ucar.httpservices

Class HTTPSession

java.lang.Object

ucar.httpservices.HTTPSession

All Implemented Interfaces:

Closeable, AutoCloseable

@ThreadSafe
public class HTTPSession
extends Object
implements Closeable

A session is encapsulated in an instance of the class HTTPSession. The encapsulation is with respect to a specific HttpHost "realm", where the important part is is host+port. This means that once a session is specified, it is tied permanently to that realm.

A Session encapsulate a number of other objects:

• An instance of an Apache HttpClient.
• A http session id
• A RequestContext object; this also includes authentication: specifically a credentials provider.

As a rule, if the client gives an HTTPSession object to the "create method" procedures of HTTPFactory (e.g. HTTPFactory.Get or HTTPFactory.Post) then that creation call must specify a url that is "compatible" with the scope of the session. The method url is compatible if its host+port is the same as the session's host+port (=scope) and its scheme is compatible, where e.g. http is compatible with https (see HTTPAuthUtil.httphostCompatible)

If the HTTPFactory method creation call does not specify a session object, then one is created (and destroyed) behind the scenes along with the method.

Note that the term legalurl in the following code means that the url has reserved characters within identifiers in escaped form. This is particularly an issue for queries. Especially square brackets (e.g. ?x[0:5]) are an issue. Recently (2018) Apache Tomcat stopped accepting square brackets (and maybe other characters) as ok when left unencoded. So, now we need to be aware of this and cause queries encoding to include square brackets.

As of the move to Apache Httpclient 4.4 and later, the underlying HttpClient objects are generally immutable. This means that at least this class (HTTPSession) and the HTTPMethod class must store the relevant info and create the HttpClient and HttpMethod objects dynamically. This also means that when a parameter is changed (Agent, for example), any existing cached HttpClient must be thrown away and reconstructed using the change. As a rule, the HttpClient object will be created at the last minute so that multiple parameter changes can be effected without have to re-create the HttpClient for each parameter change. Also note that the immutable objects will be cached and reused if no parameters are changed.

Authorization We assume that the session supports two CredentialsProvider instances: one global to all HTTPSession objects and one specific to each HTTPSession object. The global one is used unless a local one was specified.

As an aside, authentication is a bit tricky because some authorization schemes use redirection. That is, the initial request is made to server X, but X says: goto to server Y" to get, say, and authorization token. Then Y says: return to X with this token and proceed.

SSL TBD. Notes: 1. Setting of credentials via HTTPSession is no longer supported. Instead, the user must use CredentialsProvider.setCredentials 2. CredentialsProviders are all assumed to be caching (see the code for BasicCredentialsProvider for the canonical case. This has consequences for proxy because an attempt will be made to insert them into the chosen CredentialsProvider. 3. The new class HTTPAuthCache is used instead of BasicAuthCache so that when authorization fails, the AuthCache.remove method is forwarded to the CredentialsProvider.clear or the HTTPCredentialsProvider.remove method.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	HTTPSession.Methods

Field Summary

Fields

Modifier and Type	Field and Description
static String	ACCEPT_ENCODING
protected static ucar.httpservices.HTTPSession.AuthControls	authcontrols
protected org.apache.http.client.config.RequestConfig	cachedconfig
protected boolean	cachevalid
protected static org.apache.http.HttpResponseInterceptor	CEKILL
protected boolean	closed
protected static ucar.httpservices.HTTPConnections	connmgr
protected static Map<String,org.apache.http.client.entity.InputStreamFactory>	contentDecoderMap
protected static List<org.apache.http.HttpRequestInterceptor>	dbgreq
protected static List<org.apache.http.HttpResponseInterceptor>	dbgrsp
static String	HEADER_USERAGENT
protected String	identifier
protected Map<ucar.httpservices.HTTPSession.Prop,Object>	localsettings
static org.slf4j.Logger	log
protected ConcurrentSkipListSet<HTTPMethod>	methods
protected URI	requestURI
protected org.apache.http.auth.AuthScope	scope
protected URI	scopeURI
protected HTTPAuthCache	sessioncache
protected org.apache.http.client.protocol.HttpClientContext	sessioncontext
protected org.apache.http.client.CredentialsProvider	sessionprovider
protected String	sessionURI
static boolean	TESTING
protected static boolean	USEPOOL Determine wether to use a Pooling connection manager or to manage a bunch of individual connections.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	HTTPSession()

