Package ucar.httpservices

Class HTTPSession

  • All Implemented Interfaces:
    Closeable, AutoCloseable
    @ThreadSafe
public class HTTPSession
extends Object
implements Closeable
    A session is encapsulated in an instance of the class HTTPSession. The encapsulation is with respect to a specific HttpHost "realm", where the important part is is host+port. This means that once a session is specified, it is tied permanently to that realm.

    A Session encapsulate a number of other objects:

    • An instance of an Apache HttpClient.
    • A http session id
    • A RequestContext object; this also includes authentication: specifically a credentials provider.

    As a rule, if the client gives an HTTPSession object to the "create method" procedures of HTTPFactory (e.g. HTTPFactory.Get or HTTPFactory.Post) then that creation call must specify a url that is "compatible" with the scope of the session. The method url is compatible if its host+port is the same as the session's host+port (=scope) and its scheme is compatible, where e.g. http is compatible with https (see HTTPAuthUtil.httphostCompatible)

    If the HTTPFactory method creation call does not specify a session object, then one is created (and destroyed) behind the scenes along with the method.

    Note that the term legalurl in the following code means that the url has reserved characters within identifiers in escaped form. This is particularly an issue for queries. Especially square brackets (e.g. ?x[0:5]) are an issue. Recently (2018) Apache Tomcat stopped accepting square brackets (and maybe other characters) as ok when left unencoded. So, now we need to be aware of this and cause queries encoding to include square brackets.

    As of the move to Apache Httpclient 4.4 and later, the underlying HttpClient objects are generally immutable. This means that at least this class (HTTPSession) and the HTTPMethod class must store the relevant info and create the HttpClient and HttpMethod objects dynamically. This also means that when a parameter is changed (Agent, for example), any existing cached HttpClient must be thrown away and reconstructed using the change. As a rule, the HttpClient object will be created at the last minute so that multiple parameter changes can be effected without have to re-create the HttpClient for each parameter change. Also note that the immutable objects will be cached and reused if no parameters are changed.

    Authorization We assume that the session supports two CredentialsProvider instances: one global to all HTTPSession objects and one specific to each HTTPSession object. The global one is used unless a local one was specified.

    As an aside, authentication is a bit tricky because some authorization schemes use redirection. That is, the initial request is made to server X, but X says: goto to server Y" to get, say, and authorization token. Then Y says: return to X with this token and proceed.

    SSL TBD. Notes: 1. Setting of credentials via HTTPSession is no longer supported. Instead, the user must use CredentialsProvider.setCredentials 2. CredentialsProviders are all assumed to be caching (see the code for BasicCredentialsProvider for the canonical case. This has consequences for proxy because an attempt will be made to insert them into the chosen CredentialsProvider. 3. The new class HTTPAuthCache is used instead of BasicAuthCache so that when authorization fails, the AuthCache.remove method is forwarded to the CredentialsProvider.clear or the HTTPCredentialsProvider.remove method.

    • Field Detail

      • TESTING

        public static boolean TESTING

      • USEPOOL

        protected static final boolean USEPOOL
        Determine wether to use a Pooling connection manager or to manage a bunch of individual connections.
        See Also:
        Constant Field Values

      • connmgr

        protected static ucar.httpservices.HTTPConnections connmgr

      • contentDecoderMap

        protected static Map<String,​org.apache.http.client.entity.InputStreamFactory> contentDecoderMap

      • authcontrols

        protected static ucar.httpservices.HTTPSession.AuthControls authcontrols

      • sessionURI

        protected String sessionURI

      • scopeURI

        protected URI scopeURI

      • scope

        protected org.apache.http.auth.AuthScope scope

      • closed

        protected boolean closed

      • sessionprovider

        protected org.apache.http.client.CredentialsProvider sessionprovider

      • identifier

        protected String identifier

      • localsettings

        protected Map<ucar.httpservices.HTTPSession.Prop,​Object> localsettings

      • sessioncontext

        protected org.apache.http.client.protocol.HttpClientContext sessioncontext

      • requestURI

        protected URI requestURI

      • cachevalid

        protected boolean cachevalid

      • cachedconfig

        protected org.apache.http.client.config.RequestConfig cachedconfig

    • Method Detail

      • getDPropInt

        protected static int getDPropInt​(String key)

      • setDefaults

        protected static void setDefaults​(Map<ucar.httpservices.HTTPSession.Prop,​Object> props)

      • setGlobalUserAgent

        public static void setGlobalUserAgent​(String userAgent)

      • getGlobalUserAgent

        public static String getGlobalUserAgent()

      • setGlobalMaxConnections

        public static void setGlobalMaxConnections​(int n)

      • getGlobalMaxConnection

        public static int getGlobalMaxConnection()

      • setGlobalConnectionTimeout

        public static void setGlobalConnectionTimeout​(int timeout)

      • setGlobalSoTimeout

        public static void setGlobalSoTimeout​(int timeout)

      • setGlobalFollowRedirects

        public static void setGlobalFollowRedirects​(boolean tf)
        Enable/disable redirection following Default is yes.

