001package com.box.sdk; 002 003import java.io.ByteArrayInputStream; 004import java.io.IOException; 005import java.io.InputStream; 006import java.io.OutputStream; 007import java.net.HttpURLConnection; 008import java.net.MalformedURLException; 009import java.net.ProtocolException; 010import java.net.URL; 011import java.util.ArrayList; 012import java.util.List; 013import java.util.Map; 014import java.util.logging.Level; 015import java.util.logging.Logger; 016 017import com.box.sdk.http.HttpMethod; 018 019/** 020 * Used to make HTTP requests to the Box API. 021 * 022 * <p>All requests to the REST API are sent using this class or one of its subclasses. This class wraps {@link 023 * HttpURLConnection} in order to provide a simpler interface that can automatically handle various conditions specific 024 * to Box's API. Requests will be authenticated using a {@link BoxAPIConnection} (if one is provided), so it isn't 025 * necessary to add authorization headers. Requests can also be sent more than once, unlike with HttpURLConnection. If 026 * an error occurs while sending a request, it will be automatically retried (with a back off delay) up to the maximum 027 * number of times set in the BoxAPIConnection.</p> 028 * 029 * <p>Specifying a body for a BoxAPIRequest is done differently than it is with HttpURLConnection. Instead of writing to 030 * an OutputStream, the request is provided an {@link InputStream} which will be read when the {@link #send} method is 031 * called. This makes it easy to retry requests since the stream can automatically reset and reread with each attempt. 032 * If the stream cannot be reset, then a new stream will need to be provided before each call to send. There is also a 033 * convenience method for specifying the body as a String, which simply wraps the String with an InputStream.</p> 034 */ 035public class BoxAPIRequest { 036 private static final Logger LOGGER = Logger.getLogger(BoxAPIRequest.class.getName()); 037 private static final int BUFFER_SIZE = 8192; 038 private static final int MAX_REDIRECTS = 3; 039 040 private final BoxAPIConnection api; 041 private final List<RequestHeader> headers; 042 private final String method; 043 044 private URL url; 045 private BackoffCounter backoffCounter; 046 private int timeout; 047 private InputStream body; 048 private long bodyLength; 049 private Map<String, List<String>> requestProperties; 050 private int numRedirects; 051 private boolean followRedirects = true; 052 private boolean shouldAuthenticate; 053 054 /** 055 * Constructs an unauthenticated BoxAPIRequest. 056 * @param url the URL of the request. 057 * @param method the HTTP method of the request. 058 */ 059 public BoxAPIRequest(URL url, String method) { 060 this(null, url, method); 061 } 062 063 /** 064 * Constructs an authenticated BoxAPIRequest using a provided BoxAPIConnection. 065 * @param api an API connection for authenticating the request. 066 * @param url the URL of the request. 067 * @param method the HTTP method of the request. 068 */ 069 public BoxAPIRequest(BoxAPIConnection api, URL url, String method) { 070 this.api = api; 071 this.url = url; 072 this.method = method; 073 this.headers = new ArrayList<RequestHeader>(); 074 this.backoffCounter = new BackoffCounter(new Time()); 075 this.shouldAuthenticate = true; 076 077 this.addHeader("Accept-Encoding", "gzip"); 078 this.addHeader("Accept-Charset", "utf-8"); 079 } 080 081 /** 082 * Constructs an authenticated BoxAPIRequest using a provided BoxAPIConnection. 083 * @param api an API connection for authenticating the request. 084 * @param uploadPartEndpoint the URL of the request. 085 * @param method the HTTP method of the request. 086 */ 087 public BoxAPIRequest(BoxAPIConnection api, URL uploadPartEndpoint, HttpMethod method) { 088 this(api, uploadPartEndpoint, method.name()); 089 } 090 091 /** 092 * Adds an HTTP header to this request. 093 * @param key the header key. 094 * @param value the header value. 095 */ 096 public void addHeader(String key, String value) { 097 if ("As-User".equals(key)) { 098 int index = this.headers.indexOf("As-User"); 099 if (index > -1) { 100 this.headers.remove(index); 101 } 102 } 103 this.headers.add(new RequestHeader(key, value)); 104 } 105 106 /** 107 * Sets a timeout for this request in milliseconds. 108 * @param timeout the timeout in milliseconds. 109 */ 110 public void setTimeout(int timeout) { 111 this.timeout = timeout; 112 } 113 114 /** 115 * Sets whether or not to follow redirects (i.e. Location header) 116 * @param followRedirects true to follow, false to not follow 117 */ 118 public void setFollowRedirects(boolean followRedirects) { 119 this.followRedirects = followRedirects; 120 } 121 122 /** 123 * Gets the stream containing contents of this request's body. 124 * 125 * <p>Note that any bytes that read from the returned stream won't be sent unless the stream is reset back to its 126 * initial position.