001package com.box.sdk; 002 003import java.io.ByteArrayInputStream; 004import java.io.IOException; 005import java.io.InputStream; 006import java.io.OutputStream; 007import java.net.HttpURLConnection; 008import java.net.MalformedURLException; 009import java.net.ProtocolException; 010import java.net.URL; 011import java.util.ArrayList; 012import java.util.List; 013import java.util.Map; 014import java.util.logging.Level; 015import java.util.logging.Logger; 016 017/** 018 * Used to make HTTP requests to the Box API. 019 * 020 * <p>All requests to the REST API are sent using this class or one of its subclasses. This class wraps {@link 021 * HttpURLConnection} in order to provide a simpler interface that can automatically handle various conditions specific 022 * to Box's API. Requests will be authenticated using a {@link BoxAPIConnection} (if one is provided), so it isn't 023 * necessary to add authorization headers. Requests can also be sent more than once, unlike with HttpURLConnection. If 024 * an error occurs while sending a request, it will be automatically retried (with a back off delay) up to the maximum 025 * number of times set in the BoxAPIConnection.</p> 026 * 027 * <p>Specifying a body for a BoxAPIRequest is done differently than it is with HttpURLConnection. Instead of writing to 028 * an OutputStream, the request is provided an {@link InputStream} which will be read when the {@link #send} method is 029 * called. This makes it easy to retry requests since the stream can automatically reset and reread with each attempt. 030 * If the stream cannot be reset, then a new stream will need to be provided before each call to send. There is also a 031 * convenience method for specifying the body as a String, which simply wraps the String with an InputStream.</p> 032 */ 033public class BoxAPIRequest { 034 private static final Logger LOGGER = Logger.getLogger(BoxAPIRequest.class.getName()); 035 private static final int BUFFER_SIZE = 8192; 036 private static final int MAX_REDIRECTS = 3; 037 038 private final BoxAPIConnection api; 039 private final List<RequestHeader> headers; 040 private final String method; 041 042 private URL url; 043 private BackoffCounter backoffCounter; 044 private int timeout; 045 private InputStream body; 046 private long bodyLength; 047 private Map<String, List<String>> requestProperties; 048 private int numRedirects; 049 050 /** 051 * Constructs an unauthenticated BoxAPIRequest. 052 * @param url the URL of the request. 053 * @param method the HTTP method of the request. 054 */ 055 public BoxAPIRequest(URL url, String method) { 056 this(null, url, method); 057 } 058 059 /** 060 * Constructs an authenticated BoxAPIRequest using a provided BoxAPIConnection. 061 * @param api an API connection for authenticating the request. 062 * @param url the URL of the request. 063 * @param method the HTTP method of the request. 064 */ 065 public BoxAPIRequest(BoxAPIConnection api, URL url, String method) { 066 this.api = api; 067 this.url = url; 068 this.method = method; 069 this.headers = new ArrayList<RequestHeader>(); 070 this.backoffCounter = new BackoffCounter(new Time()); 071 072 this.addHeader("Accept-Encoding", "gzip"); 073 this.addHeader("Accept-Charset", "utf-8"); 074 } 075 076 /** 077 * Adds an HTTP header to this request. 078 * @param key the header key. 079 * @param value the header value. 080 */ 081 public void addHeader(String key, String value) { 082 this.headers.add(new RequestHeader(key, value)); 083 } 084 085 /** 086 * Sets a timeout for this request in milliseconds. 087 * @param timeout the timeout in milliseconds. 088 */ 089 public void setTimeout(int timeout) { 090 this.timeout = timeout; 091 } 092 093 /** 094 * Gets the stream containing contents of this request's body. 095 * 096 * <p>Note that any bytes that read from the returned stream won't be sent unless the stream is reset back to its 097 * initial position.</p> 098 * 099 * @return an InputStream containing the contents of this request's body. 100 */ 101 public InputStream getBody() { 102 return this.body; 103 } 104 105 /** 106 * Sets the request body to the contents of an InputStream. 107 * 108 * <p>The stream must support the {@link InputStream#reset} method if auto-retry is used or if the request needs to 109 * be resent. Otherwise, the body must be manually set before each call to {@link #send}.