Package org.frankframework.http

Class AbstractHttpSession

java.lang.Object
org.frankframework.http.AbstractHttpSession
All Implemented Interfaces:
FrankElement, HasApplicationContext, HasName, IConfigurable, IScopeProvider, HasKeystore, HasTruststore, ConfigurableLifecycle, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.context.Lifecycle, org.springframework.context.Phased, org.springframework.context.SmartLifecycle
Direct Known Subclasses:
AbstractHttpSender, HttpSession
public abstract class AbstractHttpSession extends Object implements ConfigurableLifecycle, HasKeystore, HasTruststore, FrankElement

Note 1: Some certificates require the <java_home>/jre/lib/security/xxx_policy.jar files to be upgraded to unlimited strength. Typically, in such a case, an error message like Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters is observed. For IBM JDKs these files can be downloaded from http://www.ibm.com/developerworks/java/jdk/security/50/ (scroll down to 'IBM SDK Policy files')

Replace in the directory java\jre\lib\security the following files:
  • local_policy.jar
  • US_export_policy.jar

Note 2: To debug ssl-related problems, set the following system property:

  • -Djavax.net.debug=all

Note 3: In case javax.net.ssl.SSLHandshakeException: unknown certificate exceptions are thrown, probably the certificate of the other party is not trusted. Try to use one of the certificates in the path as your truststore by doing the following:

  • open the URL you are trying to reach in InternetExplorer
  • click on the yellow padlock on the right in the bottom-bar. This opens the certificate information window
  • click on tab 'Certificeringspad'
  • double click on root certificate in the tree displayed. This opens the certificate information window for the root certificate
  • click on tab 'Details'
  • click on 'Kopieren naar bestand'
  • click 'next', choose 'DER Encoded Binary X.509 (.CER)'
  • click 'next', choose a filename
  • click 'next' and 'finish'
  • Start IBM key management tool ikeyman.bat, located in Program Files/IBM/WebSphere Studio/Application Developer/v5.1.2/runtimes/base_v51/bin (or similar)
  • create a new key-database (Sleuteldatabase -> Nieuw...), or open the default key.jks (default password="changeit")
  • add the generated certificate (Toevoegen...)
  • store the key-database in JKS format
  • if you didn't use the standard keydatabase, then reference the file in the truststore-attribute in Configuration.xml (include the file as a resource)
  • use jks for the truststoreType-attribute
  • restart your application
  • instead of IBM ikeyman you can use the standard java tool keytool as follows: keytool -import -alias yourAlias -file pathToSavedCertificate

Note 4: In case cannot create or initialize SocketFactory: (IOException) Unable to verify MAC exceptions are thrown, please check password or authAlias configuration of the corresponding certificate.

Since:
7.0
Author:
Niels Meijer

  • Field Details

    • log

      protected final org.apache.logging.log4j.Logger log

    • AUTHENTICATION_METHOD_KEY

      public static final String AUTHENTICATION_METHOD_KEY
      See Also:

  • Constructor Details

    • AbstractHttpSession

      public AbstractHttpSession()

  • Method Details

    • getURI

      protected URI getURI(@Nonnull String url) throws URISyntaxException
      Makes sure only http(s) requests can be performed.
      Throws:
      URISyntaxException

    • configure

      public void configure() throws ConfigurationException
      Description copied from interface: IConfigurable
      Configure this component.

      configure() is called once at startup of the framework in the configure method of the owner of this IConfigurable. Purpose of this method is to check whether the static configuration of the object is correct. As much as possible class-instantiating should take place in the configure(), to improve performance.

      In the case of a container, this will propagate the configure signal to all components that apply.

      Specified by:
      configure in interface IConfigurable
      Throws:
      ConfigurationException - in case it was not able to configure the component.

