001package com.box.sdk; 002 003import java.io.ByteArrayInputStream; 004import java.io.IOException; 005import java.io.InputStream; 006import java.io.OutputStream; 007import java.net.HttpURLConnection; 008import java.net.MalformedURLException; 009import java.net.ProtocolException; 010import java.net.URL; 011import java.util.ArrayList; 012import java.util.List; 013import java.util.Map; 014import java.util.logging.Level; 015import java.util.logging.Logger; 016 017import com.box.sdk.http.HttpHeaders; 018import com.box.sdk.http.HttpMethod; 019 020/** 021 * Used to make HTTP requests to the Box API. 022 * 023 * <p>All requests to the REST API are sent using this class or one of its subclasses. This class wraps {@link 024 * HttpURLConnection} in order to provide a simpler interface that can automatically handle various conditions specific 025 * to Box's API. Requests will be authenticated using a {@link BoxAPIConnection} (if one is provided), so it isn't 026 * necessary to add authorization headers. Requests can also be sent more than once, unlike with HttpURLConnection. If 027 * an error occurs while sending a request, it will be automatically retried (with a back off delay) up to the maximum 028 * number of times set in the BoxAPIConnection.</p> 029 * 030 * <p>Specifying a body for a BoxAPIRequest is done differently than it is with HttpURLConnection. Instead of writing to 031 * an OutputStream, the request is provided an {@link InputStream} which will be read when the {@link #send} method is 032 * called. This makes it easy to retry requests since the stream can automatically reset and reread with each attempt. 033 * If the stream cannot be reset, then a new stream will need to be provided before each call to send. There is also a 034 * convenience method for specifying the body as a String, which simply wraps the String with an InputStream.</p> 035 */ 036public class BoxAPIRequest { 037 private static final Logger LOGGER = Logger.getLogger(BoxAPIRequest.class.getName()); 038 private static final int BUFFER_SIZE = 8192; 039 private static final int MAX_REDIRECTS = 3; 040 041 private final BoxAPIConnection api; 042 private final List<RequestHeader> headers; 043 private final String method; 044 045 private URL url; 046 private BackoffCounter backoffCounter; 047 private int connectTimeout; 048 private int readTimeout; 049 private InputStream body; 050 private long bodyLength; 051 private Map<String, List<String>> requestProperties; 052 private int numRedirects; 053 private boolean followRedirects = true; 054 private boolean shouldAuthenticate; 055 056 /** 057 * Constructs an unauthenticated BoxAPIRequest. 058 * @param url the URL of the request. 059 * @param method the HTTP method of the request. 060 */ 061 public BoxAPIRequest(URL url, String method) { 062 this(null, url, method); 063 } 064 065 /** 066 * Constructs an authenticated BoxAPIRequest using a provided BoxAPIConnection. 067 * @param api an API connection for authenticating the request. 068 * @param url the URL of the request. 069 * @param method the HTTP method of the request. 070 */ 071 public BoxAPIRequest(BoxAPIConnection api, URL url, String method) { 072 this.api = api; 073 this.url = url; 074 this.method = method; 075 this.headers = new ArrayList<RequestHeader>(); 076 this.backoffCounter = new BackoffCounter(new Time()); 077 this.shouldAuthenticate = true; 078 this.connectTimeout = BoxGlobalSettings.getConnectTimeout(); 079 this.readTimeout = BoxGlobalSettings.getReadTimeout(); 080 081 this.addHeader("Accept-Encoding", "gzip"); 082 this.addHeader("Accept-Charset", "utf-8"); 083 } 084 085 /** 086 * Constructs an authenticated BoxAPIRequest using a provided BoxAPIConnection. 087 * @param api an API connection for authenticating the request. 088 * @param url the URL of the request. 089 * @param method the HTTP method of the request. 090 */ 091 public BoxAPIRequest(BoxAPIConnection api, URL url, HttpMethod method) { 092 this(api, url, method.name()); 093 } 094 095 /** 096 * Constructs an request, using URL and HttpMethod. 097 * @param url the URL of the request. 