1 /*
2 * ====================================================================
3 *
4 * Licensed to the Apache Software Foundation (ASF) under one or more
5 * contributor license agreements. See the NOTICE file distributed with
6 * this work for additional information regarding copyright ownership.
7 * The ASF licenses this file to You under the Apache License, Version 2.0
8 * (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ====================================================================
19 *
20 * This software consists of voluntary contributions made by many
21 * individuals on behalf of the Apache Software Foundation. For more
22 * information on the Apache Software Foundation, please see
23 * <http://www.apache.org/>.
24 *
25 */
26
27 package org.apache.http.impl.client;
28
29 import java.security.Principal;
30
31 import javax.net.ssl.SSLSession;
32
33 import org.apache.http.annotation.Immutable;
34
35 import org.apache.http.auth.AuthScheme;
36 import org.apache.http.auth.AuthState;
37 import org.apache.http.auth.Credentials;
38 import org.apache.http.client.UserTokenHandler;
39 import org.apache.http.client.protocol.ClientContext;
40 import org.apache.http.conn.HttpRoutedConnection;
41 import org.apache.http.protocol.ExecutionContext;
42 import org.apache.http.protocol.HttpContext;
43
44 /**
45 * Default implementation of {@link UserTokenHandler}. This class will use
46 * an instance of {@link Principal} as a state object for HTTP connections,
47 * if it can be obtained from the given execution context. This helps ensure
48 * persistent connections created with a particular user identity within
49 * a particular security context can be reused by the same user only.
50 * <p>
51 * DefaultUserTokenHandler will use the user principle of connection
52 * based authentication schemes such as NTLM or that of the SSL session
53 * with the client authentication turned on. If both are unavailable,
54 * <code>null</code> token will be returned.
55 *
56 * @since 4.0
57 */
58 @Immutable
59 public class DefaultUserTokenHandler implements UserTokenHandler {
60
61 public Object getUserToken(final HttpContext context) {
62
63 Principal userPrincipal = null;
64
65 AuthState targetAuthState = (AuthState) context.getAttribute(
66 ClientContext.TARGET_AUTH_STATE);
67 if (targetAuthState != null) {
68 userPrincipal = getAuthPrincipal(targetAuthState);
69 if (userPrincipal == null) {
70 AuthState proxyAuthState = (AuthState) context.getAttribute(
71 ClientContext.PROXY_AUTH_STATE);
72 userPrincipal = getAuthPrincipal(proxyAuthState);
73 }
74 }
75
76 if (userPrincipal == null) {
77 HttpRoutedConnection conn = (HttpRoutedConnection) context.getAttribute(
78 ExecutionContext.HTTP_CONNECTION);
79 if (conn.isOpen()) {
80 SSLSession sslsession = conn.getSSLSession();
81 if (sslsession != null) {
82 userPrincipal = sslsession.getLocalPrincipal();
83 }
84 }
85 }
86
87 return userPrincipal;
88 }
89
90 private static Principal getAuthPrincipal(final AuthState authState) {
91 AuthScheme scheme = authState.getAuthScheme();
92 if (scheme != null && scheme.isComplete() && scheme.isConnectionBased()) {
93 Credentials creds = authState.getCredentials();
94 if (creds != null) {
95 return creds.getUserPrincipal();
96 }
97 }
98 return null;
99 }
100
101 }