Package org.frankframework.http

Class HttpSessionBase

java.lang.Object
org.frankframework.http.HttpSessionBase
All Implemented Interfaces:
IConfigurationAware, IScopeProvider, HasKeystore, HasTruststore, ConfigurableLifecycle, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.context.Lifecycle
Direct Known Subclasses:
HttpSenderBase, HttpSession
public abstract class HttpSessionBase extends Object implements ConfigurableLifecycle, HasKeystore, HasTruststore

Note 1: Some certificates require the <java_home>/jre/lib/security/xxx_policy.jar files to be upgraded to unlimited strength. Typically, in such a case, an error message like Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters is observed. For IBM JDKs these files can be downloaded from http://www.ibm.com/developerworks/java/jdk/security/50/ (scroll down to 'IBM SDK Policy files')

Replace in the directory java\jre\lib\security the following files:
  • local_policy.jar
  • US_export_policy.jar

Note 2: To debug ssl-related problems, set the following system property:

  • -Djavax.net.debug=all

Note 3: In case javax.net.ssl.SSLHandshakeException: unknown certificate-exceptions are thrown, probably the certificate of the other party is not trusted. Try to use one of the certificates in the path as your truststore by doing the following:

  • open the URL you are trying to reach in InternetExplorer
  • click on the yellow padlock on the right in the bottom-bar. This opens the certificate information window
  • click on tab 'Certificeringspad'
  • double click on root certificate in the tree displayed. This opens the certificate information window for the root certificate
  • click on tab 'Details'
  • click on 'Kopieren naar bestand'
  • click 'next', choose 'DER Encoded Binary X.509 (.CER)'
  • click 'next', choose a filename
  • click 'next' and 'finish'
  • Start IBM key management tool ikeyman.bat, located in Program Files/IBM/WebSphere Studio/Application Developer/v5.1.2/runtimes/base_v51/bin (or similar)
  • create a new key-database (Sleuteldatabase -> Nieuw...), or open the default key.jks (default password="changeit")
  • add the generated certificate (Toevoegen...)
  • store the key-database in JKS format
  • if you didn't use the standard keydatabase, then reference the file in the truststore-attribute in Configuration.xml (include the file as a resource)
  • use jks for the truststoreType-attribute
  • restart your application
  • instead of IBM ikeyman you can use the standard java tool keytool as follows: keytool -import -alias yourAlias -file pathToSavedCertificate

Note 4: In case cannot create or initialize SocketFactory: (IOException) Unable to verify MAC-exceptions are thrown, please check password or authAlias configuration of the corresponding certificate.

Since:
7.0
Author:
Niels Meijer

  • Field Details

    • log

      protected final org.apache.logging.log4j.Logger log

  • Constructor Details

    • HttpSessionBase

      public HttpSessionBase()

  • Method Details

    • getURI

      protected URI getURI(@Nonnull String url) throws URISyntaxException
      Makes sure only http(s) requests can be performed.
      Throws:
      URISyntaxException

    • configure

      public void configure() throws ConfigurationException
      Description copied from interface: ConfigurableLifecycle
      Configure this component.

      In the case of a container, this will propagate the start signal to all components that apply.

      Specified by:
      configure in interface ConfigurableLifecycle
      Throws:
      ConfigurationException - in case it was not able to configure the component.

    • configureConnectionManager

      public void configureConnectionManager()
      In order to support multiThreading and connectionPooling. The connectionManager has to be initialized with a sslSocketFactory. The pool must be re-created once closed.

    • start

      public void start()
      Specified by:
      start in interface org.springframework.context.Lifecycle

    • setHttpClient

      protected void setHttpClient(org.apache.http.impl.client.CloseableHttpClient httpClient)

    • setHttpContext

      protected void setHttpContext(org.apache.http.client.protocol.HttpClientContext httpContext)

    • isRunning

      public boolean isRunning()
      Specified by:
      isRunning in interface org.springframework.context.Lifecycle

    • stop

      public void stop()
      Specified by:
      stop in interface org.springframework.context.Lifecycle

    • getSSLConnectionSocketFactory

      @Nonnull protected org.apache.http.conn.ssl.SSLConnectionSocketFactory getSSLConnectionSocketFactory() throws ConfigurationException
      Throws:
      ConfigurationException

    • execute

      protected org.apache.http.HttpResponse execute(URI targetUri, org.apache.http.client.methods.HttpRequestBase httpRequestBase, PipeLineSession session) throws IOException
      Throws:
      IOException

    • setTimeout

      public void setTimeout(int i)
      Timeout in ms of obtaining a connection/result.
      Default value
      10000

    • setMaxConnections

      public void setMaxConnections(int i)
      The maximum number of concurrent connections
      Default value
      10

    • setMaxExecuteRetries

      public void setMaxExecuteRetries(int i)
      The maximum number of times the execution is retried
      Default value
      1 (for repeatable messages) else 0

    • setAuthAlias

      public void setAuthAlias(String string)
      Authentication alias used for authentication to the host

    • setUsername

      public void setUsername(String username)
      Username used for authentication to the host

    • setAuthDomain

      @Deprecated @ConfigurationWarning("Please use the UPN or the full sAM-AccountName instead") public void setAuthDomain(String string)
      Deprecated.
      Corporate domain name. Should only be used in combination with sAMAccountName, never with an UPN.