098 * @param method the HTTP method of the request. 099 */ 100 public BoxAPIRequest(URL url, HttpMethod method) { 101 this(url, method.name()); 102 } 103 104 /** 105 * Adds an HTTP header to this request. 106 * @param key the header key. 107 * @param value the header value. 108 */ 109 public void addHeader(String key, String value) { 110 if ("As-User".equals(key)) { 111 int index = this.headers.indexOf("As-User"); 112 if (index > -1) { 113 this.headers.remove(index); 114 } 115 } 116 this.headers.add(new RequestHeader(key, value)); 117 } 118 119 /** 120 * Sets a Connect timeout for this request in milliseconds. 121 * @param timeout the timeout in milliseconds. 122 */ 123 public void setConnectTimeout(int timeout) { 124 this.connectTimeout = timeout; 125 } 126 127 /** 128 * Sets a read timeout for this request in milliseconds. 129 * @param timeout the timeout in milliseconds. 130 */ 131 public void setReadTimeout(int timeout) { 132 this.readTimeout = timeout; 133 } 134 135 /** 136 * Sets whether or not to follow redirects (i.e. Location header) 137 * @param followRedirects true to follow, false to not follow 138 */ 139 public void setFollowRedirects(boolean followRedirects) { 140 this.followRedirects = followRedirects; 141 } 142 143 /** 144 * Gets the stream containing contents of this request's body. 145 * 146 * <p>Note that any bytes that read from the returned stream won't be sent unless the stream is reset back to its 147 * initial position.</p> 148 * 149 * @return an InputStream containing the contents of this request's body. 150 */ 151 public InputStream getBody() { 152 return this.body; 153 } 154 155 /** 156 * Sets the request body to the contents of an InputStream. 157 * 158 * <p>The stream must support the {@link InputStream#reset} method if auto-retry is used or if the request needs to 159 * be resent. Otherwise, the body must be manually set before each call to {@link #send}.</p> 160 * 161 * @param stream an InputStream containing the contents of the body. 162 */ 163 public void setBody(InputStream stream) { 164 this.body = stream; 165 } 166 167 /** 168 * Sets the request body to the contents of an InputStream. 169 * 170 * <p>Providing the length of the InputStream allows for the progress of the request to be monitored when calling 171 * {@link #send(ProgressListener)}.</p> 172 * 173 * <p> See {@link #setBody(InputStream)} for more information on setting the body of the request.</p> 174 * 175 * @param stream an InputStream containing the contents of the body. 176 * @param length the expected length of the stream. 177 */ 178 public void setBody(InputStream stream, long length) { 179 this.bodyLength = length; 180 this.body = stream; 181 } 182 183 /** 184 * Sets the request body to the contents of a String. 185 * 186 * <p>If the contents of the body are large, then it may be more efficient to use an {@link InputStream} instead of 187 * a String. Using a String requires that the entire body be in memory before sending the request.</p> 188 * 189 * @param body a String containing the contents of the body. 190 */ 191 public void setBody(String body) { 192 byte[] bytes = body.getBytes(StandardCharsets.UTF_8); 193 this.bodyLength = bytes.length; 194 this.body = new ByteArrayInputStream(bytes); 195 } 196 197 /** 198 * Gets the URL from the request. 199 * 200 * @return a URL containing the URL of the request. 201 */ 202 public URL getUrl() { 203 return this.url; 204 } 205 206 /** 207 * Gets the http method from the request. 208 * 209 * @return http method 210 */ 211 public String getMethod() { 212 return this.method; 213 } 214 215 /** 216 * Get headers as list of RequestHeader objects. 217 * @return headers as list of RequestHeader objects 218 */ 219 protected List<RequestHeader> getHeaders() { 220 return this.headers; 221 } 222 223 /** 224 * Sends this request and returns a BoxAPIResponse containing the server's response. 