    • start

      public void start()
      Specified by:
      start in interface ConfigurableLifecycle
      Specified by:
      start in interface org.springframework.context.Lifecycle

    • setHttpClient

      protected void setHttpClient(org.apache.http.impl.client.CloseableHttpClient httpClient)

    • setHttpContext

      protected void setHttpContext(org.apache.http.client.protocol.HttpClientContext httpContext)

    • isRunning

      public boolean isRunning()
      Specified by:
      isRunning in interface org.springframework.context.Lifecycle

    • stop

      public void stop()
      Specified by:
      stop in interface org.springframework.context.Lifecycle

    • getDomainAwareCredentials

      public org.apache.http.auth.Credentials getDomainAwareCredentials()

    • getSSLConnectionSocketFactory

      @Nonnull protected org.apache.http.conn.ssl.SSLConnectionSocketFactory getSSLConnectionSocketFactory() throws ConfigurationException
      Throws:
      ConfigurationException

    • execute

      protected org.apache.http.HttpResponse execute(URI targetUri, org.apache.http.client.methods.HttpRequestBase httpRequestBase, PipeLineSession session) throws IOException, TimeoutException
      By forcing the use of the HttpResponseHandler the resultStream will automatically be closed when it has been read. See HttpResponseHandler and ReleaseConnectionAfterReadInputStream. We cannot close the connection as the response might be kept in a sessionKey for later use in the pipeline. IMPORTANT: It is possible that poorly written implementations won't read or close the response. This will cause the connection to become stale.
      Throws:
      IOException
      TimeoutException

    • setTimeout

      public void setTimeout(int i)
      Timeout in ms of obtaining a connection/result.
      Default value
      10000

    • setMaxConnections

      public void setMaxConnections(int i)
      The maximum number of concurrent connections
      Default value
      10

    • setMaxExecuteRetries

      public void setMaxExecuteRetries(int i)
      The maximum number of times the execution is retried
      Default value
      1 (for repeatable messages) else 0

    • setAuthAlias

      public void setAuthAlias(String string)
      Authentication alias used for authentication to the host

    • setUsername

      public void setUsername(String username)
      Username used for authentication to the host

    • setAuthDomain

      @Deprecated @ConfigurationWarning("Please use the UPN or the full sAM-AccountName instead") public void setAuthDomain(String string)
      Deprecated.
      Corporate domain name. Should only be used in combination with sAMAccountName, never with an UPN.

      Assuming the following user:
      UPN: john.doe@CorpDomain.biz
      sAMAccountName: CORPDOMAIN\john.doe

      The username attribute may be set to john.doe
      The AuthDomain attribute may be set to CORPDOMAIN

    • setPassword

      public void setPassword(String string)
      Password used for authentication to the host

    • setTokenEndpoint

      public void setTokenEndpoint(String string)
      Endpoint to obtain OAuth accessToken. If authAlias or username( and password) are specified, then a PasswordGrant is used, otherwise a ClientCredentials grant. The obtained accessToken will be added to the regular requests in an HTTP Header 'Authorization' with a 'Bearer' prefix.

    • setTokenExpiry

      public void setTokenExpiry(int value)
      If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed. Otherwise the token will be refreshed when it is half way its lifetime as defined by the expires_in clause of the token response, or when the regular server returns a 401 status with a challenge. If not specified, and the accessTokens lifetime is not found in the token response, the accessToken will not be refreshed preemptively.
      Default value
      -1

    • setClientAlias

      public void setClientAlias(String clientAuthAlias)
      Alias used to obtain client_id and client_secret for authentication to tokenEndpoint

    • setClientId

      public void setClientId(String clientId)
      Client_id used in authentication to tokenEndpoint

    • setClientSecret

      public void setClientSecret(String clientSecret)
      Client_secret used in authentication to tokenEndpoint

    • setScope

      public void setScope(String string)
      Space or comma separated list of scope items requested for accessToken, e.g. read write. Only used when tokenEndpoint is specified