      Assuming the following user:
      UPN: john.doe@CorpDomain.biz
      sAMAccountName: CORPDOMAIN\john.doe

      The username attribute may be set to john.doe
      The AuthDomain attribute may be set to CORPDOMAIN

    • setPassword

      public void setPassword(String string)
      Password used for authentication to the host

    • setTokenEndpoint

      public void setTokenEndpoint(String string)
      Endpoint to obtain OAuth accessToken. If authAlias or username( and password) are specified, then a PasswordGrant is used, otherwise a ClientCredentials grant. The obtained accessToken will be added to the regular requests in an HTTP Header 'Authorization' with a 'Bearer' prefix.

    • setTokenExpiry

      public void setTokenExpiry(int value)
      If set to a non-negative value, then determines the time (in seconds) after which the token will be refreshed. Otherwise the token will be refreshed when it is half way its lifetime as defined by the expires_in clause of the token response, or when the regular server returns a 401 status with a challenge. If not specified, and the accessTokens lifetime is not found in the token response, the accessToken will not be refreshed preemptively.
      Default value
      -1

    • setClientAlias

      public void setClientAlias(String clientAuthAlias)
      Alias used to obtain client_id and client_secret for authentication to tokenEndpoint

    • setClientId

      public void setClientId(String clientId)
      Client_id used in authentication to tokenEndpoint

    • setClientSecret

      public void setClientSecret(String clientSecret)
      Client_secret used in authentication to tokenEndpoint

    • setScope

      public void setScope(String string)
      Space or comma separated list of scope items requested for accessToken, e.g. read write. Only used when tokenEndpoint is specified

    • setAuthenticatedTokenRequest

      public void setAuthenticatedTokenRequest(boolean authenticatedTokenRequest)
      if set true, clientId and clientSecret will be added as Basic Authentication header to the tokenRequest, instead of as request parameters

    • setProxyHost

      public void setProxyHost(String string)
      Proxy host

    • setProxyPort

      public void setProxyPort(int i)
      Proxy port
      Default value
      80

    • setProxyAuthAlias

      public void setProxyAuthAlias(String string)
      Alias used to obtain credentials for authentication to proxy

    • setProxyUsername

      public void setProxyUsername(String string)
      Proxy username
      Default value

    • setProxyPassword

      public void setProxyPassword(String string)
      Proxy password
      Default value

    • setProxyRealm

      public void setProxyRealm(String string)
      Proxy realm
      Default value

    • setPrefillProxyAuthCache

      public void setPrefillProxyAuthCache(boolean b)
      Create a pre-emptive login context for the proxy connection(s).

    • setDisableCookies

      public void setDisableCookies(boolean disableCookies)
      Disables the use of cookies, making the sender completely stateless
      Default value
      false

    • areCookiesDisabled

      public boolean areCookiesDisabled()

    • setKeystore

      public void setKeystore(String string)
      resource URL to keystore or certificate to be used for authentication. If none specified, the JVMs default keystore will be used.
      Specified by:
      setKeystore in interface HasKeystore

    • setKeystoreType

      public void setKeystoreType(KeystoreType value)
      Description copied from interface: HasKeystore
      Type of keystore
      Specified by:
      setKeystoreType in interface HasKeystore

    • setKeystoreAuthAlias

      public void setKeystoreAuthAlias(String string)
      Description copied from interface: HasKeystore
      Authentication alias used to obtain keystore password
      Specified by:
      setKeystoreAuthAlias in interface HasKeystore

    • setKeystorePassword

      public void setKeystorePassword(String string)
      Description copied from interface: HasKeystore
      Default password to access keystore
      Specified by:
      setKeystorePassword in interface HasKeystore

    • setKeyManagerAlgorithm

      public void setKeyManagerAlgorithm(String keyManagerAlgorithm)
      Description copied from interface: HasKeystore
      Key manager algorithm. Can be left empty to use the servers default algorithm
      Specified by:
      setKeyManagerAlgorithm in interface HasKeystore

    • setKeystoreAlias

      public void setKeystoreAlias(String string)
      Description copied from interface: HasKeystore
      Alias to obtain specific certificate or key in keystore
      Specified by:
      setKeystoreAlias in interface HasKeystore

