001    /*
002     * The MIT License
003     * Copyright (c) 2012 Microsoft Corporation
004     *
005     * Permission is hereby granted, free of charge, to any person obtaining a copy
006     * of this software and associated documentation files (the "Software"), to deal
007     * in the Software without restriction, including without limitation the rights
008     * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
009     * copies of the Software, and to permit persons to whom the Software is
010     * furnished to do so, subject to the following conditions:
011     *
012     * The above copyright notice and this permission notice shall be included in
013     * all copies or substantial portions of the Software.
014     *
015     * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
016     * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
017     * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
018     * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
019     * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
020     * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
021     * THE SOFTWARE.
022     */
023    
024    package microsoft.exchange.webservices.data.core;
025    
026    import org.apache.http.Header;
027    import org.apache.http.HttpException;
028    import org.apache.http.HttpHost;
029    import org.apache.http.HttpRequest;
030    import org.apache.http.HttpResponse;
031    import org.apache.http.auth.MalformedChallengeException;
032    import org.apache.http.client.protocol.HttpClientContext;
033    import org.apache.http.client.protocol.RequestAddCookies;
034    import org.apache.http.client.protocol.ResponseProcessCookies;
035    import org.apache.http.impl.client.TargetAuthenticationStrategy;
036    import org.apache.http.protocol.HttpContext;
037    
038    import java.io.IOException;
039    import java.util.Map;
040    
041    /**
042     * TargetAuthenticationStrategy that also processes the cookies in HTTP 401 response. While not fully
043     * according to the RFC's, this is often necessary to ensure good load balancing behaviour (e.g., TMG server
044     * requires it for authentication, where it sends a HTTP 401 with a new Cookie after 5 minutes of inactivity)
045     */
046    public class CookieProcessingTargetAuthenticationStrategy extends TargetAuthenticationStrategy {
047      ResponseProcessCookies responseProcessCookies = new ResponseProcessCookies();
048      RequestAddCookies requestAddCookies = new RequestAddCookies();
049    
050      @Override
051      public Map<String, Header> getChallenges(HttpHost authhost, HttpResponse response, HttpContext context)
052          throws MalformedChallengeException {
053        try {
054          // Get the request from the context
055          HttpClientContext clientContext = HttpClientContext.adapt(context);
056          HttpRequest request = clientContext.getRequest();
057    
058          // Save new cookies in the context
059          responseProcessCookies.process(response, context);
060    
061          // Remove existing cookies and set the new cookies in the request
062          request.removeHeaders("Cookie");
063          requestAddCookies.process(request, context);
064        } catch (HttpException e) {
065          throw new RuntimeException(e); // Looking at the source of responseProcessCookies this never happens
066        } catch (IOException e) {
067          throw new RuntimeException(e); // Looking at the source of responseProcessCookies this never happens
068        }
069    
070        return super.getChallenges(authhost, response, context);
071      }
072    
073    }