001package com.box.sdk; 002 003import java.io.ByteArrayInputStream; 004import java.io.IOException; 005import java.io.InputStream; 006import java.io.OutputStream; 007import java.net.HttpURLConnection; 008import java.net.MalformedURLException; 009import java.net.ProtocolException; 010import java.net.URL; 011import java.util.ArrayList; 012import java.util.List; 013import java.util.Map; 014import java.util.logging.Level; 015import java.util.logging.Logger; 016 017/** 018 * Used to make HTTP requests to the Box API. 019 * 020 * <p>All requests to the REST API are sent using this class or one of its subclasses. This class wraps {@link 021 * HttpURLConnection} in order to provide a simpler interface that can automatically handle various conditions specific 022 * to Box's API. Requests will be authenticated using a {@link BoxAPIConnection} (if one is provided), so it isn't 023 * necessary to add authorization headers. Requests can also be sent more than once, unlike with HttpURLConnection. If 024 * an error occurs while sending a request, it will be automatically retried (with a back off delay) up to the maximum 025 * number of times set in the BoxAPIConnection.</p> 026 * 027 * <p>Specifying a body for a BoxAPIRequest is done differently than it is with HttpURLConnection. Instead of writing to 028 * an OutputStream, the request is provided an {@link InputStream} which will be read when the {@link #send} method is 029 * called. This makes it easy to retry requests since the stream can automatically reset and reread with each attempt. 030 * If the stream cannot be reset, then a new stream will need to be provided before each call to send. There is also a 031 * convenience method for specifying the body as a String, which simply wraps the String with an InputStream.</p> 032 */ 033public class BoxAPIRequest { 034 private static final Logger LOGGER = Logger.getLogger(BoxAPIRequest.class.getName()); 035 private static final int BUFFER_SIZE = 8192; 036 private static final int MAX_REDIRECTS = 3; 037 038 private final BoxAPIConnection api; 039 private final List<RequestHeader> headers; 040 private final String method; 041 042 private URL url; 043 private BackoffCounter backoffCounter; 044 private int timeout; 045 private InputStream body; 046 private long bodyLength; 047 private Map<String, List<String>> requestProperties; 048 private int numRedirects; 049 private boolean followRedirects = true; 050 private boolean shouldAuthenticate; 051 052 /** 053 * Constructs an unauthenticated BoxAPIRequest. 054 * @param url the URL of the request. 055 * @param method the HTTP method of the request. 056 */ 057 public BoxAPIRequest(URL url, String method) { 058 this(null, url, method); 059 } 060 061 /** 062 * Constructs an authenticated BoxAPIRequest using a provided BoxAPIConnection. 063 * @param api an API connection for authenticating the request. 064 * @param url the URL of the request. 065 * @param method the HTTP method of the request. 066 */ 067 public BoxAPIRequest(BoxAPIConnection api, URL url, String method) { 068 this.api = api; 069 this.url = url; 070 this.method = method; 071 this.headers = new ArrayList<RequestHeader>(); 072 this.backoffCounter = new BackoffCounter(new Time()); 073 this.shouldAuthenticate = true; 074 075 this.addHeader("Accept-Encoding", "gzip"); 076 this.addHeader("Accept-Charset", "utf-8"); 077 } 078 079 /** 080 * Adds an HTTP header to this request. 081 * @param key the header key. 082 * @param value the header value. 083 */ 084 public void addHeader(String key, String value) { 085 this.headers.add(new RequestHeader(key, value)); 086 } 087 088 /** 089 * Sets a timeout for this request in milliseconds. 090 * @param timeout the timeout in milliseconds. 091 */ 092 public void setTimeout(int timeout) { 093 this.timeout = timeout; 094 } 095 096 /** 097 * Sets whether or not to follow redirects (i.e. Location header) 098 * @param followRedirects true to follow, false to not follow 099 */ 100 public void setFollowRedirects(boolean followRedirects) { 101 this.followRedirects = followRedirects; 102 } 103 104 /** 105 * Gets the stream containing contents of this request's body. 106 * 107 * <p>Note that any bytes that read from the returned stream won't be sent unless the stream is reset back to its 108 * initial position.</p> 109 * 110 * @return an InputStream containing the contents of this request's body. 111 */ 112 public InputStream getBody() { 113 return this.body; 114 } 115 116 /** 117 * Sets the request body to the contents of an InputStream. 