Method Summary

Modifier and Type	Method and Description
protected static KeyStore	buildkeystore(String keypath, String keypassword)
protected static String	checkCompressors(String compressors)
HTTPSession	clearCookies()
static void	clearkeystore()
protected void	clearProvider() This is used by HTTPMethod to sclear the credentials provider.
void	clearState() Deprecated.
void	close() Close the session.
static HTTPUtil.InterceptRequest	debugRequestInterceptor()
static HTTPUtil.InterceptResponse	debugResponseInterceptor()
org.apache.http.auth.AuthScope	getAuthScope()
List<org.apache.http.cookie.Cookie>	getCookies()
protected static int	getDPropInt(String key)
static int	getGlobalMaxConnection()
static Object	getGlobalSetting(String key)
static String	getGlobalUserAgent()
int	getMethodcount()
static int	getRetryCount() Deprecated.
String	getSessionID() Extract the sessionid cookie value
String	getSessionURI()
String	getSessionURL() Deprecated.
Object	getSetting(String key)
protected void	init(org.apache.http.auth.AuthScope scope, String actualurl)
boolean	isClosed()
Map<ucar.httpservices.HTTPSession.Prop,Object>	mergedSettings()
static void	rebuildkeystore(String path, String pwd)
static void	removeGlobalCompression()
static void	resetInterceptors()
protected void	setAuthenticationAndProxy(org.apache.http.impl.client.HttpClientBuilder cb) Handle authentication and Proxy'ing
HTTPSession	setConnectionTimeout(int timeout)
protected void	setCredentials(URI uri) This is used by HTTPMethod to set the in-url name+pwd into the credentials provider, if defined.
HTTPSession	setCredentialsProvider(org.apache.http.auth.AuthScope scope, org.apache.http.client.CredentialsProvider provider) Deprecated.
HTTPSession	setCredentialsProvider(org.apache.http.client.CredentialsProvider provider)
HTTPSession	setCredentialsProvider(String url, org.apache.http.client.CredentialsProvider provider) Deprecated.
protected static void	setDefaults(Map<ucar.httpservices.HTTPSession.Prop,Object> props)
HTTPSession	setFollowRedirects(boolean tf) Enable/disable redirection following Default is yes.
static void	setGlobalCompression() Deprecated.
static void	setGlobalCompression(String compressors)
static void	setGlobalConnectionTimeout(int timeout)
static void	setGlobalCredentialsProvider(org.apache.http.auth.AuthScope scope, org.apache.http.client.CredentialsProvider provider) Deprecated.
static void	setGlobalCredentialsProvider(org.apache.http.client.CredentialsProvider provider)
static void	setGlobalCredentialsProvider(org.apache.http.client.CredentialsProvider provider, String scheme) Deprecated.
static void	setGlobalCredentialsProvider(String url, org.apache.http.client.CredentialsProvider provider) Deprecated.
static void	setGlobalFollowRedirects(boolean tf) Enable/disable redirection following Default is yes.
static void	setGlobalMaxConnections(int n)
static void	setGlobalMaxRedirects(int n) Set the max number of redirects to follow
static void	setGlobalProxy(String host, int port) Deprecated.
static void	setGlobalRetryCount(int n)
static void	setGlobalSoTimeout(int timeout)
static void	setGlobalUserAgent(String userAgent)
static void	setInterceptors(boolean print)
protected static void	setInterceptors(org.apache.http.impl.client.HttpClientBuilder cb)
HTTPSession	setMaxRedirects(int n) Set the max number of redirects to follow
void	setProxy(String host, int port) Deprecated.
HTTPSession	setSoTimeout(int timeout)
HTTPSession	setUserAgent(String agent)
HTTPSession	setUseSessions(boolean tf) Should we use sessionid's?
protected static void	track(HTTPSession session)
static void	validatestate()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TESTING

public static boolean TESTING

USEPOOL

protected static final boolean USEPOOL

Determine wether to use a Pooling connection manager or to manage a bunch of individual connections.

