Code Review / policy / drools-applications.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Don't build credentials if user name is empty
[policy/drools-applications.git] / controlloop / common / model-impl / rest / src / main / java / org / onap / policy / rest / RESTManager.java
diff --git a/controlloop/common/model-impl/rest/src/main/java/org/onap/policy/rest/RESTManager.java b/controlloop/common/model-impl/rest/src/main/java/org/onap/policy/rest/RESTManager.java
index 2540cb2..52ce13e 100644 (file)
--- a/controlloop/common/model-impl/rest/src/main/java/org/onap/policy/rest/RESTManager.java
+++ b/controlloop/common/model-impl/rest/src/main/java/org/onap/policy/rest/RESTManager.java
@@ -1,8 +1,8 @@
-/*-
+/*
  * ============LICENSE_START=======================================================
  * rest
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,17 +21,16 @@
 package org.onap.policy.rest;
 
 import java.io.IOException;
+import java.nio.charset.Charset;
 import java.util.Map;
 import java.util.Map.Entry;
-
+import javax.xml.bind.DatatypeConverter;
+import org.apache.http.HttpHeaders;
 import org.apache.http.HttpResponse;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.CredentialsProvider;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpPost;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.util.EntityUtils;
@@ -54,9 +53,8 @@ public class RESTManager {
 
     public Pair<Integer, String> post(String url, String username, String password,
             Map<String, String> headers, String contentType, String body) {
-        CredentialsProvider credentials = new BasicCredentialsProvider();
-        credentials.setCredentials(AuthScope.ANY,
-                new UsernamePasswordCredentials(username, password));
+
+        String authHeader = makeAuthHeader(username, password);
 
         logger.debug("HTTP REQUEST: {} -> {} {} -> {}", url, username,
                 ((password != null) ? password.length() : "-"), contentType);
@@ -67,7 +65,10 @@ public class RESTManager {
         logger.debug(body);
 
         try (CloseableHttpClient client =
-                HttpClientBuilder.create().setDefaultCredentialsProvider(credentials).build()) {
+                HttpClientBuilder
+                        .create()
+                        .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
+                        .build()) {
 
             HttpPost post = new HttpPost(url);
             if (headers != null) {
@@ -75,7 +76,10 @@ public class RESTManager {
                     post.addHeader(entry.getKey(), headers.get(entry.getKey()));
                 }
             }
-            post.addHeader("Content-Type", contentType);
+            post.addHeader("Content-Type", contentType);            
+            if(authHeader != null) {
+                post.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+            }
 
             StringEntity input = new StringEntity(body);
             input.setContentType(contentType);
@@ -106,18 +110,22 @@ public class RESTManager {
     public Pair<Integer, String> get(String url, String username, String password,
             Map<String, String> headers) {
 
-        CredentialsProvider credentials = new BasicCredentialsProvider();
-        credentials.setCredentials(AuthScope.ANY,
-                new UsernamePasswordCredentials(username, password));
+        String authHeader = makeAuthHeader(username, password);
 
         try (CloseableHttpClient client =
-                HttpClientBuilder.create().setDefaultCredentialsProvider(credentials).build()) {
+                HttpClientBuilder
+                        .create()
+                        .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
+                        .build()) {
 
             HttpGet get = new HttpGet(url);
             if (headers != null) {
                 for (Entry<String, String> entry : headers.entrySet()) {
                     get.addHeader(entry.getKey(), headers.get(entry.getKey()));
                 }
+            }           
+            if(authHeader != null) {
+                get.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
             }
 
             HttpResponse response = client.execute(get);
@@ -136,4 +144,13 @@ public class RESTManager {
             return null;
         }
     }
+
+    private String makeAuthHeader(String username, String password) {
+        if (username == null || username.isEmpty()) {
+            return null;
+        }
+
+        String auth = username + ":" + (password == null ? "" : password);
+        return "Basic " + DatatypeConverter.printBase64Binary(auth.getBytes(Charset.forName("ISO-8859-1")));
+    }
 }
Code for building policies/rules for the Drools PDP engine.