225 * 226 * <p>The type of the returned BoxAPIResponse will be based on the content type returned by the server, allowing it 227 * to be cast to a more specific type. For example, if it's known that the API call will return a JSON response, 228 * then it can be cast to a {@link BoxJSONResponse} like so:</p> 229 * 230 * <pre>BoxJSONResponse response = (BoxJSONResponse) request.send();</pre> 231 * 232 * <p>If the server returns an error code or if a network error occurs, then the request will be automatically 233 * retried. If the maximum number of retries is reached and an error still occurs, then a {@link BoxAPIException} 234 * will be thrown.</p> 235 * 236 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 237 * @return a {@link BoxAPIResponse} containing the server's response. 238 */ 239 public BoxAPIResponse send() { 240 return this.send(null); 241 } 242 243 /** 244 * Sends this request while monitoring its progress and returns a BoxAPIResponse containing the server's response. 245 * 246 * <p>A ProgressListener is generally only useful when the size of the request is known beforehand. If the size is 247 * unknown, then the ProgressListener will be updated for each byte sent, but the total number of bytes will be 248 * reported as 0.</p> 249 * 250 * <p> See {@link #send} for more information on sending requests.</p> 251 * 252 * @param listener a listener for monitoring the progress of the request. 253 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 254 * @return a {@link BoxAPIResponse} containing the server's response. 255 */ 256 public BoxAPIResponse send(ProgressListener listener) { 257 if (this.api == null) { 258 this.backoffCounter.reset(BoxAPIConnection.DEFAULT_MAX_ATTEMPTS); 259 } else { 260 this.backoffCounter.reset(this.api.getMaxRequestAttempts()); 261 } 262 263 while (this.backoffCounter.getAttemptsRemaining() > 0) { 264 try { 265 return this.trySend(listener); 266 } catch (BoxAPIException apiException) { 267 if (!this.backoffCounter.decrement() || !isResponseRetryable(apiException.getResponseCode())) { 268 throw apiException; 269 } 270 271 try { 272 this.resetBody(); 273 } catch (IOException ioException) { 274 throw apiException; 275 } 276 277 try { 278 this.backoffCounter.waitBackoff(); 279 } catch (InterruptedException interruptedException) { 280 Thread.currentThread().interrupt(); 281 throw apiException; 282 } 283 } 284 } 285 286 throw new RuntimeException(); 287 } 288 289 /** 290 * Returns a String containing the URL, HTTP method, headers and body of this request. 291 * @return a String containing information about this request. 292 */ 293 @Override 294 public String toString() { 295 String lineSeparator = System.getProperty("line.separator"); 296 StringBuilder builder = new StringBuilder(); 297 builder.append("Request"); 298 builder.append(lineSeparator); 299 builder.append(this.method); 300 builder.append(' '); 301 builder.append(this.url.toString()); 302 builder.append(lineSeparator); 303 304 for (Map.Entry<String, List<String>> entry : this.requestProperties.entrySet()) { 305 List<String> nonEmptyValues = new ArrayList<String>(); 306 for (String value : entry.getValue()) { 307 if (value != null && value.trim().length() != 0) { 308 nonEmptyValues.add(value); 309 } 310 } 311 312 if (nonEmptyValues.size() == 0) { 313 continue; 314 } 315 316 builder.append(entry.getKey()); 317 builder.append(": "); 318 for (String value : nonEmptyValues) { 319 builder.append(value); 320 builder.append(", "); 321 } 322 323 builder.delete(builder.length() - 2, builder.length()); 324 builder.append(lineSeparator); 325 } 326 327 String bodyString = this.bodyToString(); 328 if (bodyString != null) { 329 builder.append(lineSeparator); 330 builder.append(bodyString); 331 } 332 333 return builder.toString().trim(); 334 } 335 336 /** 337 * Returns a String representation of this request's body used in {@link #toString}. This method returns 338 * null by default. 339 * 340 * <p>A subclass may want override this method if the body can be converted to a String for logging or debugging 341 * purposes.</p> 342 * 343 * @return a String representation of this request's body. 344 */ 345 protected String bodyToString() { 346 return null; 347 } 348 349 /** 350 * Writes the body of this request to an HttpURLConnection. 