See Also:

Constant Field Values

HEADER_USERAGENT

public static final String HEADER_USERAGENT

See Also:

Constant Field Values

ACCEPT_ENCODING

public static final String ACCEPT_ENCODING

See Also:

Constant Field Values

log

public static final org.slf4j.Logger log

CEKILL

protected static org.apache.http.HttpResponseInterceptor CEKILL

dbgreq

protected static List<org.apache.http.HttpRequestInterceptor> dbgreq

dbgrsp

protected static List<org.apache.http.HttpResponseInterceptor> dbgrsp

connmgr

protected static ucar.httpservices.HTTPConnections connmgr

contentDecoderMap

protected static Map<String,org.apache.http.client.entity.InputStreamFactory> contentDecoderMap

authcontrols

protected static ucar.httpservices.HTTPSession.AuthControls authcontrols

sessionURI

protected String sessionURI

scopeURI

protected URI scopeURI

scope

protected org.apache.http.auth.AuthScope scope

closed

protected boolean closed

sessionprovider

protected org.apache.http.client.CredentialsProvider sessionprovider

methods

protected ConcurrentSkipListSet<HTTPMethod> methods

identifier

protected String identifier

localsettings

protected Map<ucar.httpservices.HTTPSession.Prop,Object> localsettings

sessioncontext

protected org.apache.http.client.protocol.HttpClientContext sessioncontext

sessioncache

protected HTTPAuthCache sessioncache

requestURI

protected URI requestURI

cachevalid

protected boolean cachevalid

cachedconfig

protected org.apache.http.client.config.RequestConfig cachedconfig

Constructor Detail

HTTPSession

protected HTTPSession()
               throws HTTPException

Throws:

HTTPException

Method Detail

getDPropInt

protected static int getDPropInt(String key)

setDefaults

protected static void setDefaults(Map<ucar.httpservices.HTTPSession.Prop,Object> props)

buildkeystore

protected static KeyStore buildkeystore(String keypath,
                                        String keypassword)

setGlobalUserAgent

public static void setGlobalUserAgent(String userAgent)

getGlobalUserAgent

public static String getGlobalUserAgent()

setGlobalMaxConnections

public static void setGlobalMaxConnections(int n)

getGlobalMaxConnection

public static int getGlobalMaxConnection()

setGlobalConnectionTimeout

public static void setGlobalConnectionTimeout(int timeout)

setGlobalSoTimeout

public static void setGlobalSoTimeout(int timeout)

setGlobalFollowRedirects

public static void setGlobalFollowRedirects(boolean tf)

Enable/disable redirection following Default is yes.

setGlobalMaxRedirects

public static void setGlobalMaxRedirects(int n)

Set the max number of redirects to follow

Parameters:

n -

getGlobalSetting

public static Object getGlobalSetting(String key)

setGlobalCompression

public static void setGlobalCompression(String compressors)

removeGlobalCompression

public static void removeGlobalCompression()

checkCompressors

protected static String checkCompressors(String compressors)

setGlobalCredentialsProvider

public static void setGlobalCredentialsProvider(org.apache.http.client.CredentialsProvider provider)
                                         throws HTTPException

Parameters:

provider - the credentials provider

Throws:

HTTPException

setGlobalRetryCount

public static void setGlobalRetryCount(int n)

init

protected void init(org.apache.http.auth.AuthScope scope,
                    String actualurl)
             throws HTTPException

Throws:

HTTPException

setInterceptors

protected static void setInterceptors(org.apache.http.impl.client.HttpClientBuilder cb)

getAuthScope

public org.apache.http.auth.AuthScope getAuthScope()

getSessionURI

public String getSessionURI()

getSessionID

public String getSessionID()

Extract the sessionid cookie value

Returns:

sessionid string

setUserAgent

public HTTPSession setUserAgent(String agent)

setSoTimeout

public HTTPSession setSoTimeout(int timeout)

setConnectionTimeout

public HTTPSession setConnectionTimeout(int timeout)

setMaxRedirects

public HTTPSession setMaxRedirects(int n)

Set the max number of redirects to follow

Parameters:

n -

setFollowRedirects

public HTTPSession setFollowRedirects(boolean tf)

Enable/disable redirection following Default is yes.

setUseSessions

public HTTPSession setUseSessions(boolean tf)

Should we use sessionid's?