    • setKeystoreAliasAuthAlias

      public void setKeystoreAliasAuthAlias(String string)
      Description copied from interface: HasKeystore
      Authentication alias to authenticate access to certificate or key indicated by keystoreAlias
      Specified by:
      setKeystoreAliasAuthAlias in interface HasKeystore

    • setKeystoreAliasPassword

      public void setKeystoreAliasPassword(String string)
      Description copied from interface: HasKeystore
      Default password to authenticate access to certificate or key indicated by keystoreAlias
      Specified by:
      setKeystoreAliasPassword in interface HasKeystore

    • setTruststore

      public void setTruststore(String string)
      Resource URL to truststore to be used for authenticating peer. If none specified, the JVMs default truststore will be used.
      Specified by:
      setTruststore in interface HasTruststore

    • setTruststoreAuthAlias

      public void setTruststoreAuthAlias(String string)
      Description copied from interface: HasTruststore
      Authentication alias used to obtain truststore password
      Specified by:
      setTruststoreAuthAlias in interface HasTruststore

    • setTruststorePassword

      public void setTruststorePassword(String string)
      Description copied from interface: HasTruststore
      Default password to access truststore
      Specified by:
      setTruststorePassword in interface HasTruststore

    • setTruststoreType

      public void setTruststoreType(KeystoreType value)
      Description copied from interface: HasTruststore
      Type of truststore
      Specified by:
      setTruststoreType in interface HasTruststore

    • setTrustManagerAlgorithm

      public void setTrustManagerAlgorithm(String trustManagerAlgorithm)
      Description copied from interface: HasTruststore
      Trust manager algorithm. Can be left empty to use the servers default algorithm
      Specified by:
      setTrustManagerAlgorithm in interface HasTruststore

    • setVerifyHostname

      public void setVerifyHostname(boolean b)
      Description copied from interface: HasTruststore
      If true, the hostname in the certificate will be checked against the actual hostname of the peer
      Specified by:
      setVerifyHostname in interface HasTruststore

    • setAllowSelfSignedCertificates

      public void setAllowSelfSignedCertificates(boolean allowSelfSignedCertificates)
      Description copied from interface: HasTruststore
      If true, self signed certificates are accepted
      Specified by:
      setAllowSelfSignedCertificates in interface HasTruststore

    • setIgnoreCertificateExpiredException

      public void setIgnoreCertificateExpiredException(boolean b)
      Description copied from interface: HasTruststore
      If true, CertificateExpiredExceptions are ignored
      Specified by:
      setIgnoreCertificateExpiredException in interface HasTruststore

    • setFollowRedirects

      public void setFollowRedirects(boolean b)
      If true, a redirect request will be honoured, e.g. to switch to HTTPS
      Default value
      true

    • setIgnoreRedirects

      public void setIgnoreRedirects(boolean b)
      If true, besides http status code 200 (OK) also the code 301 (MOVED_PERMANENTLY), 302 (MOVED_TEMPORARILY) and 307 (TEMPORARY_REDIRECT) are considered successful
      Default value
      false

    • setStaleChecking

      public void setStaleChecking(boolean b)
      Controls whether connections checked to be stale, i.e. appear open, but are not.
      Default value
      true

    • setStaleTimeout

      public void setStaleTimeout(int timeout)
      Used when StaleChecking=true. Timeout after which an idle connection will be validated before being used.
      Default value
      5000 ms

    • setConnectionTimeToLive

      public void setConnectionTimeToLive(int timeToLive)
      Maximum Time to Live for connections in the pool. No connection will be re-used past its timeToLive value.
      Default value
      900 s

    • setConnectionIdleTimeout

      public void setConnectionIdleTimeout(int idleTimeout)
      Maximum Time for connection to stay idle in the pool. Connections that are idle longer will periodically be evicted from the pool
      Default value
      10 s

    • setProtocol

      public void setProtocol(String protocol)
      Secure socket protocol (such as 'TLSv1.2') to use when a SSLContext object is generated.
      See Also:
      Default value
      TLSv1.2

    • setSupportedCipherSuites

      public void setSupportedCipherSuites(String supportedCipherSuites)
      Allows you to choose which CipherSuites are used when connecting to an endpoint. Works in tandem with protocol as the provided Suite may not be valid for the provided Protocol See the Java Security Standard Algorithm Names Specification for all available options. Note that these may differ depending on the JRE you're using.
      See Also:

    • getConfigurationClassLoader

      public ClassLoader getConfigurationClassLoader()
      Description copied from interface: IScopeProvider
      This ClassLoader is set upon creation of the object, used to retrieve resources configured by the Ibis application.
      Specified by:
      getConfigurationClassLoader in interface IScopeProvider
      Returns:
      returns the ClassLoader created by the ClassLoaderManager.

