Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create PentahoHttpResource extends HttpResource override exists() … #136

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Create PentahoHttpResource extends HttpResource override exists() … #136

wants to merge 2 commits into from

Conversation

boehm-gipmbh
Copy link

… getLastModifiedTime() using GET to Keycloak and use in blueprint.xml
This is a well working fix while introducing a PentahoHttpResource.class extends org.opensaml.util.resource.HttpResource.
HttpResource from org.opensaml.util.resource.HttpResource uses HEAD-Request without authentication, which is forbidden by Keycloak at least in version 25.
Both methods using HEAD calls to KC25 are overidden and use unauthenticated GET calls instead to KC25 which are still allowed against KC25 for existent check.

@boehm-gipmbh
Create PentahoHttpResource extends HttpResource override exists() and…
cf457f0 
… getLastModifiedTime() using GET to Keycloak and use in blueprint.xml
@jonjarvis
Copy link
Contributor

jonjarvis commented Sep 26, 2024
edited
Loading

I was wondering why this stopped working, but hadn't looked into it, simply using the filesystem based files instead. What is interesting is the code from the original HTTPResource has a fallback method to use GET instead of HEAD:

try {
            HttpResponse httpResponse = httpClient.[execute](http://www.java2s.com/example/java-src/pkg/org/apache/http/client/httpclient-769b4.html#632f2bdb2540939e7f502588aacc6f91)(httpRequest);
            int statusCode = httpResponse.getStatusLine().getStatusCode();
            httpRequest.[abort](http://www.java2s.com/example/java-src/pkg/org/apache/http/client/methods/httpurirequest-8fa0f.html#d82bdee79ee610d91ec124e0f322800a)();

            if (statusCode == HttpStatus.SC_METHOD_NOT_ALLOWED) {
                log.debug(resourceUrl + " does not support HEAD requests, falling back to GET request");
                httpRequest = buildGetRequest();
                httpResponse = httpClient.[execute](http://www.java2s.com/example/java-src/pkg/org/apache/http/client/httpclient-769b4.html#632f2bdb2540939e7f502588aacc6f91)(httpRequest);
                statusCode = httpResponse.getStatusLine().getStatusCode();
                httpRequest.[abort](http://www.java2s.com/example/java-src/pkg/org/apache/http/client/methods/httpurirequest-8fa0f.html#d82bdee79ee610d91ec124e0f322800a)();
            }

            if (statusCode != HttpStatus.SC_OK) {
                return false;
            }

@boehm-gipmbh
Copy link
Author

Dear Jonathan,
I agree, this code would look nice, but it seems this class is not the one used in the flow.
In my environment the org.opensaml.util.resource.HttpResource of <dependency.opensaml.openws.version>1.5.6</dependency.opensaml.openws.version>
is used, which is coded

 public boolean exists() throws ResourceException {
        HeadMethod headMethod = new HeadMethod(resourceUrl);
        headMethod.addRequestHeader("Connection", "close");

        try {
            httpClient.executeMethod(headMethod);
            if (headMethod.getStatusCode() != HttpStatus.SC_OK) {
                return false;
            }

            return true;
        } catch (IOException e) {
            throw new ResourceException("Unable to contact resource URL: " + resourceUrl, e);
        } finally {
            headMethod.releaseConnection();
        }
    }'

indicating Resource does not exist.
The other method using HEAD-call is 
``` public DateTime getLastModifiedTime() throws ResourceException {
        HeadMethod headMethod = new HeadMethod(resourceUrl);
        headMethod.addRequestHeader("Connection", "close");

        try {
            httpClient.executeMethod(headMethod);
            if (headMethod.getStatusCode() != HttpStatus.SC_OK) {
                throw new ResourceException("Unable to retrieve resource URL " + resourceUrl
                        + ", received HTTP status code " + headMethod.getStatusCode());
            }
            Header lastModifiedHeader = headMethod.getResponseHeader("Last-Modified");
            if (lastModifiedHeader != null && !DatatypeHelper.isEmpty(lastModifiedHeader.getValue())) {
                long lastModifiedTime = DateUtil.parseDate(lastModifiedHeader.getValue()).getTime();
                return new DateTime(lastModifiedTime, ISOChronology.getInstanceUTC());
            }

            return new DateTime();
        } catch (IOException e) {
            throw new ResourceException("Unable to contact resource URL: " + resourceUrl, e);
        } catch (DateParseException e) {
            throw new ResourceException("Unable to parse last modified date for resource:" + resourceUrl, e);
        } finally {
            headMethod.releaseConnection();
        }
    }'
throwing the exception.
I believe, this is not handled as you suggest by your code fragment, at least I cannot reproduce this solution mentioned
Kind regards
Detlef

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonjarvis jonjarvis jonjarvis left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@boehm-gipmbh @jonjarvis