1 /*
2 * ====================================================================
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 * ====================================================================
20 *
21 * This software consists of voluntary contributions made by many
22 * individuals on behalf of the Apache Software Foundation. For more
23 * information on the Apache Software Foundation, please see
24 * <http://www.apache.org/>.
25 *
26 */
27 package org.apache.http.impl.client;
28
29 import java.security.Principal;
30
31 import javax.net.ssl.SSLSession;
32
33 import org.apache.http.HttpConnection;
34 import org.apache.http.annotation.Contract;
35 import org.apache.http.annotation.ThreadingBehavior;
36 import org.apache.http.auth.AuthScheme;
37 import org.apache.http.auth.AuthState;
38 import org.apache.http.auth.Credentials;
39 import org.apache.http.client.UserTokenHandler;
40 import org.apache.http.client.protocol.HttpClientContext;
41 import org.apache.http.conn.ManagedHttpClientConnection;
42 import org.apache.http.protocol.HttpContext;
43
44 /**
45 * Default implementation of {@link UserTokenHandler}. This class will use
46 * an instance of {@link Principal} as a state object for HTTP connections,
47 * if it can be obtained from the given execution context. This helps ensure
48 * persistent connections created with a particular user identity within
49 * a particular security context can be reused by the same user only.
50 * <p>
51 * DefaultUserTokenHandler will use the user principal of connection
52 * based authentication schemes such as NTLM or that of the SSL session
53 * with the client authentication turned on. If both are unavailable,
54 * {@code null} token will be returned.
55 *
56 * @since 4.0
57 */
58 @Contract(threading = ThreadingBehavior.IMMUTABLE)
59 public class DefaultUserTokenHandler implements UserTokenHandler {
60
61 public static final DefaultUserTokenHandler INSTANCE = new DefaultUserTokenHandler();
62
63 @Override
64 public Object getUserToken(final HttpContext context) {
65
66 final HttpClientContext clientContext = HttpClientContext.adapt(context);
67
68 Principal userPrincipal = null;
69
70 final AuthState targetAuthState = clientContext.getTargetAuthState();
71 if (targetAuthState != null) {
72 userPrincipal = getAuthPrincipal(targetAuthState);
73 if (userPrincipal == null) {
74 final AuthState proxyAuthState = clientContext.getProxyAuthState();
75 userPrincipal = getAuthPrincipal(proxyAuthState);
76 }
77 }
78
79 if (userPrincipal == null) {
80 final HttpConnection conn = clientContext.getConnection();
81 if (conn.isOpen() && conn instanceof ManagedHttpClientConnection) {
82 final SSLSession sslsession = ((ManagedHttpClientConnection) conn).getSSLSession();
83 if (sslsession != null) {
84 userPrincipal = sslsession.getLocalPrincipal();
85 }
86 }
87 }
88
89 return userPrincipal;
90 }
91
92 private static Principal getAuthPrincipal(final AuthState authState) {
93 final AuthScheme scheme = authState.getAuthScheme();
94 if (scheme != null && scheme.isComplete() && scheme.isConnectionBased()) {
95 final Credentials creds = authState.getCredentials();
96 if (creds != null) {
97 return creds.getUserPrincipal();
98 }
99 }
100 return null;
101 }
102
103 }
104