Preemptive Basic auth with Apache HttpClient 5.2

2023-07-13 Thread D'Ascola, Giovanni 
 Is there a way to implement preemptive basic authentication with Apache 
HttpClient 5.2 using a HttpRequestInterceptor similar to how it's done here 
(accepted 
response)
 for Apache HttpClient 4?



We use Apache HttpClient both directly and as the RestTemplate underlying Http 
client. Preemptive auth used to work with HttpClient 4 using 
HttpRequestInterceptor (see the accepted response for the question I linked 
above), but we can't reuse the same code as the AuthScheme class is now gone.



I tried a few of things but neither worked (see below). Every first request 
gets a 401 from the server, the client retries with basic auth and gets a 
successful response. This is not the behaviour I want though; the first request 
should add the Authorisation header with Basic auth as it used to.
@Component
public class HttpClientPreemptiveAuthInterceptor implements 
HttpRequestInterceptor {

@Override
public void process(HttpRequest httpRequest, EntityDetails entityDetails, 
HttpContext httpContext) throws IOException, HttpException {

// Apparently, we have two options:
// - Set HttpContext AuthCache with Basic auth for the target.
// - Copy 
org.apache.hc.client5.http.ContextBuilder#preemptiveBasicAuth()
// The above method is available for HttpClientContext creation. Not 
sure why it doesn't set AuthCache though,
// but instead adds an entry to the AuthExchange map of the given http 
context.

HttpClientContext httpClientContext = (HttpClientContext) httpContext;

// get the target host from the http context
RouteInfo routeInfo = httpClientContext.getHttpRoute();
if (routeInfo != null) {
HttpHost targetHost = routeInfo.getTargetHost();
AuthExchange authExchange = 
httpClientContext.getAuthExchange(targetHost);

if (authExchange.getAuthScheme() == null) {
CredentialsProvider credentialsProvider = 
httpClientContext.getCredentialsProvider();
Credentials credentials = 
credentialsProvider.getCredentials(new AuthScope(targetHost.getHostName(), 
targetHost.getPort()), httpClientContext);
if (credentials == null) {
throw new HttpException("No credentials provided for 
preemptive authentication");
}
BasicScheme authScheme = new BasicScheme();
authScheme.initPreemptive(credentials);
//authExchange.select(authScheme);
//httpClientContext.setAuthExchange(targetHost, authExchange);
DefaultSchemePortResolver schemePortResolver = 
DefaultSchemePortResolver.INSTANCE;

httpClientContext.resetAuthExchange(RoutingSupport.normalize(targetHost, 
schemePortResolver), authScheme);
}

}


/** Second approach
// get the target host from the http context
RouteInfo routeInfo = httpClientContext.getHttpRoute();
if (routeInfo != null) {
HttpHost targetHost = routeInfo.getTargetHost();
// add Basic Auth for the target host (credentials for this host 
will be selected from the CredentialsProvider)
httpClientContext.resetAuthExchange(targetHost, new BasicScheme());
}
 **/

// Third approach
// Create AuthCache instance
// final AuthCache authCache = new BasicAuthCache();
// Generate BASIC scheme object and add it to the local auth cache
// authCache.put(targetHost, new BasicScheme());
// httpClientContext.setAuthCache(new BasicAuthCache());
}

Cheers
Giovanni D’Ascola
The information contained in this message is proprietary and/or confidential. 
If you are not the intended recipient, please: (i) delete the message and all 
copies; (ii) do not disclose, distribute or use the message in any manner; and 
(iii) notify the sender immediately. In addition, please be aware that any 
message addressed to our domain is subject to archiving and review by persons 
other than the intended recipient. FIS is a trading name of the following 
companies: Alphakinetic Limited (No: 06897969) | FIS Derivatives Utility 
Services (UK) Limited (No: 9398140) | FIS Energy Solutions Limited (No: 
1889028) | FIS Global Execution Services Limited (No. 3127109) | FIS Capital 
Markets UK Limited (No: 982833) | FIS Treasury Centre Limited (No. 13543636) | 
Metavante Technologies Limited (No: 2659326) | Virtus Partners Limited (No: 
06602363) | Worldpay (UK) Limited (No: 07316500 / FCA No: 530923) | Worldpay 
Limited (No: 03424752 / FCA No: 504504) | Worldpay AP Limited (No: 05593466 / 
FCA No: 502597) all registered in England & Wales with their registered office: 
C/O F I S Corporate Governance, The Walbrook Building, 25 Walbrook, London, 
EC4N 8AF. The WorldPay entities are authorised by the Financial Conduct 
Authority und

