You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Thom Nichols <tm...@gmail.com> on 2010/09/09 19:26:58 UTC
Re: AuthScheme impl for OAuth
So I'm trying to implement an AuthScheme for OAuth (actually I'm trying to
augment SignPost to work with HttpClient's AuthScheme, but anyway...)
The problem I'm running up against is when AuthScheme.authenticate(
Credentials, HttpRequest ) is called. The problem is, in order for the
request to be signed in OAuth, I need to know the entire request URI. The
HttpRequest that's passed into authenticate() only has the path portion of
the URI.
Code snippet from OAuthScheme.java:
public Header authenticate( Credentials credentials, HttpRequest request
) throws AuthenticationException {
System.out.println( "AuthScheme request: " + request.getURI() );
// ... sign the request
}
So, calling getURI on my original request shows:
http://twitter.com/statuses/update.xml
(get 401 response, authScheme handler kicks in...)
from the authenicate method, I get printed:
AuthScheme request: /statuses/update.xml
I'm guessing this is because the request I'm getting is the 'new' request
created after the initial 401 response is returned. I know the HttpContext
holds state information between multiple requests (like redirects and 401s)
but I don't have access to that from my AuthScheme instance. So how can my
AuthScheme get the URI from the original request?
Thanks!
-Tom
Re: AuthScheme impl for OAuth
Posted by Thom Nichols <tm...@gmail.com>.
My apologies -- I actually didn't catch that HTTP_TARGET_HOST returns a
HttpHost object with a scheme property. I thought TARGET_HOST just returned
a String. Thank you for pointing that out. For the record, Signpost works
great in a request interceptor!
Thanks again Oleg.
On Mon, Sep 13, 2010 at 11:15 AM, Oleg Kalnichevski <ol...@apache.org>wrote:
> On Mon, 2010-09-13 at 09:03 -0400, Thom Nichols wrote:
> > A follow-up question --
> >
> > I'm not sure how to reconstruct the full request URI given the
> > HttpURIRequest and HttpContext. It appears the URI from the request
> itself
> > always contains the path portion of the original request URI. I can get
> the
> > host & port from the ExecutionContext.HTTP_TARGET_HOST attribute in the
> > HttpContext. But how do I determine the URI scheme?
> >
>
> HttpHost#getSchemeName() should give you the URI scheme of the original
> request.
>
>
> > I'm trying to integrate Signpost OAuth via an HttpRequestInterceptor in
> lieu
> > of the same information in an AuthScheme callback. But given that both
> the
> > HttpRequest I'm given and the one that's contained in the HttpContext
> > ExecutionContext.HTTP_REQUEST attribute both appear to contain the
> mutable
> > HttpRequest copy rather than the original immutable one, I'm not sure how
> to
> > get or reliably reconstruct the original request URI.
> >
>
> The ExecutionContext#HTTP_TARGET_HOST and ExecutionContext#HTTP_REQUEST
> attributes set in the context should be sufficient to construct the
> absolute request URI.
>
> Hope this helps.
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>
Re: AuthScheme impl for OAuth
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2010-09-13 at 09:03 -0400, Thom Nichols wrote:
> A follow-up question --
>
> I'm not sure how to reconstruct the full request URI given the
> HttpURIRequest and HttpContext. It appears the URI from the request itself
> always contains the path portion of the original request URI. I can get the
> host & port from the ExecutionContext.HTTP_TARGET_HOST attribute in the
> HttpContext. But how do I determine the URI scheme?
>
HttpHost#getSchemeName() should give you the URI scheme of the original
request.
> I'm trying to integrate Signpost OAuth via an HttpRequestInterceptor in lieu
> of the same information in an AuthScheme callback. But given that both the
> HttpRequest I'm given and the one that's contained in the HttpContext
> ExecutionContext.HTTP_REQUEST attribute both appear to contain the mutable
> HttpRequest copy rather than the original immutable one, I'm not sure how to
> get or reliably reconstruct the original request URI.
>
The ExecutionContext#HTTP_TARGET_HOST and ExecutionContext#HTTP_REQUEST
attributes set in the context should be sufficient to construct the
absolute request URI.
Hope this helps.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: AuthScheme impl for OAuth
Posted by Thom Nichols <tm...@gmail.com>.
A follow-up question --
I'm not sure how to reconstruct the full request URI given the
HttpURIRequest and HttpContext. It appears the URI from the request itself
always contains the path portion of the original request URI. I can get the
host & port from the ExecutionContext.HTTP_TARGET_HOST attribute in the
HttpContext. But how do I determine the URI scheme?
