inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-09-17 14:21:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACS-5392] migrate to http5 in IdentityServiceFacadeFactoryBean (#1989)

Browse Source
This commit is contained in:
kcichonczyk
2023-06-14 10:03:27 +02:00
committed by GitHub
parent 685d80a468
commit c9009b9afc
3 changed files with 58 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pom.xml
View File

@@ -71,6 +71,8 @@
<dependency.gson.version>2.8.9</dependency.gson.version> <dependency.gson.version>2.8.9</dependency.gson.version>
<dependency.httpclient.version>4.5.13</dependency.httpclient.version> <dependency.httpclient.version>4.5.13</dependency.httpclient.version>
<dependency.httpcore.version>4.4.16</dependency.httpcore.version> <dependency.httpcore.version>4.4.16</dependency.httpcore.version>
<dependency.httpcomponents-httpclient5.version>5.2.1</dependency.httpcomponents-httpclient5.version>
<dependency.httpcomponents-httpcore5.version>5.2.1</dependency.httpcomponents-httpcore5.version>
<dependency.commons-httpclient.version>3.1-HTTPCLIENT-1265</dependency.commons-httpclient.version> <dependency.commons-httpclient.version>3.1-HTTPCLIENT-1265</dependency.commons-httpclient.version>
<dependency.xercesImpl.version>2.12.2</dependency.xercesImpl.version> <dependency.xercesImpl.version>2.12.2</dependency.xercesImpl.version>
<dependency.slf4j.version>2.0.7</dependency.slf4j.version> <dependency.slf4j.version>2.0.7</dependency.slf4j.version>
@@ -370,6 +372,16 @@
<artifactId>commons-httpclient</artifactId> <artifactId>commons-httpclient</artifactId>
<version>${dependency.commons-httpclient.version}</version> <version>${dependency.commons-httpclient.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.apache.httpcomponents.client5</groupId>
<artifactId>httpclient5</artifactId>
<version>${dependency.httpcomponents-httpclient5.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore5</artifactId>
<version>${dependency.httpcomponents-httpcore5.version}</version>
</dependency>
<dependency> <dependency>
<groupId>commons-logging</groupId> <groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId> <artifactId>commons-logging</artifactId>

9
repository/pom.xml
View File

@@ -65,6 +65,15 @@
<artifactId>httpmime</artifactId> <artifactId>httpmime</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.apache.httpcomponents.client5</groupId>
<artifactId>httpclient5</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore5</artifactId>
</dependency>
<dependency> <dependency>
<groupId>org.apache.commons</groupId> <groupId>org.apache.commons</groupId>
<artifactId>commons-dbcp2</artifactId> <artifactId>commons-dbcp2</artifactId>

61
repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceFacadeFactoryBean.java
View File