118 * 119 * <p>The stream must support the {@link InputStream#reset} method if auto-retry is used or if the request needs to 120 * be resent. Otherwise, the body must be manually set before each call to {@link #send}.</p> 121 * 122 * @param stream an InputStream containing the contents of the body. 123 */ 124 public void setBody(InputStream stream) { 125 this.body = stream; 126 } 127 128 /** 129 * Sets the request body to the contents of an InputStream. 130 * 131 * <p>Providing the length of the InputStream allows for the progress of the request to be monitored when calling 132 * {@link #send(ProgressListener)}.</p> 133 * 134 * <p> See {@link #setBody(InputStream)} for more information on setting the body of the request.</p> 135 * 136 * @param stream an InputStream containing the contents of the body. 137 * @param length the expected length of the stream. 138 */ 139 public void setBody(InputStream stream, long length) { 140 this.bodyLength = length; 141 this.body = stream; 142 } 143 144 /** 145 * Sets the request body to the contents of a String. 146 * 147 * <p>If the contents of the body are large, then it may be more efficient to use an {@link InputStream} instead of 148 * a String. Using a String requires that the entire body be in memory before sending the request.</p> 149 * 150 * @param body a String containing the contents of the body. 151 */ 152 public void setBody(String body) { 153 byte[] bytes = body.getBytes(StandardCharsets.UTF_8); 154 this.bodyLength = bytes.length; 155 this.body = new ByteArrayInputStream(bytes); 156 } 157 158 /** 159 * Gets the URL from the request. 160 * 161 * @return a URL containing the URL of the request. 162 */ 163 public URL getUrl() { 164 return this.url; 165 } 166 167 /** 168 * Sends this request and returns a BoxAPIResponse containing the server's response. 169 * 170 * <p>The type of the returned BoxAPIResponse will be based on the content type returned by the server, allowing it 171 * to be cast to a more specific type. For example, if it's known that the API call will return a JSON response, 172 * then it can be cast to a {@link BoxJSONResponse} like so:</p> 173 * 174 * <pre>BoxJSONResponse response = (BoxJSONResponse) request.send();</pre> 175 * 176 * <p>If the server returns an error code or if a network error occurs, then the request will be automatically 177 * retried. If the maximum number of retries is reached and an error still occurs, then a {@link BoxAPIException} 178 * will be thrown.</p> 179 * 180 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 181 * @return a {@link BoxAPIResponse} containing the server's response. 182 */ 183 public BoxAPIResponse send() { 184 return this.send(null); 185 } 186 187 /** 188 * Sends this request while monitoring its progress and returns a BoxAPIResponse containing the server's response. 189 * 190 * <p>A ProgressListener is generally only useful when the size of the request is known beforehand. If the size is 191 * unknown, then the ProgressListener will be updated for each byte sent, but the total number of bytes will be 192 * reported as 0.</p> 193 * 194 * <p> See {@link #send} for more information on sending requests.</p> 195 * 196 * @param listener a listener for monitoring the progress of the request. 197 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 198 * @return a {@link BoxAPIResponse} containing the server's response. 199 */ 200 public BoxAPIResponse send(ProgressListener listener) { 201 if (this.api == null) { 202 this.backoffCounter.reset(BoxAPIConnection.DEFAULT_MAX_ATTEMPTS); 203 } else { 204 this.backoffCounter.reset(this.api.getMaxRequestAttempts()); 205 } 206 207 while (this.backoffCounter.getAttemptsRemaining() > 0) { 208 try { 209 return this.trySend(listener); 210 } catch (BoxAPIException apiException) { 211 if (!this.backoffCounter.decrement() || !isResponseRetryable(apiException.getResponseCode())) { 212 throw apiException; 213 } 214 215 try { 216 this.resetBody(); 217 } catch (IOException ioException) { 218 throw apiException; 219 } 220 221 try { 222 this.backoffCounter.waitBackoff(); 223 } catch (InterruptedException interruptedException) { 224 Thread.currentThread().interrupt(); 225 throw apiException; 226 } 227 } 228 } 229 230 throw new RuntimeException(); 231 } 232 233 /** 234 * Returns a String containing the URL, HTTP method, headers and body of this request. 235 * @return a String containing information about this request. 