</p> 127 * 128 * @return an InputStream containing the contents of this request's body. 129 */ 130 public InputStream getBody() { 131 return this.body; 132 } 133 134 /** 135 * Sets the request body to the contents of an InputStream. 136 * 137 * <p>The stream must support the {@link InputStream#reset} method if auto-retry is used or if the request needs to 138 * be resent. Otherwise, the body must be manually set before each call to {@link #send}.</p> 139 * 140 * @param stream an InputStream containing the contents of the body. 141 */ 142 public void setBody(InputStream stream) { 143 this.body = stream; 144 } 145 146 /** 147 * Sets the request body to the contents of an InputStream. 148 * 149 * <p>Providing the length of the InputStream allows for the progress of the request to be monitored when calling 150 * {@link #send(ProgressListener)}.</p> 151 * 152 * <p> See {@link #setBody(InputStream)} for more information on setting the body of the request.</p> 153 * 154 * @param stream an InputStream containing the contents of the body. 155 * @param length the expected length of the stream. 156 */ 157 public void setBody(InputStream stream, long length) { 158 this.bodyLength = length; 159 this.body = stream; 160 } 161 162 /** 163 * Sets the request body to the contents of a String. 164 * 165 * <p>If the contents of the body are large, then it may be more efficient to use an {@link InputStream} instead of 166 * a String. Using a String requires that the entire body be in memory before sending the request.</p> 167 * 168 * @param body a String containing the contents of the body. 169 */ 170 public void setBody(String body) { 171 byte[] bytes = body.getBytes(StandardCharsets.UTF_8); 172 this.bodyLength = bytes.length; 173 this.body = new ByteArrayInputStream(bytes); 174 } 175 176 /** 177 * Gets the URL from the request. 178 * 179 * @return a URL containing the URL of the request. 180 */ 181 public URL getUrl() { 182 return this.url; 183 } 184 185 /** 186 * Sends this request and returns a BoxAPIResponse containing the server's response. 187 * 188 * <p>The type of the returned BoxAPIResponse will be based on the content type returned by the server, allowing it 189 * to be cast to a more specific type. For example, if it's known that the API call will return a JSON response, 190 * then it can be cast to a {@link BoxJSONResponse} like so:</p> 191 * 192 * <pre>BoxJSONResponse response = (BoxJSONResponse) request.send();</pre> 193 * 194 * <p>If the server returns an error code or if a network error occurs, then the request will be automatically 195 * retried. If the maximum number of retries is reached and an error still occurs, then a {@link BoxAPIException} 196 * will be thrown.</p> 197 * 198 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 199 * @return a {@link BoxAPIResponse} containing the server's response. 200 */ 201 public BoxAPIResponse send() { 202 return this.send(null); 203 } 204 205 /** 206 * Sends this request while monitoring its progress and returns a BoxAPIResponse containing the server's response. 207 * 208 * <p>A ProgressListener is generally only useful when the size of the request is known beforehand. If the size is 209 * unknown, then the ProgressListener will be updated for each byte sent, but the total number of bytes will be 210 * reported as 0.</p> 211 * 212 * <p> See {@link #send} for more information on sending requests.</p> 213 * 214 * @param listener a listener for monitoring the progress of the request. 215 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 216 * @return a {@link BoxAPIResponse} containing the server's response. 217 */ 218 public BoxAPIResponse send(ProgressListener listener) { 219 if (this.api == null) { 220 this.backoffCounter.reset(BoxAPIConnection.DEFAULT_MAX_ATTEMPTS); 221 } else { 222 this.backoffCounter.reset(this.api.getMaxRequestAttempts()); 223 } 224 225 while (this.backoffCounter.getAttemptsRemaining() > 0) { 226 try { 227 return this.trySend(listener); 228 } catch (BoxAPIException apiException) { 229 if (!this.backoffCounter.decrement() || !isResponseRetryable(apiException.getResponseCode())) { 230 throw apiException; 231 } 232 233 try { 234 this.resetBody(); 235 } catch (IOException ioException) { 236 throw apiException; 237 } 238 239 try { 240 this.backoffCounter.waitBackoff(); 241 } catch (InterruptedException interruptedException) { 242 Thread.currentThread().interrupt(); 243 throw apiException; 244 } 245 } 246 } 247 248 throw new RuntimeException(); 249 } 250 251 /** 252 * Returns a String containing the URL, HTTP method, headers and body of this request. 