used in authentication totokenEndpoint
-
setScope
Space or comma separated list of scope items requested for accessToken, e.g.read write
. Only used whentokenEndpoint
is specified -
setAuthenticatedTokenRequest
@Deprecated(forRemoval=true, since="9.0") @ConfigurationWarning("Use oauthAuthenticationMethod to set this behaviour") public void setAuthenticatedTokenRequest(boolean authenticatedTokenRequest) Deprecated, for removal: This API element is subject to removal in a future version.if set true, clientId and clientSecret will be added as Basic Authentication header to the tokenRequest, instead of as request parameters -
setOauthAuthenticationMethod
public void setOauthAuthenticationMethod(AbstractHttpSession.OauthAuthenticationMethod oauthAuthenticationMethod) Only used when tokenEndpoint has been configured. Sets the OAuth authentication method and controls which authentication flow should be used. -
setSamlNameId
The nameId to be added during the creation of the SAML assertion. -
setSamlIssuer
The issuer to be added during the creation of the SAML assertion. -
setSamlAudience
The audience to be added during the creation of the SAML assertion. -
setSamlAssertionExpiry
public void setSamlAssertionExpiry(int expiry) The time to live (in seconds) until the generated SAML assertion should be valid. A new assertion will be generated when the previous assertion is no longer valid. -
setProxyHost
Proxy host -
setProxyPort
public void setProxyPort(int i) Proxy port- Default value
- 80
-
setProxyAuthAlias
Alias used to obtain credentials for authentication to proxy -
setProxyUsername
Proxy username- Default value
-
setProxyPassword
Proxy password- Default value
-
setProxyRealm
Proxy realm- Default value
-
setPrefillProxyAuthCache
public void setPrefillProxyAuthCache(boolean b) Create a pre-emptive login context for the proxy connection(s). -
setDisableCookies
public void setDisableCookies(boolean disableCookies) Disables the use of cookies, making the sender completely stateless- Default value
- false
-
areCookiesDisabled
public boolean areCookiesDisabled() -
setKeystore
resource URL to keystore or certificate to be used for authentication. If none specified, the JVMs default keystore will be used.- Specified by:
setKeystore
in interfaceHasKeystore
-
setKeystoreType
Description copied from interface:HasKeystore
Type of keystore- Specified by:
setKeystoreType
in interfaceHasKeystore
-
setKeystoreAuthAlias
Description copied from interface:HasKeystore
Authentication alias used to obtain keystore password- Specified by:
setKeystoreAuthAlias
in interfaceHasKeystore
-
setKeystorePassword
Description copied from interface:HasKeystore
Default password to access keystore- Specified by:
setKeystorePassword
in interfaceHasKeystore
-
setKeyManagerAlgorithm
Description copied from interface:HasKeystore
Key manager algorithm. Can be left empty to use the servers default algorithm- Specified by:
setKeyManagerAlgorithm
in interfaceHasKeystore
-
setKeystoreAlias
Description copied from interface:HasKeystore
Alias to obtain specific certificate or key in keystore- Specified by:
setKeystoreAlias
in interfaceHasKeystore
-
setKeystoreAliasAuthAlias
Description copied from interface:HasKeystore
Authentication alias to authenticate access to certificate or key indicated bykeystoreAlias
- Specified by:
setKeystoreAliasAuthAlias
in interfaceHasKeystore
-
setKeystoreAliasPassword
Description copied from interface:HasKeystore
Default password to authenticate access to certificate or key indicated bykeystoreAlias
- Specified by:
setKeystoreAliasPassword
in interfaceHasKeystore
-
setTruststore
Resource URL to truststore to be used for authenticating peer. If none specified, the JVMs default truststore will be used.- Specified by:
setTruststore
in interfaceHasTruststore
-
setTruststoreAuthAlias
Description copied from interface:HasTruststore
Authentication alias used to obtain truststore password- Specified by:
setTruststoreAuthAlias
in interfaceHasTruststore
-
setTruststorePassword
Description copied from interface:HasTruststore
Default password to access truststore- Specified by:
setTruststorePassword
in interfaceHasTruststore
-
setTruststoreType
Description copied from interface:HasTruststore
Type of truststore- Specified by:
setTruststoreType
in interfaceHasTruststore
-
setTrustManagerAlgorithm
Description copied from interface:HasTruststore
Trust manager algorithm. Can be left empty to use the servers default algorithm- Specified by:
setTrustManagerAlgorithm
in interfaceHasTruststore
-
setVerifyHostname
Description copied from interface:HasTruststore
Iftrue
, the hostname in the certificate will be checked against the actual hostname of the peer- Specified by:
setVerifyHostname
in interfaceHasTruststore
-
setAllowSelfSignedCertificates
Description copied from interface:HasTruststore
Iftrue
, self signed certificates are accepted- Specified by:
setAllowSelfSignedCertificates
in interfaceHasTruststore
-
setIgnoreCertificateExpiredException
Description copied from interface:HasTruststore
Iftrue
, CertificateExpiredExceptions are ignored- Specified by:
setIgnoreCertificateExpiredException
in interfaceHasTruststore
-
setFollowRedirects
public void setFollowRedirects(boolean b) Iftrue
, a redirect request will be honoured, e.g. to switch to HTTPS- Default value
- true
-
setIgnoreRedirects
public void setIgnoreRedirects(boolean b) If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successful- Default value
- false
-
setStaleChecking
public void setStaleChecking(boolean b) Controls whether connections checked to be stale, i.e. appear open, but are not.- Default value
- true
-
setStaleTimeout
public void setStaleTimeout(int timeout) Used whenstaleChecking
istrue
. Timeout after which an idle connection will be validated before being used.- Default value
- 5000 ms
-
setConnectionTimeToLive
public void setConnectionTimeToLive(int timeToLive) Maximum Time to Live for connections in the pool. No connection will be re-used past its timeToLive value.- Default value
- 900 s
-
setConnectionIdleTimeout
public void setConnectionIdleTimeout(int idleTimeout) Maximum Time for connection to stay idle in the pool. Connections that are idle longer will periodically be evicted from the pool- Default value
- 10 s
-
setProtocol
Secure socket protocol (such as 'TLSv1.2') to use when a SSLContext object is generated.- See Also:
- Default value
- TLSv1.2
-
setSupportedCipherSuites
Allows you to choose which CipherSuites are used when connecting to an endpoint. Works in tandem withprotocol
as the provided Suite may not be valid for the provided Protocol See the Java Security Standard Algorithm Names Specification for all available options. Note that these may differ depending on the JRE you're using. -
getConfigurationClassLoader
Description copied from interface:IScopeProvider
This ClassLoader is set upon creation of the object, used to retrieve resources configured by the Ibis application.- Specified by:
getConfigurationClassLoader
in interfaceIScopeProvider
- Returns:
- returns the ClassLoader created by the
ClassLoaderManager
.
