I need the filter applied on all requests. But the second request needs an Authorization header.
In the first request, the filter will add an Authorization header with a value containing my corporate user and password in base64. Something like "Basic user_password_base64". This is enough to authenticate with the proxy and continue with
the request. This first request give me a token, that I have to pass as an Authorization header as well.
In this case, I add a Authorization header with this value, something like "Authorization Bearer token_from_first_request".
This time, the filter doesn't add the header with my credentials for proxy authentication, so my request is blocked from the proxy. In the second request, when this header is not set, the proxy will send the request, but this time, the API that
I'm consuming expects an Authorization header with a token, so I receive an authorization error from the API.
So, my question is, there's a way to accomplish that use case with the HttpAuthenticationFeature or any other mechanism?
I resolve this with OkHttp using something like this:
Authenticator proxyAuthenticator = new Authenticator() {
@Override public Request authenticate(Route route, Response response) throws IOException {
String credential = Credentials.basic(username, password);
return response.request().newBuilder()
.header("Proxy-Authorization", credential)
.build();
}
};
OkHttpClient client = new OkHttpClient.Builder()
.proxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort)))
.proxyAuthenticator(proxyAuthenticator)
.build();
This way, every request using this client will make a proxy authentication before proceeds. But we have an internal guideline for Jersey usage, so is very important that we can resolve this using Jersey only.
Thanks in advance.
Hi, sorry for the delay.
To me this looks like you only need the filter to be used when AUTHORIZATION header is not set.
The authentication filter does not do anything when the
"org.glassfish.jersey.client.authentication.HttpAuthenticationFilter.reused"
property is set to "true". Can you not just set the property in the second request?
Hi Jan, thanks for your reply.
I think that with a code example I can better explain our needs:
HttpAuthenticationFeature httpAuthenticationFeature =
HttpAuthenticationFeature.
basic(
"myProxyUser",
"myProxyPassword");
ClientConfig clientConfig =
new ClientConfig();
clientConfig.connectorProvider(
new ApacheConnectorProvider());
Client client = ClientBuilder.
newClient(clientConfig);
client.register(httpAuthenticationFeature);
WebTarget target = client.target(
"https://external.host");
Response response = target.path(
"/path/to/generate/access/token").request().get();
//This response is ok. The response was a proxy block before HttpAuthenticationFeature
AccessToken accessToken = response.readEntity(AccessToken.
class);
//This one give us the proxy block again.
target.path(
"/path/to/get/info").request()
.header(HttpHeaders.
AUTHORIZATION,
"Bearer " + accessToken.getValue())
.get();
We are trying to use a CredentialsProvider as well, but without success until now.
Thanks in advance.
Hi,
I am not sure I understand the issue.
- We saw that the HttpAuthenticationFilter adds an Authorization header with the basic
authentication, and that's why there's a condition to not execute the authentication process if this header exists on the original request.
Do I understand correctly that you want to repeat the authentication again to another endpoint? If so, can you create another filter with higher priority than HttpAuthenticationFilter,
remove the REQUEST_PROPERTY_FILTER_REUSED property,
and set the new URI in ClientRequestContext?
Or you want to make a completely new request from a filter with a lower priority with the new token you received and repeat a similar logic from repeatRequest method?
-- Jan
Hi!
I'm facing a problem at work and can't find any alternatives.
We need to call an external API and for that, we have to pass by the proxy with authentication. For the first request, to get an access token, we are using the feature that adds the HttpAuthenticationFilter.
So, for that, with my user and password, everything is ok. But now, I need to call another endpoint passing the token from the previous request as an Authorization header.
We saw that the HttpAuthenticationFilter adds an Authorization header with the basic authentication, and that's why there's a condition to not execute the authentication process if this header exists on the original request.
We got the working using OkHttp, but I know they use another process for the authentication. There's something we can do to provide something similar?
Thanks in advance.