    • getName

      public String getName()
      Specified by:
      getName in interface IConfigurationAware

    • setName

      public void setName(String name)

    • getApplicationContext

      public org.springframework.context.ApplicationContext getApplicationContext()
      Specified by:
      getApplicationContext in interface IConfigurationAware

    • setApplicationContext

      public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
      Specified by:
      setApplicationContext in interface org.springframework.context.ApplicationContextAware

    • getTimeout

      public int getTimeout()

    • getMaxConnections

      public int getMaxConnections()

    • getMaxExecuteRetries

      public int getMaxExecuteRetries()

    • isStaleChecking

      public boolean isStaleChecking()

    • getStaleTimeout

      public int getStaleTimeout()

    • getConnectionTimeToLive

      public int getConnectionTimeToLive()

    • getConnectionIdleTimeout

      public int getConnectionIdleTimeout()

    • getDefaultHttpClientContext

      public org.apache.http.client.protocol.HttpClientContext getDefaultHttpClientContext()

    • getHttpClient

      public org.apache.http.impl.client.CloseableHttpClient getHttpClient()

    • getAuthAlias

      public String getAuthAlias()

    • getUsername

      public String getUsername()

    • getPassword

      public String getPassword()

    • getAuthDomain

      public String getAuthDomain()

    • getTokenEndpoint

      public String getTokenEndpoint()

    • getTokenExpiry

      public int getTokenExpiry()

    • getClientAuthAlias

      public String getClientAuthAlias()

    • getClientId

      public String getClientId()

    • getClientSecret

      public String getClientSecret()

    • getScope

      public String getScope()

    • isAuthenticatedTokenRequest

      public boolean isAuthenticatedTokenRequest()

    • getProxyHost

      public String getProxyHost()

    • getProxyPort

      public int getProxyPort()

    • getProxyAuthAlias

      public String getProxyAuthAlias()

    • getProxyUsername

      public String getProxyUsername()

    • getProxyPassword

      public String getProxyPassword()

    • getProxyRealm

      public String getProxyRealm()

    • isPrefillProxyAuthCache

      public boolean isPrefillProxyAuthCache()

    • getKeystore

      public String getKeystore()
      Specified by:
      getKeystore in interface HasKeystore

    • getKeystoreAuthAlias

      public String getKeystoreAuthAlias()
      Specified by:
      getKeystoreAuthAlias in interface HasKeystore

    • getKeystorePassword

      public String getKeystorePassword()
      Specified by:
      getKeystorePassword in interface HasKeystore

    • getKeystoreType

      public KeystoreType getKeystoreType()
      Specified by:
      getKeystoreType in interface HasKeystore

    • getKeystoreAlias

      public String getKeystoreAlias()
      Specified by:
      getKeystoreAlias in interface HasKeystore

    • getKeystoreAliasAuthAlias

      public String getKeystoreAliasAuthAlias()
      Specified by:
      getKeystoreAliasAuthAlias in interface HasKeystore

    • getKeystoreAliasPassword

      public String getKeystoreAliasPassword()
      Specified by:
      getKeystoreAliasPassword in interface HasKeystore

    • getKeyManagerAlgorithm

      public String getKeyManagerAlgorithm()
      Specified by:
      getKeyManagerAlgorithm in interface HasKeystore

    • getTruststore

      public String getTruststore()
      Specified by:
      getTruststore in interface HasTruststore

    • getTruststoreAuthAlias

      public String getTruststoreAuthAlias()
      Specified by:
      getTruststoreAuthAlias in interface HasTruststore

    • getTruststorePassword

      public String getTruststorePassword()
      Specified by:
      getTruststorePassword in interface HasTruststore

    • getTruststoreType

      public KeystoreType getTruststoreType()
      Specified by:
      getTruststoreType in interface HasTruststore

    • getTrustManagerAlgorithm

      public String getTrustManagerAlgorithm()
      Specified by:
      getTrustManagerAlgorithm in interface HasTruststore

    • isAllowSelfSignedCertificates

      public boolean isAllowSelfSignedCertificates()
      Specified by:
      isAllowSelfSignedCertificates in interface HasTruststore

    • isVerifyHostname

      public boolean isVerifyHostname()
      Specified by:
      isVerifyHostname in interface HasTruststore

    • isIgnoreCertificateExpiredException

      public boolean isIgnoreCertificateExpiredException()
      Specified by:
      isIgnoreCertificateExpiredException in interface HasTruststore

    • isFollowRedirects

      public boolean isFollowRedirects()

    • isIgnoreRedirects

      public boolean isIgnoreRedirects()