001package com.box.sdk; 002 003import java.io.ByteArrayInputStream; 004import java.io.IOException; 005import java.io.InputStream; 006import java.io.OutputStream; 007import java.net.HttpURLConnection; 008import java.net.MalformedURLException; 009import java.net.ProtocolException; 010import java.net.URL; 011import java.util.ArrayList; 012import java.util.List; 013import java.util.Map; 014import java.util.logging.Level; 015import java.util.logging.Logger; 016 017/** 018 * Used to make HTTP requests to the Box API. 019 * 020 * <p>All requests to the REST API are sent using this class or one of its subclasses. This class wraps {@link 021 * HttpURLConnection} in order to provide a simpler interface that can automatically handle various conditions specific 022 * to Box's API. Requests will be authenticated using a {@link BoxAPIConnection} (if one is provided), so it isn't 023 * necessary to add authorization headers. Requests can also be sent more than once, unlike with HttpURLConnection. If 024 * an error occurs while sending a request, it will be automatically retried (with a back off delay) up to the maximum 025 * number of times set in the BoxAPIConnection.</p> 026 * 027 * <p>Specifying a body for a BoxAPIRequest is done differently than it is with HttpURLConnection. Instead of writing to 028 * an OutputStream, the request is provided an {@link InputStream} which will be read when the {@link #send} method is 029 * called. This makes it easy to retry requests since the stream can automatically reset and reread with each attempt. 030 * If the stream cannot be reset, then a new stream will need to be provided before each call to send. There is also a 031 * convenience method for specifying the body as a String, which simply wraps the String with an InputStream.</p> 032 */ 033public class BoxAPIRequest { 034 private static final Logger LOGGER = Logger.getLogger(BoxAPIRequest.class.getName()); 035 private static final int BUFFER_SIZE = 8192; 036 private static final int MAX_REDIRECTS = 3; 037 038 private final BoxAPIConnection api; 039 private final List<RequestHeader> headers; 040 private final String method; 041 042 private URL url; 043 private BackoffCounter backoffCounter; 044 private int timeout; 045 private InputStream body; 046 private long bodyLength; 047 private Map<String, List<String>> requestProperties; 048 private int numRedirects; 049 private boolean shouldAuthenticate; 050 051 /** 052 * Constructs an unauthenticated BoxAPIRequest. 053 * @param url the URL of the request. 054 * @param method the HTTP method of the request. 055 */ 056 public BoxAPIRequest(URL url, String method) { 057 this(null, url, method); 058 } 059 060 /** 061 * Constructs an authenticated BoxAPIRequest using a provided BoxAPIConnection. 062 * @param api an API connection for authenticating the request. 063 * @param url the URL of the request. 064 * @param method the HTTP method of the request. 065 */ 066 public BoxAPIRequest(BoxAPIConnection api, URL url, String method) { 067 this.api = api; 068 this.url = url; 069 this.method = method; 070 this.headers = new ArrayList<RequestHeader>(); 071 this.backoffCounter = new BackoffCounter(new Time()); 072 this.shouldAuthenticate = true; 073 074 this.addHeader("Accept-Encoding", "gzip"); 075 this.addHeader("Accept-Charset", "utf-8"); 076 } 077 078 /** 079 * Adds an HTTP header to this request. 080 * @param key the header key. 081 * @param value the header value. 082 */ 083 public void addHeader(String key, String value) { 084 this.headers.add(new RequestHeader(key, value)); 085 } 086 087 /** 088 * Sets a timeout for this request in milliseconds. 089 * @param timeout the timeout in milliseconds. 090 */ 091 public void setTimeout(int timeout) { 092 this.timeout = timeout; 093 } 094 095 /** 096 * Gets the stream containing contents of this request's body. 097 * 098 * <p>Note that any bytes that read from the returned stream won't be sent unless the stream is reset back to its 099 * initial position.</p> 100 * 101 * @return an InputStream containing the contents of this request's body. 102 */ 103 public InputStream getBody() { 104 return this.body; 105 } 106 107 /** 108 * Sets the request body to the contents of an InputStream. 109 * 110 * <p>The stream must support the {@link InputStream#reset} method if auto-retry is used or if the request needs to 111 * be resent. Otherwise, the body must be manually set before each call to {@link #send}.