Re: Preemptive Basic auth with Apache HttpClient 5.2

2023-07-13 Thread Oleg Kalnichevski 
On Thu, 2023-07-13 at 15:27 +, D'Ascola, Giovanni wrote:
>  Is there a way to implement preemptive basic authentication with
> Apache HttpClient 5.2 using a HttpRequestInterceptor similar to how
> it's done here (accepted
> response) c-authentication-with-apache-httpclient-4> for Apache HttpClient 4?
> 
> 
> 
> We use Apache HttpClient both directly and as the RestTemplate
> underlying Http client. Preemptive auth used to work with HttpClient
> 4 using HttpRequestInterceptor (see the accepted response for the
> question I linked above), but we can't reuse the same code as the
> AuthScheme class is now gone.
> 
> 
> 
> I tried a few of things but neither worked (see below).

Have you looked at:

https://hc.apache.org/httpcomponents-client-5.2.x/examples.html
https://github.com/apache/httpcomponents-client/blob/master/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientPreemptiveBasicAuthentication.java

?

Oleg


-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: Preemptive Basic auth with Apache HttpClient 5.2

2023-07-13 Thread D'Ascola, Giovanni 
I did look at the examples, but the Preemptive Basic Auth 
one
 requires to manually create and configure a context and pass it to the 
HttpClient.execute() method every time. Apart from that not being very 
convenient, it wouldn’t work with RestTemplate, as it uses HttpClient as its 
underlying client and you don’t call the HttpClient.execute() directly.

Giovanni

From: Oleg Kalnichevski 
Date: Thursday, 13 July 2023 at 17:03
To: HttpClient User Discussion 
Subject: Re: Preemptive Basic auth with Apache HttpClient 5.2
On Thu, 2023-07-13 at 15:27 +, D'Ascola, Giovanni wrote:
>  Is there a way to implement preemptive basic authentication with
> Apache HttpClient 5.2 using a HttpRequestInterceptor similar to how
> it's done here (accepted
> response) c-authentication-with-apache-httpclient-4> for Apache HttpClient 4?
>
>
>
> We use Apache HttpClient both directly and as the RestTemplate
> underlying Http client. Preemptive auth used to work with HttpClient
> 4 using HttpRequestInterceptor (see the accepted response for the
> question I linked above), but we can't reuse the same code as the
> AuthScheme class is now gone.
>
>
>
> I tried a few of things but neither worked (see below).

Have you looked at:

https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhc.apache.org%2Fhttpcomponents-client-5.2.x%2Fexamples.html&data=05%7C01%7Cgiovanni.d%27ascola%40fisglobal.com%7Cdacd543154b24a5b9f1b08db83baaa96%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C638248609963849079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ig%2BnOrP03Ssz8EzQmkrlNJ1NadZeermgC47MAOvNHUM%3D&reserved=0
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fhttpcomponents-client%2Fblob%2Fmaster%2Fhttpclient5%2Fsrc%2Ftest%2Fjava%2Forg%2Fapache%2Fhc%2Fclient5%2Fhttp%2Fexamples%2FClientPreemptiveBasicAuthentication.java&data=05%7C01%7Cgiovanni.d%27ascola%40fisglobal.com%7Cdacd543154b24a5b9f1b08db83baaa96%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C638248609963849079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=BldG8xlzS8AwYT5fvtCdZVodHBEnVU7f3kHGEEsowQU%3D&reserved=0

?

Oleg


-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org
The information contained in this message is proprietary and/or confidential. 
If you are not the intended recipient, please: (i) delete the message and all 
copies; (ii) do not disclose, distribute or use the message in any manner; and 
(iii) notify the sender immediately. In addition, please be aware that any 
message addressed to our domain is subject to archiving and review by persons 
other than the intended recipient. FIS is a trading name of the following 
companies: Alphakinetic Limited (No: 06897969) | FIS Derivatives Utility 
Services (UK) Limited (No: 9398140) | FIS Energy Solutions Limited (No: 
1889028) | FIS Global Execution Services Limited (No. 3127109) | FIS Capital 
Markets UK Limited (No: 982833) | FIS Treasury Centre Limited (No. 13543636) | 
Metavante Technologies Limited (No: 2659326) | Virtus Partners Limited (No: 
06602363) | Worldpay (UK) Limited (No: 07316500 / FCA No: 530923) | Worldpay 
Limited (No: 03424752 / FCA No: 504504) | Worldpay AP Limited (No: 05593466 / 
FCA No: 502597) all registered in England & Wales with their registered office: 
C/O F I S Corporate Governance, The Walbrook Building, 25 Walbrook, London, 
EC4N 8AF. The WorldPay entities are authorised by the Financial Conduct 
Authority under the Payment Service Regulations 2017 for the provision of 
payment services. | Worldpay (UK) Limited is authorised and regulated by the 
Financial Conduct Authority for consumer credit activities | FIS Global 
Execution Services Limited is authorised and regulated by the Financial Conduct 
Authority | FIS Banking Solutions UK Limited (No: 3517639) and FIS Payments 
(UK) Limited (No: 4215488) are registered in England & Wales with t