253 * @return a String containing information about this request. 254 */ 255 @Override 256 public String toString() { 257 String lineSeparator = System.getProperty("line.separator"); 258 StringBuilder builder = new StringBuilder(); 259 builder.append("Request"); 260 builder.append(lineSeparator); 261 builder.append(this.method); 262 builder.append(' '); 263 builder.append(this.url.toString()); 264 builder.append(lineSeparator); 265 266 for (Map.Entry<String, List<String>> entry : this.requestProperties.entrySet()) { 267 List<String> nonEmptyValues = new ArrayList<String>(); 268 for (String value : entry.getValue()) { 269 if (value != null && value.trim().length() != 0) { 270 nonEmptyValues.add(value); 271 } 272 } 273 274 if (nonEmptyValues.size() == 0) { 275 continue; 276 } 277 278 builder.append(entry.getKey()); 279 builder.append(": "); 280 for (String value : nonEmptyValues) { 281 builder.append(value); 282 builder.append(", "); 283 } 284 285 builder.delete(builder.length() - 2, builder.length()); 286 builder.append(lineSeparator); 287 } 288 289 String bodyString = this.bodyToString(); 290 if (bodyString != null) { 291 builder.append(lineSeparator); 292 builder.append(bodyString); 293 } 294 295 return builder.toString().trim(); 296 } 297 298 /** 299 * Returns a String representation of this request's body used in {@link #toString}. This method returns 300 * null by default. 301 * 302 * <p>A subclass may want override this method if the body can be converted to a String for logging or debugging 303 * purposes.</p> 304 * 305 * @return a String representation of this request's body. 306 */ 307 protected String bodyToString() { 308 return null; 309 } 310 311 /** 312 * Writes the body of this request to an HttpURLConnection. 313 * 314 * <p>Subclasses overriding this method must remember to close the connection's OutputStream after writing.</p> 315 * 316 * @param connection the connection to which the body should be written. 317 * @param listener an optional listener for monitoring the write progress. 318 * @throws BoxAPIException if an error occurs while writing to the connection. 319 */ 320 protected void writeBody(HttpURLConnection connection, ProgressListener listener) { 321 if (this.body == null) { 322 return; 323 } 324 325 connection.setDoOutput(true); 326 try { 327 OutputStream output = connection.getOutputStream(); 328 if (listener != null) { 329 output = new ProgressOutputStream(output, listener, this.bodyLength); 330 } 331 int b = this.body.read(); 332 while (b != -1) { 333 output.write(b); 334 b = this.body.read(); 335 } 336 output.close(); 337 } catch (IOException e) { 338 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 339 } 340 } 341 342 /** 343 * Resets the InputStream containing this request's body. 344 * 345 * <p>This method will be called before each attempt to resend the request, giving subclasses an opportunity to 346 * reset any streams that need to be read when sending the body.</p> 347 * 348 * @throws IOException if the stream cannot be reset. 349 */ 350 protected void resetBody() throws IOException { 351 if (this.body != null) { 352 this.body.reset(); 353 } 354 } 355 356 void setBackoffCounter(BackoffCounter counter) { 357 this.backoffCounter = counter; 358 } 359 360 private BoxAPIResponse trySend(ProgressListener listener) { 361 if (this.api != null) { 362 RequestInterceptor interceptor = this.api.getRequestInterceptor(); 363 if (interceptor != null) { 364 BoxAPIResponse response = interceptor.onRequest(this); 365 if (response != null) { 366 return response; 367 } 368 } 369 } 370 371 HttpURLConnection connection = this.createConnection(); 372 373 if (this.bodyLength > 0) { 374 connection.setFixedLengthStreamingMode((int) this.bodyLength); 375 connection.setDoOutput(true); 376 } 377 378 if (this.api != null) { 379 if (this.shouldAuthenticate) { 380 connection.addRequestProperty("Authorization", "Bearer " + this.api.lockAccessToken()); 381 } 382 connection.setRequestProperty("User-Agent", this.api.getUserAgent()); 383 if (this.api.getProxy() != null) { 384 if (this.api.getProxyUsername() != null && this.api.getProxyPassword() != null) { 385 String usernameAndPassword = this.api.getProxyUsername() + ":" + this.api.getProxyPassword(); 386 String encoded = new String(Base64.encode(usernameAndPassword.getBytes())); 387 connection.addRequestProperty("Proxy-Authorization", "Basic " + encoded); 388 } 389 } 390 391 if (this.api instanceof SharedLinkAPIConnection) { 392 SharedLinkAPIConnection sharedItemAPI = (SharedLinkAPIConnection) this.api; 393 String sharedLink = sharedItemAPI.getSharedLink(); 394 String boxAPIValue = "shared_link=" + sharedLink; 395 String sharedLinkPassword = sharedItemAPI.getSharedLinkPassword(); 396 if (sharedLinkPassword != null) { 397 boxAPIValue += "&shared_link_password=" + sharedLinkPassword; 398 } 399 connection.addRequestProperty("BoxApi", boxAPIValue); 400 } 401 } 402 403 this.requestProperties = connection.getRequestProperties(); 404 405 int responseCode; 406 try { 407 this.writeBody(connection, listener); 408 409 // Ensure that we're connected in case writeBody() didn't write anything. 