236 */ 237 @Override 238 public String toString() { 239 String lineSeparator = System.getProperty("line.separator"); 240 StringBuilder builder = new StringBuilder(); 241 builder.append("Request"); 242 builder.append(lineSeparator); 243 builder.append(this.method); 244 builder.append(' '); 245 builder.append(this.url.toString()); 246 builder.append(lineSeparator); 247 248 for (Map.Entry<String, List<String>> entry : this.requestProperties.entrySet()) { 249 List<String> nonEmptyValues = new ArrayList<String>(); 250 for (String value : entry.getValue()) { 251 if (value != null && value.trim().length() != 0) { 252 nonEmptyValues.add(value); 253 } 254 } 255 256 if (nonEmptyValues.size() == 0) { 257 continue; 258 } 259 260 builder.append(entry.getKey()); 261 builder.append(": "); 262 for (String value : nonEmptyValues) { 263 builder.append(value); 264 builder.append(", "); 265 } 266 267 builder.delete(builder.length() - 2, builder.length()); 268 builder.append(lineSeparator); 269 } 270 271 String bodyString = this.bodyToString(); 272 if (bodyString != null) { 273 builder.append(lineSeparator); 274 builder.append(bodyString); 275 } 276 277 return builder.toString().trim(); 278 } 279 280 /** 281 * Returns a String representation of this request's body used in {@link #toString}. This method returns 282 * null by default. 283 * 284 * <p>A subclass may want override this method if the body can be converted to a String for logging or debugging 285 * purposes.</p> 286 * 287 * @return a String representation of this request's body. 288 */ 289 protected String bodyToString() { 290 return null; 291 } 292 293 /** 294 * Writes the body of this request to an HttpURLConnection. 295 * 296 * <p>Subclasses overriding this method must remember to close the connection's OutputStream after writing.</p> 297 * 298 * @param connection the connection to which the body should be written. 299 * @param listener an optional listener for monitoring the write progress. 300 * @throws BoxAPIException if an error occurs while writing to the connection. 301 */ 302 protected void writeBody(HttpURLConnection connection, ProgressListener listener) { 303 if (this.body == null) { 304 return; 305 } 306 307 connection.setDoOutput(true); 308 try { 309 OutputStream output = connection.getOutputStream(); 310 if (listener != null) { 311 output = new ProgressOutputStream(output, listener, this.bodyLength); 312 } 313 int b = this.body.read(); 314 while (b != -1) { 315 output.write(b); 316 b = this.body.read(); 317 } 318 output.close(); 319 } catch (IOException e) { 320 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 321 } 322 } 323 324 /** 325 * Resets the InputStream containing this request's body. 326 * 327 * <p>This method will be called before each attempt to resend the request, giving subclasses an opportunity to 328 * reset any streams that need to be read when sending the body.</p> 329 * 330 * @throws IOException if the stream cannot be reset. 331 */ 332 protected void resetBody() throws IOException { 333 if (this.body != null) { 334 this.body.reset(); 335 } 336 } 337 338 void setBackoffCounter(BackoffCounter counter) { 339 this.backoffCounter = counter; 340 } 341 342 private BoxAPIResponse trySend(ProgressListener listener) { 343 if (this.api != null) { 344 RequestInterceptor interceptor = this.api.getRequestInterceptor(); 345 if (interceptor != null) { 346 BoxAPIResponse response = interceptor.onRequest(this); 347 if (response != null) { 348 return response; 349 } 350 } 351 } 352 353 HttpURLConnection connection = this.createConnection(); 354 355 if (this.bodyLength > 0) { 356 connection.setFixedLengthStreamingMode((int) this.bodyLength); 357 connection.setDoOutput(true); 358 } 359 360 if (this.api != null) { 361 if (this.shouldAuthenticate) { 362 connection.addRequestProperty("Authorization", "Bearer " + this.api.lockAccessToken()); 363 } 364 connection.setRequestProperty("User-Agent", this.api.getUserAgent()); 365 if (this.api.getProxy() != null) { 366 if (this.api.getProxyUsername() != null && this.api.getProxyPassword() != null) { 367 String usernameAndPassword = this.api.getProxyUsername() + ":" + this.api.getProxyPassword(); 368 String encoded = new String(Base64.encode(usernameAndPassword.getBytes())); 369 connection.addRequestProperty("Proxy-Authorization", "Basic " + encoded); 370 } 371 } 372 373 if (this.api instanceof SharedLinkAPIConnection) { 374 SharedLinkAPIConnection sharedItemAPI = (SharedLinkAPIConnection) this.api; 375 String sharedLink = sharedItemAPI.getSharedLink(); 376 String boxAPIValue = "shared_link=" + sharedLink; 377 String sharedLinkPassword = sharedItemAPI.getSharedLinkPassword(); 378 if (sharedLinkPassword != null) { 379 boxAPIValue += "&shared_link_password=" + sharedLinkPassword; 380 } 381 connection.addRequestProperty("BoxApi", boxAPIValue); 382 } 383 } 384 385 this.requestProperties = connection.getRequestProperties(); 386 387 int responseCode; 388 try { 389 this.writeBody(connection, listener); 390 391 // Ensure that we're connected in case writeBody() didn't write anything. 