You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by tm...@apache.org on 2019/12/05 19:22:16 UTC

[sling-org-apache-sling-distribution-core] branch master updated: SLING-8869 SimpleHttpDistributionTransport does not refresh the secret for token based implementations (#28)

This is an automated email from the ASF dual-hosted git repository.

tmaret pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-distribution-core.git


The following commit(s) were added to refs/heads/master by this push:
     new 28e9cf3  SLING-8869 SimpleHttpDistributionTransport does not refresh the secret for token based implementations (#28)
28e9cf3 is described below

commit 28e9cf39900f118aba345fda8900eb73f8b171d1
Author: Mohit Arora <mo...@adobe.com>
AuthorDate: Fri Dec 6 00:52:08 2019 +0530

    SLING-8869 SimpleHttpDistributionTransport does not refresh the secret for token based implementations (#28)
    
    * Do not set the default authorization header at the time of creating the executor but delegate this responsibility to the issuer of the request such that everytime POST request is made, if the executor is token based, check for the expiry of the token and add the relevant header to the request.
    * Adding NullPointer check for DistributionTransportSecretProvider#getSecret.
---
 .../impl/SimpleHttpDistributionTransport.java      | 45 +++++++++++++---------
 1 file changed, 26 insertions(+), 19 deletions(-)

diff --git a/src/main/java/org/apache/sling/distribution/transport/impl/SimpleHttpDistributionTransport.java b/src/main/java/org/apache/sling/distribution/transport/impl/SimpleHttpDistributionTransport.java
index 3f7bd51..0e0cb92 100644
--- a/src/main/java/org/apache/sling/distribution/transport/impl/SimpleHttpDistributionTransport.java
+++ b/src/main/java/org/apache/sling/distribution/transport/impl/SimpleHttpDistributionTransport.java
@@ -20,7 +20,6 @@ package org.apache.sling.distribution.transport.impl;
 
 import java.io.InputStream;
 import java.net.URI;
-import java.util.Collections;
 import java.util.Map;
 import java.util.UUID;
 import org.apache.commons.io.IOUtils;
@@ -32,8 +31,6 @@ import org.apache.http.client.fluent.Request;
 import org.apache.http.client.fluent.Response;
 import org.apache.http.conn.HttpHostConnectException;
 import org.apache.http.entity.ContentType;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.client.HttpClients;
 import org.apache.http.message.BasicHeader;
 import org.apache.http.protocol.HTTP;
 import org.apache.sling.api.resource.ResourceResolver;
@@ -128,6 +125,11 @@ public class SimpleHttpDistributionTransport implements DistributionTransport {
                         .addHeader(HTTP.CONN_DIRECTIVE, HTTP.CONN_CLOSE)
                         .useExpectContinue();
 
+                String authorizationHeader = getAuthSecret();
+                if (null != authorizationHeader) {
+                    req.addHeader(new BasicHeader(HttpHeaders.AUTHORIZATION, authorizationHeader));
+                }
+
                 // add the message body digest, see https://tools.ietf.org/html/rfc3230#section-4.3.2
                 if (distributionPackage instanceof AbstractDistributionPackage) {
                     AbstractDistributionPackage adb = (AbstractDistributionPackage) distributionPackage;
@@ -222,27 +224,32 @@ public class SimpleHttpDistributionTransport implements DistributionTransport {
         return executor;
     }
 
-    private Executor buildAuthExecutor(String authorizationHeader) {
-        HttpClientBuilder builder = HttpClients.custom();
-        builder.setDefaultHeaders(Collections.singletonList(new BasicHeader(HttpHeaders.AUTHORIZATION, authorizationHeader)));
-        Executor executor = Executor.newInstance(builder.build());
-        log.debug("set Authorization header, endpoint={}", distributionEndpoint.getUri());
-        return executor;
+    private Executor buildAuthExecutor(Map<String, String> credentialsMap) {
+        return (null != credentialsMap && !credentialsMap.containsKey(AUTHORIZATION))
+                ? buildAuthExecutor(credentialsMap.get(USERNAME), credentialsMap.get(PASSWORD))
+                : Executor.newInstance();
     }
 
-    private Executor buildAuthExecutor(@NotNull Map<String, String> credentialsMap) {
-        return (credentialsMap.containsKey(AUTHORIZATION))
-                ? buildAuthExecutor(credentialsMap.get(AUTHORIZATION))
-                : buildAuthExecutor(credentialsMap.get(USERNAME), credentialsMap.get(PASSWORD));
+    private Executor buildExecutor() {
+        Map<String, String> credentialsMap = getCredentialsMap();
+        return buildAuthExecutor(credentialsMap);
     }
 
-    private Executor buildExecutor() {
+    private String getAuthSecret() {
+        Map<String, String> credentialsMap = getCredentialsMap();
+        if (null != credentialsMap && credentialsMap.containsKey(AUTHORIZATION)) {
+            return credentialsMap.get(AUTHORIZATION);
+        }
+        return null;
+    }
+    
+    private Map<String, String> getCredentialsMap() {
         DistributionTransportSecret secret = secretProvider.getSecret(distributionEndpoint.getUri());
-        Map<String, String> credentialsMap = secret.asCredentialsMap();
-        return (credentialsMap != null)
-                ? buildAuthExecutor(credentialsMap)
-                : Executor.newInstance();
+        Map<String, String> credentialsMap = null;
+        if (null != secret) {
+            credentialsMap = secret.asCredentialsMap();
+        }
+        return credentialsMap;
     }
 
-
 }