Re: Preemptive Basic auth with Apache HttpClient 5.2

2023-07-13 Thread Oleg Kalnichevski 
On Thu, 2023-07-13 at 17:02 +, D'Ascola, Giovanni wrote:
> I did look at the examples, but the Preemptive Basic Auth
> one lient5/src/test/java/org/apache/hc/client5/http/examples/ClientPreemp
> tiveBasicAuthentication.java> requires to manually create and
> configure a context and pass it to the HttpClient.execute() method
> every time. Apart from that not being very convenient, it wouldn’t
> work with RestTemplate, as it uses HttpClient as its underlying
> client and you don’t call the HttpClient.execute() directly.
> 

And why? What stops you from manipulating the execution context from an
interceptor?

Oleg 


> Giovanni
> 
> From: Oleg Kalnichevski 
> Date: Thursday, 13 July 2023 at 17:03
> To: HttpClient User Discussion 
> Subject: Re: Preemptive Basic auth with Apache HttpClient 5.2
> On Thu, 2023-07-13 at 15:27 +, D'Ascola, Giovanni wrote:
> >  Is there a way to implement preemptive basic authentication with
> > Apache HttpClient 5.2 using a HttpRequestInterceptor similar to how
> > it's done here (accepted
> > response)<
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fs
> > tackoverflow.com%2Fquestions%2F2014700%2Fpreemptive-
> > basi&data=05%7C01%7Cgiovanni.d%27ascola%40fisglobal.com%7Cdacd54315
> > 4b24a5b9f1b08db83baaa96%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%
> > 7C638248609963849079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
> > JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=
> > Ae7mu%2F%2BJju8PJ4nS8XEe3UDQ2wtgRlNykW2PIEmgZyA%3D&reserved=0
> > c-authentication-with-apache-httpclient-4> for Apache HttpClient 4?
> > 
> > 
> > 
> > We use Apache HttpClient both directly and as the RestTemplate
> > underlying Http client. Preemptive auth used to work with
> > HttpClient
> > 4 using HttpRequestInterceptor (see the accepted response for the
> > question I linked above), but we can't reuse the same code as the
> > AuthScheme class is now gone.
> > 
> > 
> > 
> > I tried a few of things but neither worked (see below).
> 
> Have you looked at:
> 
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhc.apache.org%2Fhttpcomponents-client-5.2.x%2Fexamples.html&data=05%7C01%7Cgiovanni.d%27ascola%40fisglobal.com%7Cdacd543154b24a5b9f1b08db83baaa96%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C638248609963849079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ig%2BnOrP03Ssz8EzQmkrlNJ1NadZeermgC47MAOvNHUM%3D&reserved=0
> 
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fhttpcomponents-client%2Fblob%2Fmaster%2Fhttpclient5%2Fsrc%2Ftest%2Fjava%2Forg%2Fapache%2Fhc%2Fclient5%2Fhttp%2Fexamples%2FClientPreemptiveBasicAuthentication.java&data=05%7C01%7Cgiovanni.d%27ascola%40fisglobal.com%7Cdacd543154b24a5b9f1b08db83baaa96%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C638248609963849079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=BldG8xlzS8AwYT5fvtCdZVodHBEnVU7f3kHGEEsowQU%3D&reserved=0
> <
> https://github.com/apache/httpcomponents-client/blob/master/httpclient5/src/test/java/org/apache/hc/client5/http/examples/ClientPreemptiveBasicAuthentication.java
> >
> 
> ?
> 
> Oleg
> 
> 
> -
> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
> The information contained in this message is proprietary and/or
> confidential. If you are not the intended recipient, please: (i)
> delete the message and all copies; (ii) do not disclose, distribute
> or use the message in any manner; and (iii) notify the sender
> immediately. In addition, please be aware that any message addressed
> to our domain is subject to archiving and review by persons other
> than the intended recipient. FIS is a trading name of the following
> companies: Alphakinetic Limited (No: 06897969) | FIS Derivatives
> Utility Services (UK) Limited (No: 9398140) | FIS Energy Solutions
> Limited (No: 1889028) | FIS Global Execution Services Limited (No.
> 3127109) | FIS Capital Markets UK Limited (No: 982833) | FIS Treasury
> Centre Limited (No. 13543636) | Metavante Technologies Limited (No:
> 2659326) | Virtus Partners Limited (No: 06602363) | Worldpay (UK)
> Limited (No: 07316500 / FCA No: 530923) | Worldpay Limited (No:
> 03424752 / FCA No: 504504) | Worldpay AP Limited (No: 05593466 / FCA
> No: 502597) all registered in England & Wales with their registered
> office: C/O F I S Corporate Governance, The Walbrook Building, 25
> Walbrook, London, EC4N 8AF. The WorldPay entities are authorised by
> the Financial Conduct Authority under the Payment Service Regulations
> 2017 for the provision of payment services. | Worldpay (UK) Limited
> is au