392 try { 393 connection.connect(); 394 } catch (IOException e) { 395 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 396 } 397 398 this.logRequest(connection); 399 400 // We need to manually handle redirects by creating a new HttpURLConnection so that connection pooling 401 // happens correctly. There seems to be a bug in Oracle's Java implementation where automatically handled 402 // redirects will not keep the connection alive. 403 try { 404 responseCode = connection.getResponseCode(); 405 } catch (IOException e) { 406 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 407 } 408 } finally { 409 if (this.api != null && this.shouldAuthenticate) { 410 this.api.unlockAccessToken(); 411 } 412 } 413 414 if (isResponseRedirect(responseCode)) { 415 return this.handleRedirect(connection, listener); 416 } 417 418 String contentType = connection.getContentType(); 419 BoxAPIResponse response; 420 if (contentType == null) { 421 response = new BoxAPIResponse(connection); 422 } else if (contentType.contains("application/json")) { 423 response = new BoxJSONResponse(connection); 424 } else { 425 response = new BoxAPIResponse(connection); 426 } 427 428 return response; 429 } 430 431 private BoxAPIResponse handleRedirect(HttpURLConnection connection, ProgressListener listener) { 432 if (this.numRedirects >= MAX_REDIRECTS) { 433 throw new BoxAPIException("The Box API responded with too many redirects."); 434 } 435 this.numRedirects++; 436 437 // Even though the redirect response won't have a body, we need to read the InputStream so that Java will put 438 // the connection back in the connection pool. 439 try { 440 InputStream stream = connection.getInputStream(); 441 byte[] buffer = new byte[8192]; 442 int n = stream.read(buffer); 443 while (n != -1) { 444 n = stream.read(buffer); 445 } 446 stream.close(); 447 } catch (IOException e) { 448 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 449 } 450 451 String redirect = connection.getHeaderField("Location"); 452 try { 453 this.url = new URL(redirect); 454 } catch (MalformedURLException e) { 455 throw new BoxAPIException("The Box API responded with an invalid redirect.", e); 456 } 457 458 if (this.followRedirects) { 459 return this.trySend(listener); 460 } else { 461 BoxRedirectResponse redirectResponse = new BoxRedirectResponse(); 462 redirectResponse.setRedirectURL(this.url); 463 return redirectResponse; 464 } 465 } 466 467 private void logRequest(HttpURLConnection connection) { 468 if (LOGGER.isLoggable(Level.FINE)) { 469 LOGGER.log(Level.FINE, this.toString()); 470 } 471 } 472 473 private HttpURLConnection createConnection() { 474 HttpURLConnection connection = null; 475 476 try { 477 if (this.api == null || this.api.getProxy() == null) { 478 connection = (HttpURLConnection) this.url.openConnection(); 479 } else { 480 connection = (HttpURLConnection) this.url.openConnection(this.api.getProxy()); 481 } 482 } catch (IOException e) { 483 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 484 } 485 486 try { 487 connection.setRequestMethod(this.method); 488 } catch (ProtocolException e) { 489 throw new BoxAPIException("Couldn't connect to the Box API because the request's method was invalid.", e); 490 } 491 492 connection.setConnectTimeout(this.timeout); 493 connection.setReadTimeout(this.timeout); 494 495 // Don't allow HttpURLConnection to automatically redirect because it messes up the connection pool. See the 496 // trySend(ProgressListener) method for how we handle redirects. 497 connection.setInstanceFollowRedirects(false); 498 499 for (RequestHeader header : this.headers) { 500 connection.addRequestProperty(header.getKey(), header.getValue()); 501 } 502 503 return connection; 504 } 505 506 void shouldAuthenticate(boolean shouldAuthenticate) { 507 this.shouldAuthenticate = shouldAuthenticate; 508 } 509 510 private static boolean isResponseRetryable(int responseCode) { 511 return (responseCode >= 500 || responseCode == 429); 512 } 513 514 private static boolean isResponseRedirect(int responseCode) { 515 return (responseCode == 301 || responseCode == 302); 516 } 517 518 private final class RequestHeader { 519 private final String key; 520 private final String value; 521 522 public RequestHeader(String key, String value) { 523 this.key = key; 524 this.value = value; 525 } 526 527 public String getKey() { 528 return this.key; 529 } 530 531 public String getValue() { 532 return this.value; 533 } 534 } 535}