From 49bccdce3e434e2e05d0f36ab5e4f2163184825b Mon Sep 17 00:00:00 2001 From: Jim Hahn Date: Sat, 21 Apr 2018 01:07:34 -0400 Subject: Send credentials to AAI Per this link: http://www.baeldung.com/httpclient-4-basic-authentication apache HttpClient does not send the credentials by default, but instead waits for the server to issue a challenge before sending them. Modified RESTManager to construct and send the Authorization header always instead of waiting for the challenge. Remove unused imports. Also add Authorization header for POST request. Change error message to match original error message when username is null. Preempt sonar issue. Allow null user name, which indicates that the Authorization header should not be sent. Note: this only impacts the RESTManager class; invoking classes (e.g., AaiManager) still enforce that the user name exists in the properties. Fix license dates in modified test code. Change-Id: I3cb26e76562db746939631437775727809553390 Issue-ID: POLICY-754 Signed-off-by: Jim Hahn --- .../java/org/onap/policy/rest/RESTManager.java | 40 +++++++++++++--------- 1 file changed, 24 insertions(+), 16 deletions(-) (limited to 'controlloop/common/model-impl/rest/src/main') diff --git a/controlloop/common/model-impl/rest/src/main/java/org/onap/policy/rest/RESTManager.java b/controlloop/common/model-impl/rest/src/main/java/org/onap/policy/rest/RESTManager.java index dae31c39a..6b8b6f09a 100644 --- a/controlloop/common/model-impl/rest/src/main/java/org/onap/policy/rest/RESTManager.java +++ b/controlloop/common/model-impl/rest/src/main/java/org/onap/policy/rest/RESTManager.java @@ -1,8 +1,8 @@ -/*- +/* * ============LICENSE_START======================================================= * rest * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,18 +21,16 @@ package org.onap.policy.rest; import java.io.IOException; +import java.nio.charset.Charset; import java.util.Map; import java.util.Map.Entry; - +import javax.xml.bind.DatatypeConverter; +import org.apache.http.HttpHeaders; import org.apache.http.HttpResponse; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.CredentialsProvider; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.util.EntityUtils; @@ -55,9 +53,8 @@ public class RESTManager { public Pair post(String url, String username, String password, Map headers, String contentType, String body) { - CredentialsProvider credentials = new BasicCredentialsProvider(); - credentials.setCredentials(AuthScope.ANY, - new UsernamePasswordCredentials(username, password)); + + String authHeader = makeAuthHeader(username, password); logger.debug("HTTP REQUEST: {} -> {} {} -> {}", url, username, ((password != null) ? password.length() : "-"), contentType); @@ -71,7 +68,6 @@ public class RESTManager { HttpClientBuilder .create() .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) - .setDefaultCredentialsProvider(credentials) .build()) { HttpPost post = new HttpPost(url); @@ -80,7 +76,10 @@ public class RESTManager { post.addHeader(entry.getKey(), headers.get(entry.getKey())); } } - post.addHeader("Content-Type", contentType); + post.addHeader("Content-Type", contentType); + if(authHeader != null) { + post.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + } StringEntity input = new StringEntity(body); input.setContentType(contentType); @@ -111,15 +110,12 @@ public class RESTManager { public Pair get(String url, String username, String password, Map headers) { - CredentialsProvider credentials = new BasicCredentialsProvider(); - credentials.setCredentials(AuthScope.ANY, - new UsernamePasswordCredentials(username, password)); + String authHeader = makeAuthHeader(username, password); try (CloseableHttpClient client = HttpClientBuilder .create() .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) - .setDefaultCredentialsProvider(credentials) .build()) { HttpGet get = new HttpGet(url); @@ -127,6 +123,9 @@ public class RESTManager { for (Entry entry : headers.entrySet()) { get.addHeader(entry.getKey(), headers.get(entry.getKey())); } + } + if(authHeader != null) { + get.setHeader(HttpHeaders.AUTHORIZATION, authHeader); } HttpResponse response = client.execute(get); @@ -145,4 +144,13 @@ public class RESTManager { return null; } } + + private String makeAuthHeader(String username, String password) { + if (username == null) { + return null; + } + + String auth = username + ":" + (password == null ? "" : password); + return "Basic " + DatatypeConverter.printBase64Binary(auth.getBytes(Charset.forName("ISO-8859-1"))); + } } -- cgit 1.2.3-korg