351 * 352 * <p>Subclasses overriding this method must remember to close the connection's OutputStream after writing.</p> 353 * 354 * @param connection the connection to which the body should be written. 355 * @param listener an optional listener for monitoring the write progress. 356 * @throws BoxAPIException if an error occurs while writing to the connection. 357 */ 358 protected void writeBody(HttpURLConnection connection, ProgressListener listener) { 359 if (this.body == null) { 360 return; 361 } 362 363 connection.setDoOutput(true); 364 try { 365 OutputStream output = connection.getOutputStream(); 366 if (listener != null) { 367 output = new ProgressOutputStream(output, listener, this.bodyLength); 368 } 369 int b = this.body.read(); 370 while (b != -1) { 371 output.write(b); 372 b = this.body.read(); 373 } 374 output.close(); 375 } catch (IOException e) { 376 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 377 } 378 } 379 380 /** 381 * Resets the InputStream containing this request's body. 382 * 383 * <p>This method will be called before each attempt to resend the request, giving subclasses an opportunity to 384 * reset any streams that need to be read when sending the body.</p> 385 * 386 * @throws IOException if the stream cannot be reset. 387 */ 388 protected void resetBody() throws IOException { 389 if (this.body != null) { 390 this.body.reset(); 391 } 392 } 393 394 void setBackoffCounter(BackoffCounter counter) { 395 this.backoffCounter = counter; 396 } 397 398 private BoxAPIResponse trySend(ProgressListener listener) { 399 if (this.api != null) { 400 RequestInterceptor interceptor = this.api.getRequestInterceptor(); 401 if (interceptor != null) { 402 BoxAPIResponse response = interceptor.onRequest(this); 403 if (response != null) { 404 return response; 405 } 406 } 407 } 408 409 HttpURLConnection connection = this.createConnection(); 410 411 if (this.bodyLength > 0) { 412 connection.setFixedLengthStreamingMode((int) this.bodyLength); 413 connection.setDoOutput(true); 414 } 415 416 if (this.api != null) { 417 if (this.shouldAuthenticate) { 418 connection.addRequestProperty(HttpHeaders.AUTHORIZATION, "Bearer " + this.api.lockAccessToken()); 419 } 420 connection.setRequestProperty("User-Agent", this.api.getUserAgent()); 421 if (this.api.getProxy() != null) { 422 if (this.api.getProxyUsername() != null && this.api.getProxyPassword() != null) { 423 String usernameAndPassword = this.api.getProxyUsername() + ":" + this.api.getProxyPassword(); 424 String encoded = new String(Base64.encode(usernameAndPassword.getBytes())); 425 connection.addRequestProperty("Proxy-Authorization", "Basic " + encoded); 426 } 427 } 428 429 if (this.api instanceof SharedLinkAPIConnection) { 430 SharedLinkAPIConnection sharedItemAPI = (SharedLinkAPIConnection) this.api; 431 String sharedLink = sharedItemAPI.getSharedLink(); 432 String boxAPIValue = "shared_link=" + sharedLink; 433 String sharedLinkPassword = sharedItemAPI.getSharedLinkPassword(); 434 if (sharedLinkPassword != null) { 435 boxAPIValue += "&shared_link_password=" + sharedLinkPassword; 436 } 437 connection.addRequestProperty("BoxApi", boxAPIValue); 438 } 439 } 440 441 this.requestProperties = connection.getRequestProperties(); 442 443 int responseCode; 444 try { 445 this.writeBody(connection, listener); 446 447 // Ensure that we're connected in case writeBody() didn't write anything. 448 try { 449 connection.connect(); 450 } catch (IOException e) { 451 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 452 } 453 454 this.logRequest(connection); 455 456 // We need to manually handle redirects by creating a new HttpURLConnection so that connection pooling 457 // happens correctly. There seems to be a bug in Oracle's Java implementation where automatically handled 458 // redirects will not keep the connection alive. 