Re: Preemptive Basic auth with Apache HttpClient 5.2

2023-07-13 Thread D'Ascola, Giovanni 
I did, but what I tried didn’t work. I’ve put the code in my original email.
I ended up manually adding the Authorization header to the request in the same 
interceptor.
It works, but it’s not very nice, I’d rather let the framework take care of 
that.

From: Oleg Kalnichevski 
Date: Thursday, 13 July 2023 at 18:29
To: HttpClient User Discussion 
Subject: Re: Preemptive Basic auth with Apache HttpClient 5.2
On Thu, 2023-07-13 at 17:02 +, D'Ascola, Giovanni wrote:
> I did look at the examples, but the Preemptive Basic Auth
> one lient5/src/test/java/org/apache/hc/client5/http/examples/ClientPreemp
> tiveBasicAuthentication.java> requires to manually create and
> configure a context and pass it to the HttpClient.execute() method
> every time. Apart from that not being very convenient, it wouldn’t
> work with RestTemplate, as it uses HttpClient as its underlying
> client and you don’t call the HttpClient.execute() directly.
>

And why? What stops you from manipulating the execution context from an
interceptor?

Oleg


> Giovanni
>
> From: Oleg Kalnichevski 
> Date: Thursday, 13 July 2023 at 17:03
> To: HttpClient User Discussion 
> Subject: Re: Preemptive Basic auth with Apache HttpClient 5.2
> On Thu, 2023-07-13 at 15:27 +, D'Ascola, Giovanni wrote:
> >  Is there a way to implement preemptive basic authentication with
> > Apache HttpClient 5.2 using a HttpRequestInterceptor similar to how
> > it's done here (accepted
> > response)<
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fs%2F&data=05%7C01%7Cgiovanni.d%27ascola%40fisglobal.com%7Ce0e97ea71a0045101ffe08db83c6b19d%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C638248661625316847%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=f2QYwKTW3%2FuwY39eO13blIDgH7mJdfr3BxINTLhOgsc%3D&reserved=0
> > tackoverflow.com%2Fquestions%2F2014700%2Fpreemptive-
> > basi&data=05%7C01%7Cgiovanni.d%27ascola%40fisglobal.com%7Cdacd54315
> > 4b24a5b9f1b08db83baaa96%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%
> > 7C638248609963849079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
> > JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=
> > Ae7mu%2F%2BJju8PJ4nS8XEe3UDQ2wtgRlNykW2PIEmgZyA%3D&reserved=0
> > c-authentication-with-apache-httpclient-4> for Apache HttpClient 4?
> >
> >
> >
> > We use Apache HttpClient both directly and as the RestTemplate
> > underlying Http client. Preemptive auth used to work with
> > HttpClient
> > 4 using HttpRequestInterceptor (see the accepted response for the
> > question I linked above), but we can't reuse the same code as the
> > AuthScheme class is now gone.
> >
> >
> >
> > I tried a few of things but neither worked (see below).
>
> Have you looked at:
>
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhc.apache.org%2Fhttpcomponents-client-5.2.x%2Fexamples.html&data=05%7C01%7Cgiovanni.d%27ascola%40fisglobal.com%7Ce0e97ea71a0045101ffe08db83c6b19d%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C638248661625316847%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jWhF1bFkFBJn7gk1aDQp3vwglM5wM9xhVGXtIaaja%2F8%3D&reserved=0
> >
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fhttpcomponents-client%2Fblob%2Fmaster%2Fhttpclient5%2Fsrc%2Ftest%2Fjava%2Forg%2Fapache%2Fhc%2Fclient5%2Fhttp%2Fexamples%2FClientPreemptiveBasicAuthentication.java&data=05%7C01%7Cgiovanni.d%27ascola%40fisglobal.com%7Ce0e97ea71a0045101ffe08db83c6b19d%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C638248661625316847%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=P1c55P%2F%2FC99E82a7ohuwLXFlO8hvh2DMutlfBThg%2BAY%3D&reserved=0