410 try { 411 connection.connect(); 412 } catch (IOException e) { 413 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 414 } 415 416 this.logRequest(connection); 417 418 // We need to manually handle redirects by creating a new HttpURLConnection so that connection pooling 419 // happens correctly. There seems to be a bug in Oracle's Java implementation where automatically handled 420 // redirects will not keep the connection alive. 421 try { 422 responseCode = connection.getResponseCode(); 423 } catch (IOException e) { 424 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 425 } 426 } finally { 427 if (this.api != null && this.shouldAuthenticate) { 428 this.api.unlockAccessToken(); 429 } 430 } 431 432 if (isResponseRedirect(responseCode)) { 433 return this.handleRedirect(connection, listener); 434 } 435 436 String contentType = connection.getContentType(); 437 BoxAPIResponse response; 438 if (contentType == null) { 439 response = new BoxAPIResponse(connection); 440 } else if (contentType.contains("application/json")) { 441 response = new BoxJSONResponse(connection); 442 } else { 443 response = new BoxAPIResponse(connection); 444 } 445 446 return response; 447 } 448 449 private BoxAPIResponse handleRedirect(HttpURLConnection connection, ProgressListener listener) { 450 if (this.numRedirects >= MAX_REDIRECTS) { 451 throw new BoxAPIException("The Box API responded with too many redirects."); 452 } 453 this.numRedirects++; 454 455 // Even though the redirect response won't have a body, we need to read the InputStream so that Java will put 456 // the connection back in the connection pool. 457 try { 458 InputStream stream = connection.getInputStream(); 459 byte[] buffer = new byte[8192]; 460 int n = stream.read(buffer); 461 while (n != -1) { 462 n = stream.read(buffer); 463 } 464 stream.close(); 465 } catch (IOException e) { 466 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 467 } 468 469 String redirect = connection.getHeaderField("Location"); 470 try { 471 this.url = new URL(redirect); 472 } catch (MalformedURLException e) { 473 throw new BoxAPIException("The Box API responded with an invalid redirect.", e); 474 } 475 476 if (this.followRedirects) { 477 return this.trySend(listener); 478 } else { 479 BoxRedirectResponse redirectResponse = new BoxRedirectResponse(); 480 redirectResponse.setRedirectURL(this.url); 481 return redirectResponse; 482 } 483 } 484 485 private void logRequest(HttpURLConnection connection) { 486 if (LOGGER.isLoggable(Level.FINE)) { 487 LOGGER.log(Level.FINE, this.toString()); 488 } 489 } 490 491 private HttpURLConnection createConnection() { 492 HttpURLConnection connection = null; 493 494 try { 495 if (this.api == null || this.api.getProxy() == null) { 496 connection = (HttpURLConnection) this.url.openConnection(); 497 } else { 498 connection = (HttpURLConnection) this.url.openConnection(this.api.getProxy()); 499 } 500 } catch (IOException e) { 501 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 502 } 503 504 try { 505 connection.setRequestMethod(this.method); 506 } catch (ProtocolException e) { 507 throw new BoxAPIException("Couldn't connect to the Box API because the request's method was invalid.", e); 508 } 509 510 connection.setConnectTimeout(this.timeout); 511 connection.setReadTimeout(this.timeout); 512 513 // Don't allow HttpURLConnection to automatically redirect because it messes up the connection pool. See the 514 // trySend(ProgressListener) method for how we handle redirects. 515 connection.setInstanceFollowRedirects(false); 516 517 for (RequestHeader header : this.headers) { 518 connection.addRequestProperty(header.getKey(), header.getValue()); 519 } 520 521 return connection; 522 } 523 524 void shouldAuthenticate(boolean shouldAuthenticate) { 525 this.shouldAuthenticate = shouldAuthenticate; 526 } 527 528 private static boolean isResponseRetryable(int responseCode) { 529 return (responseCode >= 500 || responseCode == 429); 530 } 531 532 private static boolean isResponseRedirect(int responseCode) { 533 return (responseCode == 301 || responseCode == 302); 534 } 535 536 private final class RequestHeader { 537 private final String key; 538 private final String value; 539 540 public RequestHeader(String key, String value) { 541 this.key = key; 542 this.value = value; 543 } 544 545 public String getKey() { 546 return this.key; 547 } 548 549 public String getValue() { 550 return this.value; 551 } 552 } 553}