@@ -62,14 +62,17 @@ import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import org.alfresco.repo.security.authentication.identityservice.IdentityServiceFacade.IdentityServiceFacadeException; import org.alfresco.repo.security.authentication.identityservice.IdentityServiceFacade.IdentityServiceFacadeException;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.http.client.HttpClient; import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.http.client.config.RequestConfig; import org.apache.hc.client5.http.config.ConnectionConfig;
import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.http.conn.ssl.TrustAllStrategy; import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.http.impl.client.HttpClientBuilder; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.http.impl.client.HttpClients; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.http.ssl.SSLContextBuilder; import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.http.ssl.SSLContexts; import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.client5.http.ssl.TrustAllStrategy;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.apache.hc.core5.ssl.SSLContexts;
import org.springframework.beans.factory.FactoryBean; import org.springframework.beans.factory.FactoryBean;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.RequestEntity; import org.springframework.http.RequestEntity;
@@ -230,8 +233,7 @@ public class IdentityServiceFacadeFactoryBean implements FactoryBean<IdentitySer
// * Client is authenticating itself using basic auth // * Client is authenticating itself using basic auth
// * Resource Owner Password Credentials Flow is used to authenticate Resource Owner // * Resource Owner Password Credentials Flow is used to authenticate Resource Owner
//JAKARTA_TO_DO|ACS-5392|SpringSecurity6|Apache Http Client 4.X removed//final ClientHttpRequestFactory httpRequestFactory = new HttpComponentsClientHttpRequestFactory(httpClientProvider.get()); final ClientHttpRequestFactory httpRequestFactory = new HttpComponentsClientHttpRequestFactory(httpClientProvider.get());
final ClientHttpRequestFactory httpRequestFactory = null;
final RestTemplate restTemplate = new RestTemplate(httpRequestFactory); final RestTemplate restTemplate = new RestTemplate(httpRequestFactory);
final ClientRegistration clientRegistration = clientRegistrationProvider.apply(restTemplate); final ClientRegistration clientRegistration = clientRegistrationProvider.apply(restTemplate);
final JwtDecoder jwtDecoder = jwtDecoderProvider.apply(restTemplate, clientRegistration.getProviderDetails()); final JwtDecoder jwtDecoder = jwtDecoderProvider.apply(restTemplate, clientRegistration.getProviderDetails());
@@ -263,10 +265,7 @@ public class IdentityServiceFacadeFactoryBean implements FactoryBean<IdentitySer
try try
{ {
HttpClientBuilder clientBuilder = HttpClients.custom(); HttpClientBuilder clientBuilder = HttpClients.custom();
applyConfiguration(clientBuilder);
applyConnectionConfiguration(clientBuilder);
applySSLConfiguration(clientBuilder);
return clientBuilder.build(); return clientBuilder.build();
} }
catch (Exception e) catch (Exception e)
@@ -275,18 +274,28 @@ public class IdentityServiceFacadeFactoryBean implements FactoryBean<IdentitySer
} }
} }
private void applyConnectionConfiguration(HttpClientBuilder builder) private void applyConfiguration(HttpClientBuilder builder) throws Exception
{ {
final RequestConfig requestConfig = RequestConfig.custom() final PoolingHttpClientConnectionManagerBuilder connectionManagerBuilder = PoolingHttpClientConnectionManagerBuilder.create();
.setConnectTimeout(config.getClientConnectionTimeout())
.setSocketTimeout(config.getClientSocketTimeout())
.build();
builder.setDefaultRequestConfig(requestConfig) applyConnectionConfiguration(connectionManagerBuilder);
.setMaxConnTotal(config.getConnectionPoolSize()); applySSLConfiguration(connectionManagerBuilder);
builder.setConnectionManager(connectionManagerBuilder.build());
} }
private void applySSLConfiguration(HttpClientBuilder builder) throws Exception private void applyConnectionConfiguration(PoolingHttpClientConnectionManagerBuilder connectionManagerBuilder)
{
final ConnectionConfig connectionConfig = ConnectionConfig.custom()
.setConnectTimeout(config.getClientConnectionTimeout(), TimeUnit.MILLISECONDS)
.setSocketTimeout(config.getClientSocketTimeout(), TimeUnit.MILLISECONDS)
.build();
connectionManagerBuilder.setMaxConnTotal(config.getConnectionPoolSize());
connectionManagerBuilder.setDefaultConnectionConfig(connectionConfig);
}
private void applySSLConfiguration(PoolingHttpClientConnectionManagerBuilder connectionManagerBuilder) throws Exception
{ {
SSLContextBuilder sslContextBuilder = null; SSLContextBuilder sslContextBuilder = null;
if (config.isDisableTrustManager()) if (config.isDisableTrustManager())
@@ -313,15 +322,19 @@ public class IdentityServiceFacadeFactoryBean implements FactoryBean<IdentitySer
sslContextBuilder.loadKeyMaterial(new File(config.getClientKeystore()), keystorePassword, keyPassword); sslContextBuilder.loadKeyMaterial(new File(config.getClientKeystore()), keystorePassword, keyPassword);
} }
final SSLConnectionSocketFactoryBuilder sslConnectionSocketFactoryBuilder = SSLConnectionSocketFactoryBuilder.create();
if (sslContextBuilder != null) if (sslContextBuilder != null)
{ {
builder.setSSLContext(sslContextBuilder.build()); sslConnectionSocketFactoryBuilder.setSslContext(sslContextBuilder.build());
} }
if (config.isDisableTrustManager() || config.isAllowAnyHostname()) if (config.isDisableTrustManager() || config.isAllowAnyHostname())
{ {
builder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE); sslConnectionSocketFactoryBuilder.setHostnameVerifier(NoopHostnameVerifier.INSTANCE);
} }
final SSLConnectionSocketFactory sslConnectionSocketFactory = sslConnectionSocketFactoryBuilder.build();
connectionManagerBuilder.setSSLSocketFactory(sslConnectionSocketFactory);
} }
private char[] asCharArray(String value, char[] nullValue) private char[] asCharArray(String value, char[] nullValue)