View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  package org.apache.hc.core5.http.nio.support;
28  
29  import java.io.IOException;
30  import java.nio.ByteBuffer;
31  import java.util.List;
32  
33  import org.apache.hc.core5.annotation.Contract;
34  import org.apache.hc.core5.annotation.ThreadingBehavior;
35  import org.apache.hc.core5.http.EntityDetails;
36  import org.apache.hc.core5.http.Header;
37  import org.apache.hc.core5.http.HttpException;
38  import org.apache.hc.core5.http.HttpHeaders;
39  import org.apache.hc.core5.http.HttpRequest;
40  import org.apache.hc.core5.http.HttpResponse;
41  import org.apache.hc.core5.http.HttpStatus;
42  import org.apache.hc.core5.http.message.BasicClassicHttpResponse;
43  import org.apache.hc.core5.http.message.BasicHttpResponse;
44  import org.apache.hc.core5.http.nio.AsyncDataConsumer;
45  import org.apache.hc.core5.http.nio.AsyncEntityProducer;
46  import org.apache.hc.core5.http.nio.AsyncFilterChain;
47  import org.apache.hc.core5.http.nio.AsyncFilterHandler;
48  import org.apache.hc.core5.http.nio.CapacityChannel;
49  import org.apache.hc.core5.http.nio.entity.BasicAsyncEntityProducer;
50  import org.apache.hc.core5.http.protocol.HttpContext;
51  import org.apache.hc.core5.net.URIAuthority;
52  
53  /**
54   * @since 5.0
55   */
56  @Contract(threading = ThreadingBehavior.STATELESS)
57  public abstract class AbstractAsyncServerAuthFilter<T> implements AsyncFilterHandler {
58  
59      private final boolean respondImmediately;
60  
61      protected AbstractAsyncServerAuthFilter(final boolean respondImmediately) {
62          this.respondImmediately = respondImmediately;
63      }
64  
65      protected abstract T parseChallengeResponse(String authorizationValue, HttpContext context) throws HttpException;
66  
67      protected abstract boolean authenticate(T challengeResponse, URIAuthority authority, String requestUri, HttpContext context);
68  
69      protected abstract String generateChallenge(T challengeResponse, URIAuthority authority, String requestUri, HttpContext context);
70  
71      protected AsyncEntityProducer generateResponseContent(final HttpResponse unauthorized) {
72          return new BasicAsyncEntityProducer("Unauthorized");
73      }
74  
75      @Override
76      public AsyncDataConsumer handle(
77              final HttpRequest request,
78              final EntityDetails entityDetails,
79              final HttpContext context,
80              final AsyncFilterChain.ResponseTrigger responseTrigger,
81              final AsyncFilterChain chain) throws HttpException, IOException {
82          final Header h = request.getFirstHeader(HttpHeaders.AUTHORIZATION);
83          final T challengeResponse = h != null ? parseChallengeResponse(h.getValue(), context) : null;
84  
85          final URIAuthority authority = request.getAuthority();
86          final String requestUri = request.getRequestUri();
87  
88          final boolean authenticated = authenticate(challengeResponse, authority, requestUri, context);
89          final Header expect = request.getFirstHeader(HttpHeaders.EXPECT);
90          final boolean expectContinue = expect != null && "100-continue".equalsIgnoreCase(expect.getValue());
91  
92          if (authenticated) {
93              if (expectContinue) {
94                  responseTrigger.sendInformation(new BasicClassicHttpResponse(HttpStatus.SC_CONTINUE));
95              }
96              return chain.proceed(request, entityDetails, context, responseTrigger);
97          } else {
98              final HttpResponse unauthorized = new BasicHttpResponse(HttpStatus.SC_UNAUTHORIZED);
99              unauthorized.addHeader(HttpHeaders.WWW_AUTHENTICATE, generateChallenge(challengeResponse, authority, requestUri, context));
100             final AsyncEntityProducer responseContentProducer = generateResponseContent(unauthorized);
101             if (respondImmediately || expectContinue || entityDetails == null) {
102                 responseTrigger.submitResponse(unauthorized, responseContentProducer);
103                 return null;
104             } else {
105                 return new AsyncDataConsumer() {
106 
107                     @Override
108                     public void updateCapacity(final CapacityChannel capacityChannel) throws IOException {
109                         capacityChannel.update(Integer.MAX_VALUE);
110                     }
111 
112                     @Override
113                     public int consume(final ByteBuffer src) throws IOException {
114                         return Integer.MAX_VALUE;
115                     }
116 
117                     @Override
118                     public void streamEnd(final List<? extends Header> trailers) throws HttpException, IOException {
119                         responseTrigger.submitResponse(unauthorized, responseContentProducer);
120                     }
121 
122                     @Override
123                     public void releaseResources() {
124                         if (responseContentProducer != null) {
125                             responseContentProducer.releaseResources();
126                         }
127                     }
128 
129                 };
130             }
131         }
132     }
133 
134 }