</p> 110 * 111 * @param stream an InputStream containing the contents of the body. 112 */ 113 public void setBody(InputStream stream) { 114 this.body = stream; 115 } 116 117 /** 118 * Sets the request body to the contents of an InputStream. 119 * 120 * <p>Providing the length of the InputStream allows for the progress of the request to be monitored when calling 121 * {@link #send(ProgressListener)}.</p> 122 * 123 * <p> See {@link #setBody(InputStream)} for more information on setting the body of the request.</p> 124 * 125 * @param stream an InputStream containing the contents of the body. 126 * @param length the expected length of the stream. 127 */ 128 public void setBody(InputStream stream, long length) { 129 this.bodyLength = length; 130 this.body = stream; 131 } 132 133 /** 134 * Sets the request body to the contents of a String. 135 * 136 * <p>If the contents of the body are large, then it may be more efficient to use an {@link InputStream} instead of 137 * a String. Using a String requires that the entire body be in memory before sending the request.</p> 138 * 139 * @param body a String containing the contents of the body. 140 */ 141 public void setBody(String body) { 142 byte[] bytes = body.getBytes(StandardCharsets.UTF_8); 143 this.bodyLength = bytes.length; 144 this.body = new ByteArrayInputStream(bytes); 145 } 146 147 /** 148 * Gets the URL from the request. 149 * 150 * @return a URL containing the URL of the request. 151 */ 152 public URL getUrl() { 153 return this.url; 154 } 155 156 /** 157 * Sends this request and returns a BoxAPIResponse containing the server's response. 158 * 159 * <p>The type of the returned BoxAPIResponse will be based on the content type returned by the server, allowing it 160 * to be cast to a more specific type. For example, if it's known that the API call will return a JSON response, 161 * then it can be cast to a {@link BoxJSONResponse} like so:</p> 162 * 163 * <pre>BoxJSONResponse response = (BoxJSONResponse) request.send();</pre> 164 * 165 * <p>If the server returns an error code or if a network error occurs, then the request will be automatically 166 * retried. If the maximum number of retries is reached and an error still occurs, then a {@link BoxAPIException} 167 * will be thrown.</p> 168 * 169 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 170 * @return a {@link BoxAPIResponse} containing the server's response. 171 */ 172 public BoxAPIResponse send() { 173 return this.send(null); 174 } 175 176 /** 177 * Sends this request while monitoring its progress and returns a BoxAPIResponse containing the server's response. 178 * 179 * <p>A ProgressListener is generally only useful when the size of the request is known beforehand. If the size is 180 * unknown, then the ProgressListener will be updated for each byte sent, but the total number of bytes will be 181 * reported as 0.</p> 182 * 183 * <p> See {@link #send} for more information on sending requests.</p> 184 * 185 * @param listener a listener for monitoring the progress of the request. 186 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 187 * @return a {@link BoxAPIResponse} containing the server's response. 188 */ 189 public BoxAPIResponse send(ProgressListener listener) { 190 if (this.api == null) { 191 this.backoffCounter.reset(BoxAPIConnection.DEFAULT_MAX_ATTEMPTS); 192 } else { 193 this.backoffCounter.reset(this.api.getMaxRequestAttempts()); 194 } 195 196 while (this.backoffCounter.getAttemptsRemaining() > 0) { 197 try { 198 return this.trySend(listener); 199 } catch (BoxAPIException apiException) { 200 if (!this.backoffCounter.decrement() || !isResponseRetryable(apiException.getResponseCode())) { 201 throw apiException; 202 } 203 204 try { 205 this.resetBody(); 206 } catch (IOException ioException) { 207 throw apiException; 208 } 209 210 try { 211 this.backoffCounter.waitBackoff(); 212 } catch (InterruptedException interruptedException) { 213 Thread.currentThread().interrupt(); 214 throw apiException; 215 } 216 } 217 } 218 219 throw new RuntimeException(); 220 } 221 222 /** 223 * Returns a String containing the URL, HTTP method, headers and body of this request. 