I'm trying to integrate Signpost OAuth via an HttpRequestInterceptor in lieu
of the same information in an AuthScheme callback. But given that both the
HttpRequest I'm given and the one that's contained in the HttpContext
ExecutionContext.HTTP_REQUEST attribute both appear to contain the mutable
HttpRequest copy rather than the original immutable one, I'm not sure how to
get or reliably reconstruct the original request URI.
Thanks.
-Tom
On Thu, Sep 9, 2010 at 5:25 PM, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Thu, 2010-09-09 at 17:20 -0400, Thom Nichols wrote:
> > I understand how the HTTP request is represented on the wire, but
> > HttpRequest.getURI() will still hold the full URI (except I'm guessing in
> > the situation of redirects and auths where > 1 request is made.) The
> > original request.getURI() returned the full URI:
> > http://twitter.com/statuses/update.xml
> >
> > Looking at the headers, I can get the Host, but not scheme:
> > Accept : application/xml, text/xml, application/xhtml+xml
> > Content-Length : 91
> > Content-Type : application/x-www-form-urlencoded; charset=MacRoman
> > *Host : twitter.com:80*
> > Connection : Keep-Alive
> > Cookie :....
> > Cookie2 : ....
> >
> > So I can _mostly_ reconstruct the request URI. But I don't think I can
> > reliably get the scheme.
> >
> >
>
>
> Tom,
>
> The fact that HttpContext is not passed to the AuthScheme is one of the
> biggest API blunders in 4.0. If you can upgrade to 4.1-alpha, make your
> custom auth scheme implement ContextAwareAuthScheme instead
>
>
> http://hc.apache.org/httpcomponents-client/httpclient/apidocs/org/apache/http/auth/ContextAwareAuthScheme.html
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>
Re: AuthScheme impl for OAuth
Posted by Thom Nichols <tm...@gmail.com>.
Ah! That answers that :)
I'll probably create a branch for 4.1 integration and OAuth support but I
probably won't want to depend on it until it at least reaches beta stage.
But thank you for the response. I'll look forward to it :)
-Tom
On Thu, Sep 9, 2010 at 5:25 PM, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Thu, 2010-09-09 at 17:20 -0400, Thom Nichols wrote:
> > I understand how the HTTP request is represented on the wire, but
> > HttpRequest.getURI() will still hold the full URI (except I'm guessing in
> > the situation of redirects and auths where > 1 request is made.) The
> > original request.getURI() returned the full URI:
> > http://twitter.com/statuses/update.xml
> >
> > Looking at the headers, I can get the Host, but not scheme:
> > Accept : application/xml, text/xml, application/xhtml+xml
> > Content-Length : 91
> > Content-Type : application/x-www-form-urlencoded; charset=MacRoman
> > *Host : twitter.com:80*
> > Connection : Keep-Alive
> > Cookie :....
> > Cookie2 : ....
> >
> > So I can _mostly_ reconstruct the request URI. But I don't think I can
> > reliably get the scheme.
> >
> >
>
>
> Tom,
>
> The fact that HttpContext is not passed to the AuthScheme is one of the
> biggest API blunders in 4.0. If you can upgrade to 4.1-alpha, make your
> custom auth scheme implement ContextAwareAuthScheme instead
>
>
> http://hc.apache.org/httpcomponents-client/httpclient/apidocs/org/apache/http/auth/ContextAwareAuthScheme.html
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>
Re: AuthScheme impl for OAuth
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, 2010-09-09 at 17:20 -0400, Thom Nichols wrote:
> I understand how the HTTP request is represented on the wire, but
> HttpRequest.getURI() will still hold the full URI (except I'm guessing in
> the situation of redirects and auths where > 1 request is made.) The
> original request.getURI() returned the full URI:
> http://twitter.com/statuses/update.xml
>
> Looking at the headers, I can get the Host, but not scheme:
> Accept : application/xml, text/xml, application/xhtml+xml
> Content-Length : 91
> Content-Type : application/x-www-form-urlencoded; charset=MacRoman
> *Host : twitter.com:80*
> Connection : Keep-Alive
> Cookie :....
> Cookie2 : ....
>
> So I can _mostly_ reconstruct the request URI. But I don't think I can
> reliably get the scheme.
>
>
Tom,
The fact that HttpContext is not passed to the AuthScheme is one of the
biggest API blunders in 4.0. If you can upgrade to 4.1-alpha, make your
custom auth scheme implement ContextAwareAuthScheme instead
http://hc.apache.org/httpcomponents-client/httpclient/apidocs/org/apache/http/auth/ContextAwareAuthScheme.html
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: AuthScheme impl for OAuth
Posted by Thom Nichols <tm...@gmail.com>.