459 try { 460 responseCode = connection.getResponseCode(); 461 } catch (IOException e) { 462 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 463 } 464 } finally { 465 if (this.api != null && this.shouldAuthenticate) { 466 this.api.unlockAccessToken(); 467 } 468 } 469 470 if (isResponseRedirect(responseCode)) { 471 return this.handleRedirect(connection, listener); 472 } 473 474 String contentType = connection.getContentType(); 475 BoxAPIResponse response; 476 if (contentType == null) { 477 response = new BoxAPIResponse(connection); 478 } else if (contentType.contains("application/json")) { 479 response = new BoxJSONResponse(connection); 480 } else { 481 response = new BoxAPIResponse(connection); 482 } 483 484 return response; 485 } 486 487 private BoxAPIResponse handleRedirect(HttpURLConnection connection, ProgressListener listener) { 488 if (this.numRedirects >= MAX_REDIRECTS) { 489 throw new BoxAPIException("The Box API responded with too many redirects."); 490 } 491 this.numRedirects++; 492 493 // Even though the redirect response won't have a body, we need to read the InputStream so that Java will put 494 // the connection back in the connection pool. 495 try { 496 InputStream stream = connection.getInputStream(); 497 byte[] buffer = new byte[8192]; 498 int n = stream.read(buffer); 499 while (n != -1) { 500 n = stream.read(buffer); 501 } 502 stream.close(); 503 } catch (IOException e) { 504 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 505 } 506 507 String redirect = connection.getHeaderField("Location"); 508 try { 509 this.url = new URL(redirect); 510 } catch (MalformedURLException e) { 511 throw new BoxAPIException("The Box API responded with an invalid redirect.", e); 512 } 513 514 if (this.followRedirects) { 515 return this.trySend(listener); 516 } else { 517 BoxRedirectResponse redirectResponse = new BoxRedirectResponse(); 518 redirectResponse.setRedirectURL(this.url); 519 return redirectResponse; 520 } 521 } 522 523 private void logRequest(HttpURLConnection connection) { 524 if (LOGGER.isLoggable(Level.FINE)) { 525 LOGGER.log(Level.FINE, this.toString()); 526 } 527 } 528 529 private HttpURLConnection createConnection() { 530 HttpURLConnection connection = null; 531 532 try { 533 if (this.api == null || this.api.getProxy() == null) { 534 connection = (HttpURLConnection) this.url.openConnection(); 535 } else { 536 connection = (HttpURLConnection) this.url.openConnection(this.api.getProxy()); 537 } 538 } catch (IOException e) { 539 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 540 } 541 542 try { 543 connection.setRequestMethod(this.method); 544 } catch (ProtocolException e) { 545 throw new BoxAPIException("Couldn't connect to the Box API because the request's method was invalid.", e); 546 } 547 548 connection.setConnectTimeout(this.connectTimeout); 549 connection.setReadTimeout(this.readTimeout); 550 551 // Don't allow HttpURLConnection to automatically redirect because it messes up the connection pool. See the 552 // trySend(ProgressListener) method for how we handle redirects. 553 connection.setInstanceFollowRedirects(false); 554 555 for (RequestHeader header : this.headers) { 556 connection.addRequestProperty(header.getKey(), header.getValue()); 557 } 558 559 return connection; 560 } 561 562 void shouldAuthenticate(boolean shouldAuthenticate) { 563 this.shouldAuthenticate = shouldAuthenticate; 564 } 565 566 private static boolean isResponseRetryable(int responseCode) { 567 return (responseCode >= 500 || responseCode == 429); 568 } 569 private static boolean isResponseRedirect(int responseCode) { 570 return (responseCode == 301 || responseCode == 302); 571 } 572 573 /** 574 * Class for mapping a request header and value. 575 */ 576 public final class RequestHeader { 577 private final String key; 578 private final String value; 579 580 /** 581 * Construct a request header from header key and value. 582 * @param key header name 583 * @param value header value 584 */ 585 public RequestHeader(String key, String value) { 586 this.key = key; 587 this.value = value; 588 } 589 590 /** 591 * Get header key. 592 * @return http header name 593 */ 594 public String getKey() { 595 return this.key; 596 } 597 598 /** 599 * Get header value. 600 * @return http header value 601 */ 602 public String getValue() { 603 return this.value; 604 } 605 } 606}