</p> 112 * 113 * @param stream an InputStream containing the contents of the body. 114 */ 115 public void setBody(InputStream stream) { 116 this.body = stream; 117 } 118 119 /** 120 * Sets the request body to the contents of an InputStream. 121 * 122 * <p>Providing the length of the InputStream allows for the progress of the request to be monitored when calling 123 * {@link #send(ProgressListener)}.</p> 124 * 125 * <p> See {@link #setBody(InputStream)} for more information on setting the body of the request.</p> 126 * 127 * @param stream an InputStream containing the contents of the body. 128 * @param length the expected length of the stream. 129 */ 130 public void setBody(InputStream stream, long length) { 131 this.bodyLength = length; 132 this.body = stream; 133 } 134 135 /** 136 * Sets the request body to the contents of a String. 137 * 138 * <p>If the contents of the body are large, then it may be more efficient to use an {@link InputStream} instead of 139 * a String. Using a String requires that the entire body be in memory before sending the request.</p> 140 * 141 * @param body a String containing the contents of the body. 142 */ 143 public void setBody(String body) { 144 byte[] bytes = body.getBytes(StandardCharsets.UTF_8); 145 this.bodyLength = bytes.length; 146 this.body = new ByteArrayInputStream(bytes); 147 } 148 149 /** 150 * Gets the URL from the request. 151 * 152 * @return a URL containing the URL of the request. 153 */ 154 public URL getUrl() { 155 return this.url; 156 } 157 158 /** 159 * Sends this request and returns a BoxAPIResponse containing the server's response. 160 * 161 * <p>The type of the returned BoxAPIResponse will be based on the content type returned by the server, allowing it 162 * to be cast to a more specific type. For example, if it's known that the API call will return a JSON response, 163 * then it can be cast to a {@link BoxJSONResponse} like so:</p> 164 * 165 * <pre>BoxJSONResponse response = (BoxJSONResponse) request.send();</pre> 166 * 167 * <p>If the server returns an error code or if a network error occurs, then the request will be automatically 168 * retried. If the maximum number of retries is reached and an error still occurs, then a {@link BoxAPIException} 169 * will be thrown.</p> 170 * 171 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 172 * @return a {@link BoxAPIResponse} containing the server's response. 173 */ 174 public BoxAPIResponse send() { 175 return this.send(null); 176 } 177 178 /** 179 * Sends this request while monitoring its progress and returns a BoxAPIResponse containing the server's response. 180 * 181 * <p>A ProgressListener is generally only useful when the size of the request is known beforehand. If the size is 182 * unknown, then the ProgressListener will be updated for each byte sent, but the total number of bytes will be 183 * reported as 0.</p> 184 * 185 * <p> See {@link #send} for more information on sending requests.</p> 186 * 187 * @param listener a listener for monitoring the progress of the request. 188 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 189 * @return a {@link BoxAPIResponse} containing the server's response. 190 */ 191 public BoxAPIResponse send(ProgressListener listener) { 192 if (this.api == null) { 193 this.backoffCounter.reset(BoxAPIConnection.DEFAULT_MAX_ATTEMPTS); 194 } else { 195 this.backoffCounter.reset(this.api.getMaxRequestAttempts()); 196 } 197 198 while (this.backoffCounter.getAttemptsRemaining() > 0) { 199 try { 200 return this.trySend(listener); 201 } catch (BoxAPIException apiException) { 202 if (!this.backoffCounter.decrement() || !isResponseRetryable(apiException.getResponseCode())) { 203 throw apiException; 204 } 205 206 try { 207 this.resetBody(); 208 } catch (IOException ioException) { 209 throw apiException; 210 } 211 212 try { 213 this.backoffCounter.waitBackoff(); 214 } catch (InterruptedException interruptedException) { 215 Thread.currentThread().interrupt(); 216 throw apiException; 217 } 218 } 219 } 220 221 throw new RuntimeException(); 222 } 223 224 /** 225 * Returns a String containing the URL, HTTP method, headers and body of this request. 226 * @return a String containing information about this request. 