I understand how the HTTP request is represented on the wire, but
HttpRequest.getURI() will still hold the full URI (except I'm guessing in
the situation of redirects and auths where > 1 request is made.) The
original request.getURI() returned the full URI:
http://twitter.com/statuses/update.xml
Looking at the headers, I can get the Host, but not scheme:
Accept : application/xml, text/xml, application/xhtml+xml
Content-Length : 91
Content-Type : application/x-www-form-urlencoded; charset=MacRoman
*Host : twitter.com:80*
Connection : Keep-Alive
Cookie :....
Cookie2 : ....
So I can _mostly_ reconstruct the request URI. But I don't think I can
reliably get the scheme.
On Thu, Sep 9, 2010 at 3:10 PM, Asankha C. Perera <as...@apache.org>wrote:
> Hi Tom
>
> So I'm trying to implement an AuthScheme for OAuth (actually I'm trying to
>> augment SignPost to work with HttpClient's AuthScheme, but anyway...)
>>
>> The problem I'm running up against is when AuthScheme.authenticate(
>> Credentials, HttpRequest ) is called. The problem is, in order for the
>> request to be signed in OAuth, I need to know the entire request URI. The
>> HttpRequest that's passed into authenticate() only has the path portion of
>> the URI.
>>
>> Code snippet from OAuthScheme.java:
>> public Header authenticate( Credentials credentials, HttpRequest
>> request
>> ) throws AuthenticationException {
>> System.out.println( "AuthScheme request: " + request.getURI() );
>> // ... sign the request
>> }
>>
>> So, calling getURI on my original request shows:
>> http://twitter.com/statuses/update.xml
>> (get 401 response, authScheme handler kicks in...)
>> from the authenicate method, I get printed:
>> AuthScheme request: /statuses/update.xml
>>
>> I'm guessing this is because the request I'm getting is the 'new' request
>> created after the initial 401 response is returned. I know the
>> HttpContext
>> holds state information between multiple requests (like redirects and
>> 401s)
>> but I don't have access to that from my AuthScheme instance. So how can
>> my
>> AuthScheme get the URI from the original request?
>>
>>
> I think you are seeing the right request.. but you only see the request URI
> as your request went out that way. For example:
>
> GET http://twitter.com/statuses/update.xml HTTP/1.1
>
> you issued, got translated as:
>
> GET /statuses/update.xml HTTP/1.1
> Host: twitter.com
>
> You should still be able to get the scheme, method etc from the request, as
> well as the 'Host' header. Can you check if this is correct?
>
> cheers
> asankha
>
> --
> Asankha C. Perera
> AdroitLogic, http://adroitlogic.org
>
> http://esbmagic.blogspot.com
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>
Re: AuthScheme impl for OAuth
Posted by "Asankha C. Perera" <as...@apache.org>.
Hi Tom
> So I'm trying to implement an AuthScheme for OAuth (actually I'm trying to
> augment SignPost to work with HttpClient's AuthScheme, but anyway...)
>
> The problem I'm running up against is when AuthScheme.authenticate(
> Credentials, HttpRequest ) is called. The problem is, in order for the
> request to be signed in OAuth, I need to know the entire request URI. The
> HttpRequest that's passed into authenticate() only has the path portion of
> the URI.
>
> Code snippet from OAuthScheme.java:
> public Header authenticate( Credentials credentials, HttpRequest request
> ) throws AuthenticationException {
> System.out.println( "AuthScheme request: " + request.getURI() );
> // ... sign the request
> }
>
> So, calling getURI on my original request shows:
> http://twitter.com/statuses/update.xml
> (get 401 response, authScheme handler kicks in...)
> from the authenicate method, I get printed:
> AuthScheme request: /statuses/update.xml
>
> I'm guessing this is because the request I'm getting is the 'new' request
> created after the initial 401 response is returned. I know the HttpContext
> holds state information between multiple requests (like redirects and 401s)
> but I don't have access to that from my AuthScheme instance. So how can my
> AuthScheme get the URI from the original request?
>
I think you are seeing the right request.. but you only see the request
URI as your request went out that way. For example:
GET http://twitter.com/statuses/update.xml HTTP/1.1
you issued, got translated as:
GET /statuses/update.xml HTTP/1.1
Host: twitter.com
You should still be able to get the scheme, method etc from the request,
as well as the 'Host' header. Can you check if this is correct?
cheers
asankha
--
Asankha C. Perera
AdroitLogic, http://adroitlogic.org
http://esbmagic.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org