Parameters:

tf -

getCookies

public List<org.apache.http.cookie.Cookie> getCookies()

clearCookies

public HTTPSession clearCookies()

getSetting

public Object getSetting(String key)

close

public void close()

Close the session. This implies closing any open methods.

Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

setCredentialsProvider

public HTTPSession setCredentialsProvider(org.apache.http.client.CredentialsProvider provider)
                                   throws HTTPException

Parameters:

provider - the credentials provider

Throws:

HTTPException

clearProvider

protected void clearProvider()

This is used by HTTPMethod to sclear the credentials provider. in theory, this should be done automatically, but apparently not.

setCredentials

protected void setCredentials(URI uri)
                       throws HTTPException

This is used by HTTPMethod to set the in-url name+pwd into the credentials provider, if defined.

Throws:

HTTPException

setAuthenticationAndProxy

protected void setAuthenticationAndProxy(org.apache.http.impl.client.HttpClientBuilder cb)
                                  throws HTTPException

Handle authentication and Proxy'ing

Parameters:

cb -

Throws:

HTTPException

mergedSettings

public Map<ucar.httpservices.HTTPSession.Prop,Object> mergedSettings()

isClosed

public boolean isClosed()

getMethodcount

public int getMethodcount()

track

protected static void track(HTTPSession session)

setInterceptors

public static void setInterceptors(boolean print)

resetInterceptors

public static void resetInterceptors()

debugRequestInterceptor

public static HTTPUtil.InterceptRequest debugRequestInterceptor()

debugResponseInterceptor

public static HTTPUtil.InterceptResponse debugResponseInterceptor()

clearkeystore

public static void clearkeystore()

rebuildkeystore

public static void rebuildkeystore(String path,
                                   String pwd)

setGlobalCredentialsProvider

@Deprecated
public static void setGlobalCredentialsProvider(org.apache.http.auth.AuthScope scope,
                                                            org.apache.http.client.CredentialsProvider provider)
                                                     throws HTTPException

Deprecated.

Throws:

HTTPException

setGlobalCredentialsProvider

@Deprecated
public static void setGlobalCredentialsProvider(String url,
                                                            org.apache.http.client.CredentialsProvider provider)
                                                     throws HTTPException

Deprecated.

Throws:

HTTPException

setCredentialsProvider

@Deprecated
public HTTPSession setCredentialsProvider(String url,
                                                      org.apache.http.client.CredentialsProvider provider)
                                               throws HTTPException

Deprecated.

Throws:

HTTPException

setCredentialsProvider

@Deprecated
public HTTPSession setCredentialsProvider(org.apache.http.auth.AuthScope scope,
                                                      org.apache.http.client.CredentialsProvider provider)
                                               throws HTTPException

Deprecated.

Throws:

HTTPException

getRetryCount

@Deprecated
public static int getRetryCount()

Deprecated.

setGlobalCompression

@Deprecated
public static void setGlobalCompression()

Deprecated.

setGlobalProxy

@Deprecated
public static void setGlobalProxy(String host,
                                              int port)

Deprecated.

setProxy

@Deprecated
public void setProxy(String host,
                                 int port)

Deprecated.

setGlobalCredentialsProvider

@Deprecated
public static void setGlobalCredentialsProvider(org.apache.http.client.CredentialsProvider provider,
                                                            String scheme)
                                                     throws HTTPException

Deprecated.

Throws:

HTTPException

clearState

@Deprecated
public void clearState()

Deprecated.

getSessionURL

@Deprecated
public String getSessionURL()

Deprecated.

validatestate

public static void validatestate()