227 */ 228 @Override 229 public String toString() { 230 String lineSeparator = System.getProperty("line.separator"); 231 StringBuilder builder = new StringBuilder(); 232 builder.append("Request"); 233 builder.append(lineSeparator); 234 builder.append(this.method); 235 builder.append(' '); 236 builder.append(this.url.toString()); 237 builder.append(lineSeparator); 238 239 for (Map.Entry<String, List<String>> entry : this.requestProperties.entrySet()) { 240 List<String> nonEmptyValues = new ArrayList<String>(); 241 for (String value : entry.getValue()) { 242 if (value != null && value.trim().length() != 0) { 243 nonEmptyValues.add(value); 244 } 245 } 246 247 if (nonEmptyValues.size() == 0) { 248 continue; 249 } 250 251 builder.append(entry.getKey()); 252 builder.append(": "); 253 for (String value : nonEmptyValues) { 254 builder.append(value); 255 builder.append(", "); 256 } 257 258 builder.delete(builder.length() - 2, builder.length()); 259 builder.append(lineSeparator); 260 } 261 262 String bodyString = this.bodyToString(); 263 if (bodyString != null) { 264 builder.append(lineSeparator); 265 builder.append(bodyString); 266 } 267 268 return builder.toString().trim(); 269 } 270 271 /** 272 * Returns a String representation of this request's body used in {@link #toString}. This method returns 273 * null by default. 274 * 275 * <p>A subclass may want override this method if the body can be converted to a String for logging or debugging 276 * purposes.</p> 277 * 278 * @return a String representation of this request's body. 279 */ 280 protected String bodyToString() { 281 return null; 282 } 283 284 /** 285 * Writes the body of this request to an HttpURLConnection. 286 * 287 * <p>Subclasses overriding this method must remember to close the connection's OutputStream after writing.</p> 288 * 289 * @param connection the connection to which the body should be written. 290 * @param listener an optional listener for monitoring the write progress. 291 * @throws BoxAPIException if an error occurs while writing to the connection. 292 */ 293 protected void writeBody(HttpURLConnection connection, ProgressListener listener) { 294 if (this.body == null) { 295 return; 296 } 297 298 connection.setDoOutput(true); 299 try { 300 OutputStream output = connection.getOutputStream(); 301 if (listener != null) { 302 output = new ProgressOutputStream(output, listener, this.bodyLength); 303 } 304 int b = this.body.read(); 305 while (b != -1) { 306 output.write(b); 307 b = this.body.read(); 308 } 309 output.close(); 310 } catch (IOException e) { 311 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 312 } 313 } 314 315 /** 316 * Resets the InputStream containing this request's body. 317 * 318 * <p>This method will be called before each attempt to resend the request, giving subclasses an opportunity to 319 * reset any streams that need to be read when sending the body.</p> 320 * 321 * @throws IOException if the stream cannot be reset. 322 */ 323 protected void resetBody() throws IOException { 324 if (this.body != null) { 325 this.body.reset(); 326 } 327 } 328 329 void setBackoffCounter(BackoffCounter counter) { 330 this.backoffCounter = counter; 331 } 332 333 private BoxAPIResponse trySend(ProgressListener listener) { 334 if (this.api != null) { 335 RequestInterceptor interceptor = this.api.getRequestInterceptor(); 336 if (interceptor != null) { 337 BoxAPIResponse response = interceptor.onRequest(this); 338 if (response != null) { 339 return response; 340 } 341 } 342 } 343 344 HttpURLConnection connection = this.createConnection(); 345 346 if (this.bodyLength > 0) { 347 connection.setFixedLengthStreamingMode((int) this.bodyLength); 348 connection.setDoOutput(true); 349 } 350 351 if (this.api != null) { 352 if (this.shouldAuthenticate) { 353 connection.addRequestProperty("Authorization", "Bearer " + this.api.lockAccessToken()); 354 } 355 connection.setRequestProperty("User-Agent", this.api.getUserAgent()); 356 if (this.api.getProxy() != null) { 357 if (this.api.getProxyUsername() != null && this.api.getProxyPassword() != null) { 358 String usernameAndPassword = this.api.getProxyUsername() + ":" + this.api.getProxyPassword(); 359 String encoded = new String(Base64.encode(usernameAndPassword.getBytes())); 360 connection.addRequestProperty("Proxy-Authorization", "Basic " + encoded); 361 } 362 } 363 364 if (this.api instanceof SharedLinkAPIConnection) { 365 SharedLinkAPIConnection sharedItemAPI = (SharedLinkAPIConnection) this.api; 366 String sharedLink = sharedItemAPI.getSharedLink(); 367 String boxAPIValue = "shared_link=" + sharedLink; 368 String sharedLinkPassword = sharedItemAPI.getSharedLinkPassword(); 369 if (sharedLinkPassword != null) { 370 boxAPIValue += "&shared_link_password=" + sharedLinkPassword; 371 } 372 connection.addRequestProperty("BoxApi", boxAPIValue); 373 } 374 } 375 376 this.requestProperties = connection.getRequestProperties(); 377 378 int responseCode; 379 try { 380 this.writeBody(connection, listener); 381 382 // Ensure that we're connected in case writeBody() didn't write anything. 