Class SURL

java.lang.Object
net.sourceforge.plantuml.security.SURL

public class SURL extends java.lang.Object
Secure replacement for java.net.URL.

This class should be used instead of java.net.URL.

This class does some control access and manages access-tokens via URL. If a URL contains a access-token, similar to a user prefix, SURL loads the authorization config for this user-token and passes the credentials to the host.

Example:

     SURL url = SURL.create ("https://jenkins-access@jenkins.mycompany.com/api/json")
 
The jenkins-access will checked against the Security context access token configuration. If a configuration exists for this token name, the token will be removed from the URL and the credentials will be added to the headers. If the token is not found, the URL remains as it is and no separate authentication will be performed.

TODO: Some methods should be moved to a HttpClient implementation, because SURL is not the valid class to manage it.
TODO: BAD_HOSTS implementation should be reviewed and moved to HttpClient implementation with a circuit-breaker.
TODO: Token expiration with refresh should be implemented in future.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final java.lang.String
    Indicates, that we have no authentication to access the URL.
  • Method Summary

    Modifier and Type
    Method
    Description
    static SURL
    create(java.lang.String url)
    Create a secure URL from a String.
    static SURL
    create(java.net.URL url)
    Create a secure URL from a java.net.URL object.
    byte[]
    Reads from an endpoint (with configured credentials and proxy) the response as blob.
    byte[]
    getBytesOnPost(java.net.Proxy proxy, SecurityAuthentication authentication, java.lang.String data, java.util.Map<java.lang.String,java.lang.Object> headers)
    Post to an endpoint with a given authentication and proxy the response as blob.
    boolean
    Informs, if SecurityCredentials are configured for this connection.
    java.io.InputStream
     
    java.awt.image.BufferedImage
     
    java.lang.String
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
  • Field Details

    • WITHOUT_AUTHENTICATION

      public static final java.lang.String WITHOUT_AUTHENTICATION
      Indicates, that we have no authentication to access the URL.
      See Also:
  • Method Details

    • create

      public static SURL create(java.lang.String url)
      Create a secure URL from a String.

      The url must be http or https. Return null in case of error or if url is null

      Parameters:
      url - plain url starting by http:// or https//
      Returns:
      the secure URL or null
    • create

      public static SURL create(java.net.URL url) throws java.net.MalformedURLException
      Create a secure URL from a java.net.URL object.

      It takes into account credentials.

      Parameters:
      url -
      Returns:
      the secure URL
      Throws:
      java.net.MalformedURLException - if url is null
    • toString

      public java.lang.String toString()
      Overrides:
      toString in class java.lang.Object
    • getBytes

      public byte[] getBytes()
      Reads from an endpoint (with configured credentials and proxy) the response as blob.

      This method allows access to an endpoint, with a configured SecurityCredentials object. The credentials will load on the fly and authentication fetched from an authentication-manager. Caching of tokens is not supported.

      authors: Alain Corbiere, Aljoscha Rittner

      Returns:
      data loaded data from endpoint
    • getBytesOnPost

      public byte[] getBytesOnPost(java.net.Proxy proxy, SecurityAuthentication authentication, java.lang.String data, java.util.Map<java.lang.String,java.lang.Object> headers)
      Post to an endpoint with a given authentication and proxy the response as blob.

      This method allows a parametrized access to an endpoint, without a configured SecurityCredentials object. This is useful to access internally identity providers (IDP), or authorization servers (to request access tokens).

      This method don't use the "bad-host" functionality, because the access to infrastructure services should not be obfuscated by some internal management.

      Please don't use this method directly from DSL scripts.

      Parameters:
      authentication - authentication object data. Caller is responsible to erase credentials
      proxy - proxy configuration
      data - content to post
      headers - headers, if needed
      Returns:
      loaded data from endpoint
    • openStream

      public java.io.InputStream openStream()
    • readRasterImageFromURL

      public java.awt.image.BufferedImage readRasterImageFromURL()
    • isAuthorizationConfigured

      public boolean isAuthorizationConfigured()
      Informs, if SecurityCredentials are configured for this connection.
      Returns:
      true, if credentials will be used for a connection