      • setGlobalMaxRedirects

        public static void setGlobalMaxRedirects​(int n)
        Set the max number of redirects to follow
        Parameters:
        n -

      • getGlobalSetting

        public static Object getGlobalSetting​(String key)

      • setCompression

        public void setCompression​(String compressors)

      • checkCompressors

        protected static String checkCompressors​(String compressors)

      • setGlobalCredentialsProvider

        public static void setGlobalCredentialsProvider​(org.apache.http.client.CredentialsProvider provider)
                                         throws HTTPException
        Parameters:
        provider - the credentials provider
        Throws:
        HTTPException

      • setGlobalRetryCount

        public static void setGlobalRetryCount​(int n)

      • resetInterceptors

        public void resetInterceptors()

      • getAuthScope

        public org.apache.http.auth.AuthScope getAuthScope()

      • getSessionURI

        public String getSessionURI()

      • getSessionID

        public String getSessionID()
        Extract the sessionid cookie value
        Returns:
        sessionid string

      • setSoTimeout

        public HTTPSession setSoTimeout​(int timeout)

      • setConnectionTimeout

        public HTTPSession setConnectionTimeout​(int timeout)

      • setMaxRedirects

        public HTTPSession setMaxRedirects​(int n)
        Set the max number of redirects to follow
        Parameters:
        n -

      • setFollowRedirects

        public HTTPSession setFollowRedirects​(boolean tf)
        Enable/disable redirection following Default is yes.

      • setUseSessions

        public HTTPSession setUseSessions​(boolean tf)
        Should we use sessionid's?
        Parameters:
        tf -

      • getCookies

        public List<org.apache.http.cookie.Cookie> getCookies()

      • close

        public void close()
        Close the session. This implies closing any open methods.
        Specified by:
        close in interface AutoCloseable
        Specified by:
        close in interface Closeable

      • setCredentialsProvider

        public HTTPSession setCredentialsProvider​(org.apache.http.client.CredentialsProvider provider)
                                   throws HTTPException
        Parameters:
        provider - the credentials provider
        Throws:
        HTTPException

      • clearProvider

        protected void clearProvider()
        This is used by HTTPMethod to sclear the credentials provider. in theory, this should be done automatically, but apparently not.

      • setCredentials

        protected void setCredentials​(URI uri)
        This is used by HTTPMethod to set the in-url name+pwd into the credentials provider, if defined. If a CredentialsProvider is not defined for the session, create a new BasicCredentialsProvider

      • setAuthenticationAndProxy

        protected void setAuthenticationAndProxy​(org.apache.http.impl.client.HttpClientBuilder cb)
                                  throws HTTPException
        Handle authentication and Proxy'ing
        Parameters:
        cb -
        Throws:
        HTTPException

      • mergedSettings

        public Map<ucar.httpservices.HTTPSession.Prop,​Object> mergedSettings()

      • getMergedSettings

        public com.google.common.collect.ImmutableMap<String,​String> getMergedSettings()

      • setDebugInterceptors

        public void setDebugInterceptors()

      • activateInterceptors

        public void activateInterceptors​(org.apache.http.impl.client.HttpClientBuilder cb)

      • isClosed

        public boolean isClosed()

      • getMethodcount

        public int getMethodcount()

      • track

        protected static void track​(HTTPSession session)

      • clearkeystore

        public static void clearkeystore()

      • rebuildkeystore

        public static void rebuildkeystore​(String path,
                                   String pwd)

      • allowSelfSignedCertificatesForTesting

        public static void allowSelfSignedCertificatesForTesting()

      • setGlobalCredentialsProvider

        @Deprecated
public static void setGlobalCredentialsProvider​(org.apache.http.auth.AuthScope scope,
                                                org.apache.http.client.CredentialsProvider provider)
                                         throws HTTPException
        Deprecated.
        Throws:
        HTTPException

      • setGlobalCredentialsProvider

        @Deprecated
public static void setGlobalCredentialsProvider​(String url,
                                                org.apache.http.client.CredentialsProvider provider)
                                         throws HTTPException
        Deprecated.
        Throws:
        HTTPException

      • getRetryCount

        @Deprecated
public static int getRetryCount()
        Deprecated.

      • setGlobalProxy

        @Deprecated
public static void setGlobalProxy​(String host,
                                  int port)
        Deprecated.

      • setProxy

        @Deprecated
public void setProxy​(String host,
                     int port)
        Deprecated.

      • setGlobalCredentialsProvider

        @Deprecated
public static void setGlobalCredentialsProvider​(org.apache.http.client.CredentialsProvider provider,
                                                String scheme)
                                         throws HTTPException
        Deprecated.
        Throws:
        HTTPException

      • clearState

        @Deprecated
public void clearState()
        Deprecated.