383 try { 384 connection.connect(); 385 } catch (IOException e) { 386 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 387 } 388 389 this.logRequest(connection); 390 391 // We need to manually handle redirects by creating a new HttpURLConnection so that connection pooling 392 // happens correctly. There seems to be a bug in Oracle's Java implementation where automatically handled 393 // redirects will not keep the connection alive. 394 try { 395 responseCode = connection.getResponseCode(); 396 } catch (IOException e) { 397 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 398 } 399 } finally { 400 if (this.api != null && this.shouldAuthenticate) { 401 this.api.unlockAccessToken(); 402 } 403 } 404 405 if (isResponseRedirect(responseCode)) { 406 return this.handleRedirect(connection, listener); 407 } 408 409 String contentType = connection.getContentType(); 410 BoxAPIResponse response; 411 if (contentType == null) { 412 response = new BoxAPIResponse(connection); 413 } else if (contentType.contains("application/json")) { 414 response = new BoxJSONResponse(connection); 415 } else { 416 response = new BoxAPIResponse(connection); 417 } 418 419 return response; 420 } 421 422 private BoxAPIResponse handleRedirect(HttpURLConnection connection, ProgressListener listener) { 423 if (this.numRedirects >= MAX_REDIRECTS) { 424 throw new BoxAPIException("The Box API responded with too many redirects."); 425 } 426 this.numRedirects++; 427 428 // Even though the redirect response won't have a body, we need to read the InputStream so that Java will put 429 // the connection back in the connection pool. 430 try { 431 InputStream stream = connection.getInputStream(); 432 byte[] buffer = new byte[8192]; 433 int n = stream.read(buffer); 434 while (n != -1) { 435 n = stream.read(buffer); 436 } 437 stream.close(); 438 } catch (IOException e) { 439 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 440 } 441 442 String redirect = connection.getHeaderField("Location"); 443 try { 444 this.url = new URL(redirect); 445 } catch (MalformedURLException e) { 446 throw new BoxAPIException("The Box API responded with an invalid redirect.", e); 447 } 448 return this.trySend(listener); 449 } 450 451 private void logRequest(HttpURLConnection connection) { 452 if (LOGGER.isLoggable(Level.FINE)) { 453 LOGGER.log(Level.FINE, this.toString()); 454 } 455 } 456 457 private HttpURLConnection createConnection() { 458 HttpURLConnection connection = null; 459 460 try { 461 if (this.api == null || this.api.getProxy() == null) { 462 connection = (HttpURLConnection) this.url.openConnection(); 463 } else { 464 connection = (HttpURLConnection) this.url.openConnection(this.api.getProxy()); 465 } 466 } catch (IOException e) { 467 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 468 } 469 470 try { 471 connection.setRequestMethod(this.method); 472 } catch (ProtocolException e) { 473 throw new BoxAPIException("Couldn't connect to the Box API because the request's method was invalid.", e); 474 } 475 476 connection.setConnectTimeout(this.timeout); 477 connection.setReadTimeout(this.timeout); 478 479 // Don't allow HttpURLConnection to automatically redirect because it messes up the connection pool. See the 480 // trySend(ProgressListener) method for how we handle redirects. 481 connection.setInstanceFollowRedirects(false); 482 483 for (RequestHeader header : this.headers) { 484 connection.addRequestProperty(header.getKey(), header.getValue()); 485 } 486 487 return connection; 488 } 489 490 void shouldAuthenticate(boolean shouldAuthenticate) { 491 this.shouldAuthenticate = shouldAuthenticate; 492 } 493 494 private static boolean isResponseRetryable(int responseCode) { 495 return (responseCode >= 500 || responseCode == 429); 496 } 497 498 private static boolean isResponseRedirect(int responseCode) { 499 return (responseCode == 301 || responseCode == 302); 500 } 501 502 private final class RequestHeader { 503 private final String key; 504 private final String value; 505 506 public RequestHeader(String key, String value) { 507 this.key = key; 508 this.value = value; 509 } 510 511 public String getKey() { 512 return this.key; 513 } 514 515 public String getValue() { 516 return this.value; 517 } 518 } 519}