-
getName
- Specified by:
getName
in interfaceIConfigurationAware
-
setName
-
getApplicationContext
public org.springframework.context.ApplicationContext getApplicationContext()- Specified by:
getApplicationContext
in interfaceIConfigurationAware
-
setApplicationContext
public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext) - Specified by:
setApplicationContext
in interfaceorg.springframework.context.ApplicationContextAware
-
setConfigurationMetrics
-
getAdapter
- Specified by:
getAdapter
in interfaceHasStatistics
-
setAdapter
- Specified by:
setAdapter
in interfaceAdapterAware
-
getTimeout
public int getTimeout() -
getMaxConnections
public int getMaxConnections() -
getMaxExecuteRetries
public int getMaxExecuteRetries() -
isStaleChecking
public boolean isStaleChecking() -
getStaleTimeout
public int getStaleTimeout() -
getConnectionTimeToLive
public int getConnectionTimeToLive() -
getConnectionIdleTimeout
public int getConnectionIdleTimeout() -
getDefaultHttpClientContext
public org.apache.http.client.protocol.HttpClientContext getDefaultHttpClientContext() -
getHttpClient
public org.apache.http.impl.client.CloseableHttpClient getHttpClient() -
getAuthAlias
-
getUsername
-
getPassword
-
getAuthDomain
-
getTokenEndpoint
-
getTokenExpiry
public int getTokenExpiry() -
getClientAuthAlias
-
getClientId
-
getClientSecret
-
getScope
-
getSamlNameId
-
getSamlIssuer
-
getSamlAudience
-
getSamlAssertionExpiry
public int getSamlAssertionExpiry() -
getOauthAuthenticationMethod
-
getAuthenticator
-
isAuthenticatedTokenRequest
public boolean isAuthenticatedTokenRequest() -
getProxyHost
-
getProxyPort
public int getProxyPort() -
getProxyAuthAlias
-
getProxyUsername
-
getProxyPassword
-
getProxyRealm
-
isPrefillProxyAuthCache
public boolean isPrefillProxyAuthCache() -
getKeystore
- Specified by:
getKeystore
in interfaceHasKeystore
-
getKeystoreAuthAlias
- Specified by:
getKeystoreAuthAlias
in interfaceHasKeystore
-
getKeystorePassword
- Specified by:
getKeystorePassword
in interfaceHasKeystore
-
getKeystoreType
- Specified by:
getKeystoreType
in interfaceHasKeystore
-
getKeystoreAlias
- Specified by:
getKeystoreAlias
in interfaceHasKeystore
-
getKeystoreAliasAuthAlias
- Specified by:
getKeystoreAliasAuthAlias
in interfaceHasKeystore
-
getKeystoreAliasPassword
- Specified by:
getKeystoreAliasPassword
in interfaceHasKeystore
-
getKeyManagerAlgorithm
- Specified by:
getKeyManagerAlgorithm
in interfaceHasKeystore
-
getTruststore
- Specified by:
getTruststore
in interfaceHasTruststore
-
getTruststoreAuthAlias
- Specified by:
getTruststoreAuthAlias
in interfaceHasTruststore
-
getTruststorePassword
- Specified by:
getTruststorePassword
in interfaceHasTruststore
-
getTruststoreType
- Specified by:
getTruststoreType
in interfaceHasTruststore
-
getTrustManagerAlgorithm
- Specified by:
getTrustManagerAlgorithm
in interfaceHasTruststore
-
isAllowSelfSignedCertificates
public boolean isAllowSelfSignedCertificates()- Specified by:
isAllowSelfSignedCertificates
in interfaceHasTruststore
-
isVerifyHostname
public boolean isVerifyHostname()- Specified by:
isVerifyHostname
in interfaceHasTruststore
-
isIgnoreCertificateExpiredException
public boolean isIgnoreCertificateExpiredException()- Specified by:
isIgnoreCertificateExpiredException
in interfaceHasTruststore
-
isFollowRedirects
public boolean isFollowRedirects() -
isIgnoreRedirects
public boolean isIgnoreRedirects()
-