224 * @return a String containing information about this request. 225 */ 226 @Override 227 public String toString() { 228 String lineSeparator = System.getProperty("line.separator"); 229 StringBuilder builder = new StringBuilder(); 230 builder.append("Request"); 231 builder.append(lineSeparator); 232 builder.append(this.method); 233 builder.append(' '); 234 builder.append(this.url.toString()); 235 builder.append(lineSeparator); 236 237 for (Map.Entry<String, List<String>> entry : this.requestProperties.entrySet()) { 238 List<String> nonEmptyValues = new ArrayList<String>(); 239 for (String value : entry.getValue()) { 240 if (value != null && value.trim().length() != 0) { 241 nonEmptyValues.add(value); 242 } 243 } 244 245 if (nonEmptyValues.size() == 0) { 246 continue; 247 } 248 249 builder.append(entry.getKey()); 250 builder.append(": "); 251 for (String value : nonEmptyValues) { 252 builder.append(value); 253 builder.append(", "); 254 } 255 256 builder.delete(builder.length() - 2, builder.length()); 257 builder.append(lineSeparator); 258 } 259 260 String bodyString = this.bodyToString(); 261 if (bodyString != null) { 262 builder.append(lineSeparator); 263 builder.append(bodyString); 264 } 265 266 return builder.toString().trim(); 267 } 268 269 /** 270 * Returns a String representation of this request's body used in {@link #toString}. This method returns 271 * null by default. 272 * 273 * <p>A subclass may want override this method if the body can be converted to a String for logging or debugging 274 * purposes.</p> 275 * 276 * @return a String representation of this request's body. 277 */ 278 protected String bodyToString() { 279 return null; 280 } 281 282 /** 283 * Writes the body of this request to an HttpURLConnection. 284 * 285 * <p>Subclasses overriding this method must remember to close the connection's OutputStream after writing.</p> 286 * 287 * @param connection the connection to which the body should be written. 288 * @param listener an optional listener for monitoring the write progress. 289 * @throws BoxAPIException if an error occurs while writing to the connection. 290 */ 291 protected void writeBody(HttpURLConnection connection, ProgressListener listener) { 292 if (this.body == null) { 293 return; 294 } 295 296 connection.setDoOutput(true); 297 try { 298 OutputStream output = connection.getOutputStream(); 299 if (listener != null) { 300 output = new ProgressOutputStream(output, listener, this.bodyLength); 301 } 302 int b = this.body.read(); 303 while (b != -1) { 304 output.write(b); 305 b = this.body.read(); 306 } 307 output.close(); 308 } catch (IOException e) { 309 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 310 } 311 } 312 313 /** 314 * Resets the InputStream containing this request's body. 315 * 316 * <p>This method will be called before each attempt to resend the request, giving subclasses an opportunity to 317 * reset any streams that need to be read when sending the body.</p> 318 * 319 * @throws IOException if the stream cannot be reset. 320 */ 321 protected void resetBody() throws IOException { 322 if (this.body != null) { 323 this.body.reset(); 324 } 325 } 326 327 void setBackoffCounter(BackoffCounter counter) { 328 this.backoffCounter = counter; 329 } 330 331 private BoxAPIResponse trySend(ProgressListener listener) { 332 if (this.api != null) { 333 RequestInterceptor interceptor = this.api.getRequestInterceptor(); 334 if (interceptor != null) { 335 BoxAPIResponse response = interceptor.onRequest(this); 336 if (response != null) { 337 return response; 338 } 339 } 340 } 341 342 HttpURLConnection connection = this.createConnection(); 343 344 if (this.bodyLength > 0) { 345 connection.setFixedLengthStreamingMode((int) this.bodyLength); 346 connection.setDoOutput(true); 347 } 348 349 if (this.api != null) { 350 connection.addRequestProperty("Authorization", "Bearer " + this.api.getAccessToken()); 351 connection.setRequestProperty("User-Agent", this.api.getUserAgent()); 352 353 if (this.api instanceof SharedLinkAPIConnection) { 354 SharedLinkAPIConnection sharedItemAPI = (SharedLinkAPIConnection) this.api; 355 String sharedLink = sharedItemAPI.getSharedLink(); 356 String boxAPIValue = "shared_link=" + sharedLink; 357 String sharedLinkPassword = sharedItemAPI.getSharedLinkPassword(); 358 if (sharedLinkPassword != null) { 359 boxAPIValue += "&shared_link_password=" + sharedLinkPassword; 360 } 361 connection.addRequestProperty("BoxApi", boxAPIValue); 362 } 363 } 364 365 this.requestProperties = connection.getRequestProperties(); 366 this.writeBody(connection, listener); 367 368 // Ensure that we're connected in case writeBody() didn't write anything. 