    • setAuthenticatedTokenRequest

      @Deprecated(forRemoval=true, since="9.0") @ConfigurationWarning("Use oauthAuthenticationMethod to set this behaviour") public void setAuthenticatedTokenRequest(boolean authenticatedTokenRequest)
      Deprecated, for removal: This API element is subject to removal in a future version.
      if set true, clientId and clientSecret will be added as Basic Authentication header to the tokenRequest, instead of as request parameters

    • setOauthAuthenticationMethod

      public void setOauthAuthenticationMethod(AbstractHttpSession.OauthAuthenticationMethod oauthAuthenticationMethod)
      Only used when tokenEndpoint has been configured. Sets the OAuth authentication method and controls which authentication flow should be used.

    • setSamlNameId

      public void setSamlNameId(String samlNameId)
      The nameId to be added during the creation of the SAML assertion.

    • setSamlIssuer

      public void setSamlIssuer(String samlIssuer)
      The issuer to be added during the creation of the SAML assertion.

    • setSamlAudience

      public void setSamlAudience(String samlAudience)
      The audience to be added during the creation of the SAML assertion.

    • setSamlAssertionExpiry

      public void setSamlAssertionExpiry(int expiry)
      The time to live (in seconds) until the generated SAML assertion should be valid. A new assertion will be generated when the previous assertion is no longer valid.

    • setProxyHost

      public void setProxyHost(String string)
      Proxy host

    • setProxyPort

      public void setProxyPort(int i)
      Proxy port
      Default value
      80

    • setProxyAuthAlias

      public void setProxyAuthAlias(String string)
      Alias used to obtain credentials for authentication to proxy

    • setProxyUsername

      public void setProxyUsername(String string)
      Proxy username
      Default value

    • setProxyPassword

      public void setProxyPassword(String string)
      Proxy password
      Default value

    • setProxyRealm

      public void setProxyRealm(String string)
      Proxy realm
      Default value

    • setPrefillProxyAuthCache

      public void setPrefillProxyAuthCache(boolean b)
      Create a pre-emptive login context for the proxy connection(s).

    • setDisableCookies

      public void setDisableCookies(boolean disableCookies)
      Disables the use of cookies, making the sender completely stateless
      Default value
      false

    • areCookiesDisabled

      public boolean areCookiesDisabled()

    • setKeystore

      public void setKeystore(String string)
      resource URL to keystore or certificate to be used for authentication. If none specified, the JVMs default keystore will be used.
      Specified by:
      setKeystore in interface HasKeystore

    • setKeystoreType

      public void setKeystoreType(KeystoreType value)
      Description copied from interface: HasKeystore
      Type of keystore
      Specified by:
      setKeystoreType in interface HasKeystore

    • setKeystoreAuthAlias

      public void setKeystoreAuthAlias(String string)
      Description copied from interface: HasKeystore
      Authentication alias used to obtain keystore password
      Specified by:
      setKeystoreAuthAlias in interface HasKeystore

    • setKeystorePassword

      public void setKeystorePassword(String string)
      Description copied from interface: HasKeystore
      Default password to access keystore
      Specified by:
      setKeystorePassword in interface HasKeystore

    • setKeyManagerAlgorithm

      public void setKeyManagerAlgorithm(String keyManagerAlgorithm)
      Description copied from interface: HasKeystore
      Key manager algorithm. Can be left empty to use the servers default algorithm
      Specified by:
      setKeyManagerAlgorithm in interface HasKeystore

    • setKeystoreAlias

      public void setKeystoreAlias(String string)
      Description copied from interface: HasKeystore
      Alias to obtain specific certificate or key in keystore
      Specified by:
      setKeystoreAlias in interface HasKeystore

    • setKeystoreAliasAuthAlias

      public void setKeystoreAliasAuthAlias(String string)
      Description copied from interface: HasKeystore
      Authentication alias to authenticate access to certificate or key indicated by keystoreAlias
      Specified by:
      setKeystoreAliasAuthAlias in interface HasKeystore