369 try { 370 connection.connect(); 371 } catch (IOException e) { 372 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 373 } 374 375 this.logRequest(connection); 376 377 // We need to manually handle redirects by creating a new HttpURLConnection so that connection pooling happens 378 // correctly. There seems to be a bug in Oracle's Java implementation where automatically handled redirects will 379 // not keep the connection alive. 380 int responseCode; 381 try { 382 responseCode = connection.getResponseCode(); 383 } catch (IOException e) { 384 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 385 } 386 if (isResponseRedirect(responseCode)) { 387 return this.handleRedirect(connection, listener); 388 } 389 390 String contentType = connection.getContentType(); 391 BoxAPIResponse response; 392 if (contentType == null) { 393 response = new BoxAPIResponse(connection); 394 } else if (contentType.contains("application/json")) { 395 response = new BoxJSONResponse(connection); 396 } else { 397 response = new BoxAPIResponse(connection); 398 } 399 400 return response; 401 } 402 403 private BoxAPIResponse handleRedirect(HttpURLConnection connection, ProgressListener listener) { 404 if (this.numRedirects >= MAX_REDIRECTS) { 405 throw new BoxAPIException("The Box API responded with too many redirects."); 406 } 407 this.numRedirects++; 408 409 // Even though the redirect response won't have a body, we need to read the InputStream so that Java will put 410 // the connection back in the connection pool. 411 try { 412 InputStream stream = connection.getInputStream(); 413 byte[] buffer = new byte[8192]; 414 int n = stream.read(buffer); 415 while (n != -1) { 416 n = stream.read(buffer); 417 } 418 stream.close(); 419 } catch (IOException e) { 420 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 421 } 422 423 String redirect = connection.getHeaderField("Location"); 424 try { 425 this.url = new URL(redirect); 426 } catch (MalformedURLException e) { 427 throw new BoxAPIException("The Box API responded with an invalid redirect.", e); 428 } 429 return this.trySend(listener); 430 } 431 432 private void logRequest(HttpURLConnection connection) { 433 if (LOGGER.isLoggable(Level.FINE)) { 434 LOGGER.log(Level.FINE, this.toString()); 435 } 436 } 437 438 private HttpURLConnection createConnection() { 439 HttpURLConnection connection = null; 440 441 try { 442 connection = (HttpURLConnection) this.url.openConnection(); 443 } catch (IOException e) { 444 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 445 } 446 447 try { 448 connection.setRequestMethod(this.method); 449 } catch (ProtocolException e) { 450 throw new BoxAPIException("Couldn't connect to the Box API because the request's method was invalid.", e); 451 } 452 453 connection.setConnectTimeout(this.timeout); 454 connection.setReadTimeout(this.timeout); 455 456 // Don't allow HttpURLConnection to automatically redirect because it messes up the connection pool. See the 457 // trySend(ProgressListener) method for how we handle redirects. 458 connection.setInstanceFollowRedirects(false); 459 460 for (RequestHeader header : this.headers) { 461 connection.addRequestProperty(header.getKey(), header.getValue()); 462 } 463 464 return connection; 465 } 466 467 private static boolean isResponseRetryable(int responseCode) { 468 return (responseCode >= 500 || responseCode == 429); 469 } 470 471 private static boolean isResponseRedirect(int responseCode) { 472 return (responseCode == 301 || responseCode == 302); 473 } 474 475 private final class RequestHeader { 476 private final String key; 477 private final String value; 478 479 public RequestHeader(String key, String value) { 480 this.key = key; 481 this.value = value; 482 } 483 484 public String getKey() { 485 return this.key; 486 } 487 488 public String getValue() { 489 return this.value; 490 } 491 } 492}