    • setKeystoreAliasPassword

      public void setKeystoreAliasPassword(String string)
      Description copied from interface: HasKeystore
      Default password to authenticate access to certificate or key indicated by keystoreAlias
      Specified by:
      setKeystoreAliasPassword in interface HasKeystore

    • setTruststore

      public void setTruststore(String string)
      Resource URL to truststore to be used for authenticating peer. If none specified, the JVMs default truststore will be used.
      Specified by:
      setTruststore in interface HasTruststore

    • setTruststoreAuthAlias

      public void setTruststoreAuthAlias(String string)
      Description copied from interface: HasTruststore
      Authentication alias used to obtain truststore password
      Specified by:
      setTruststoreAuthAlias in interface HasTruststore

    • setTruststorePassword

      public void setTruststorePassword(String string)
      Description copied from interface: HasTruststore
      Default password to access truststore
      Specified by:
      setTruststorePassword in interface HasTruststore

    • setTruststoreType

      public void setTruststoreType(KeystoreType value)
      Description copied from interface: HasTruststore
      Type of truststore
      Specified by:
      setTruststoreType in interface HasTruststore

    • setTrustManagerAlgorithm

      public void setTrustManagerAlgorithm(String trustManagerAlgorithm)
      Description copied from interface: HasTruststore
      Trust manager algorithm. Can be left empty to use the servers default algorithm
      Specified by:
      setTrustManagerAlgorithm in interface HasTruststore

    • setVerifyHostname

      @Unsafe public void setVerifyHostname(boolean b)
      Description copied from interface: HasTruststore
      If true, the hostname in the certificate will be checked against the actual hostname of the peer
      Specified by:
      setVerifyHostname in interface HasTruststore

    • setAllowSelfSignedCertificates

      @Unsafe public void setAllowSelfSignedCertificates(boolean allowSelfSignedCertificates)
      Description copied from interface: HasTruststore
      If true, self signed certificates are accepted
      Specified by:
      setAllowSelfSignedCertificates in interface HasTruststore

    • setIgnoreCertificateExpiredException

      @Unsafe public void setIgnoreCertificateExpiredException(boolean b)
      Description copied from interface: HasTruststore
      If true, CertificateExpiredExceptions are ignored
      Specified by:
      setIgnoreCertificateExpiredException in interface HasTruststore

    • setFollowRedirects

      public void setFollowRedirects(boolean b)
      If true, a redirect request will be honoured, e.g. to switch to HTTPS
      Default value
      true

    • setIgnoreRedirects

      public void setIgnoreRedirects(boolean b)
      If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successful
      Default value
      false

    • setStaleChecking

      public void setStaleChecking(boolean b)
      Controls whether connections checked to be stale, i.e. appear open, but are not.
      Default value
      true

    • setStaleTimeout

      public void setStaleTimeout(int timeout)
      Used when staleChecking is true. Timeout after which an idle connection will be validated before being used.
      Default value
      5000 ms

    • setConnectionTimeToLive

      public void setConnectionTimeToLive(int timeToLive)
      Maximum Time to Live for connections in the pool. No connection will be re-used past its timeToLive value.
      Default value
      900 s

    • setConnectionIdleTimeout

      public void setConnectionIdleTimeout(int idleTimeout)
      Maximum Time for connection to stay idle in the pool. Connections that are idle longer will periodically be evicted from the pool
      Default value
      10 s

    • setProtocol

      public void setProtocol(String protocol)
      Secure socket protocol (such as 'TLSv1.2') to use when a SSLContext object is generated.
      See Also:
      Default value
      TLSv1.2

    • setSupportedCipherSuites

      public void setSupportedCipherSuites(String supportedCipherSuites)
      Allows you to choose which CipherSuites are used when connecting to an endpoint. Works in tandem with protocol as the provided Suite may not be valid for the provided Protocol See the Java Security Standard Algorithm Names Specification for all available options. Note that these may differ depending on the JRE you're using.
      See Also: