001package com.box.sdk; 002 003import java.io.ByteArrayInputStream; 004import java.io.IOException; 005import java.io.InputStream; 006import java.io.OutputStream; 007import java.net.HttpURLConnection; 008import java.net.MalformedURLException; 009import java.net.ProtocolException; 010import java.net.URL; 011import java.util.ArrayList; 012import java.util.List; 013import java.util.Map; 014import java.util.logging.Level; 015import java.util.logging.Logger; 016 017import com.box.sdk.http.HttpHeaders; 018import com.box.sdk.http.HttpMethod; 019 020/** 021 * Used to make HTTP requests to the Box API. 022 * 023 * <p>All requests to the REST API are sent using this class or one of its subclasses. This class wraps {@link 024 * HttpURLConnection} in order to provide a simpler interface that can automatically handle various conditions specific 025 * to Box's API. Requests will be authenticated using a {@link BoxAPIConnection} (if one is provided), so it isn't 026 * necessary to add authorization headers. Requests can also be sent more than once, unlike with HttpURLConnection. If 027 * an error occurs while sending a request, it will be automatically retried (with a back off delay) up to the maximum 028 * number of times set in the BoxAPIConnection.</p> 029 * 030 * <p>Specifying a body for a BoxAPIRequest is done differently than it is with HttpURLConnection. Instead of writing to 031 * an OutputStream, the request is provided an {@link InputStream} which will be read when the {@link #send} method is 032 * called. This makes it easy to retry requests since the stream can automatically reset and reread with each attempt. 033 * If the stream cannot be reset, then a new stream will need to be provided before each call to send. There is also a 034 * convenience method for specifying the body as a String, which simply wraps the String with an InputStream.</p> 035 */ 036public class BoxAPIRequest { 037 private static final Logger LOGGER = Logger.getLogger(BoxAPIRequest.class.getName()); 038 private static final int BUFFER_SIZE = 8192; 039 private static final int MAX_REDIRECTS = 3; 040 041 private final BoxAPIConnection api; 042 private final List<RequestHeader> headers; 043 private final String method; 044 045 private URL url; 046 private BackoffCounter backoffCounter; 047 private int timeout; 048 private InputStream body; 049 private long bodyLength; 050 private Map<String, List<String>> requestProperties; 051 private int numRedirects; 052 private boolean followRedirects = true; 053 private boolean shouldAuthenticate; 054 055 /** 056 * Constructs an unauthenticated BoxAPIRequest. 057 * @param url the URL of the request. 058 * @param method the HTTP method of the request. 059 */ 060 public BoxAPIRequest(URL url, String method) { 061 this(null, url, method); 062 } 063 064 /** 065 * Constructs an authenticated BoxAPIRequest using a provided BoxAPIConnection. 066 * @param api an API connection for authenticating the request. 067 * @param url the URL of the request. 068 * @param method the HTTP method of the request. 069 */ 070 public BoxAPIRequest(BoxAPIConnection api, URL url, String method) { 071 this.api = api; 072 this.url = url; 073 this.method = method; 074 this.headers = new ArrayList<RequestHeader>(); 075 this.backoffCounter = new BackoffCounter(new Time()); 076 this.shouldAuthenticate = true; 077 078 this.addHeader("Accept-Encoding", "gzip"); 079 this.addHeader("Accept-Charset", "utf-8"); 080 } 081 082 /** 083 * Constructs an authenticated BoxAPIRequest using a provided BoxAPIConnection. 084 * @param api an API connection for authenticating the request. 085 * @param url the URL of the request. 086 * @param method the HTTP method of the request. 087 */ 088 public BoxAPIRequest(BoxAPIConnection api, URL url, HttpMethod method) { 089 this(api, url, method.name()); 090 } 091 092 /** 093 * Constructs an request, using URL and HttpMethod. 094 * @param url the URL of the request. 095 * @param method the HTTP method of the request. 096 */ 097 public BoxAPIRequest(URL url, HttpMethod method) { 098 this(url, method.name()); 099 } 100 101 /** 102 * Adds an HTTP header to this request. 103 * @param key the header key. 104 * @param value the header value. 105 */ 106 public void addHeader(String key, String value) { 107 if ("As-User".equals(key)) { 108 int index = this.headers.indexOf("As-User"); 109 if (index > -1) { 110 this.headers.remove(index); 111 } 112 } 113 this.headers.add(new RequestHeader(key, value)); 114 } 115 116 /** 117 * Sets a timeout for this request in milliseconds. 118 * @param timeout the timeout in milliseconds. 119 */ 120 public void setTimeout(int timeout) { 121 this.timeout = timeout; 122 } 123 124 /** 125 * Sets whether or not to follow redirects (i.e. Location header) 126 * @param followRedirects true to follow, false to not follow 127 */ 128 public void setFollowRedirects(boolean followRedirects) { 129 this.followRedirects = followRedirects; 130 } 131 132 /** 133 * Gets the stream containing contents of this request's body. 134 * 135 * <p>Note that any bytes that read from the returned stream won't be sent unless the stream is reset back to its 136 * initial position.</p> 137 * 138 * @return an InputStream containing the contents of this request's body. 139 */ 140 public InputStream getBody() { 141 return this.body; 142 } 143 144 /** 145 * Sets the request body to the contents of an InputStream. 146 * 147 * <p>The stream must support the {@link InputStream#reset} method if auto-retry is used or if the request needs to 148 * be resent. Otherwise, the body must be manually set before each call to {@link #send}.</p> 149 * 150 * @param stream an InputStream containing the contents of the body. 151 */ 152 public void setBody(InputStream stream) { 153 this.body = stream; 154 } 155 156 /** 157 * Sets the request body to the contents of an InputStream. 158 * 159 * <p>Providing the length of the InputStream allows for the progress of the request to be monitored when calling 160 * {@link #send(ProgressListener)}.</p> 161 * 162 * <p> See {@link #setBody(InputStream)} for more information on setting the body of the request.</p> 163 * 164 * @param stream an InputStream containing the contents of the body. 165 * @param length the expected length of the stream. 166 */ 167 public void setBody(InputStream stream, long length) { 168 this.bodyLength = length; 169 this.body = stream; 170 } 171 172 /** 173 * Sets the request body to the contents of a String. 174 * 175 * <p>If the contents of the body are large, then it may be more efficient to use an {@link InputStream} instead of 176 * a String. Using a String requires that the entire body be in memory before sending the request.</p> 177 * 178 * @param body a String containing the contents of the body. 179 */ 180 public void setBody(String body) { 181 byte[] bytes = body.getBytes(StandardCharsets.UTF_8); 182 this.bodyLength = bytes.length; 183 this.body = new ByteArrayInputStream(bytes); 184 } 185 186 /** 187 * Gets the URL from the request. 188 * 189 * @return a URL containing the URL of the request. 190 */ 191 public URL getUrl() { 192 return this.url; 193 } 194 195 /** 196 * Gets the http method from the request. 197 * 198 * @return http method 199 */ 200 public String getMethod() { 201 return this.method; 202 } 203 204 /** 205 * Get headers as list of RequestHeader objects. 206 * @return headers as list of RequestHeader objects 207 */ 208 protected List<RequestHeader> getHeaders() { 209 return this.headers; 210 } 211 212 /** 213 * Sends this request and returns a BoxAPIResponse containing the server's response. 214 * 215 * <p>The type of the returned BoxAPIResponse will be based on the content type returned by the server, allowing it 216 * to be cast to a more specific type. For example, if it's known that the API call will return a JSON response, 217 * then it can be cast to a {@link BoxJSONResponse} like so:</p> 218 * 219 * <pre>BoxJSONResponse response = (BoxJSONResponse) request.send();</pre> 220 * 221 * <p>If the server returns an error code or if a network error occurs, then the request will be automatically 222 * retried. If the maximum number of retries is reached and an error still occurs, then a {@link BoxAPIException} 223 * will be thrown.</p> 224 * 225 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 226 * @return a {@link BoxAPIResponse} containing the server's response. 227 */ 228 public BoxAPIResponse send() { 229 return this.send(null); 230 } 231 232 /** 233 * Sends this request while monitoring its progress and returns a BoxAPIResponse containing the server's response. 234 * 235 * <p>A ProgressListener is generally only useful when the size of the request is known beforehand. If the size is 236 * unknown, then the ProgressListener will be updated for each byte sent, but the total number of bytes will be 237 * reported as 0.</p> 238 * 239 * <p> See {@link #send} for more information on sending requests.</p> 240 * 241 * @param listener a listener for monitoring the progress of the request. 242 * @throws BoxAPIException if the server returns an error code or if a network error occurs. 243 * @return a {@link BoxAPIResponse} containing the server's response. 244 */ 245 public BoxAPIResponse send(ProgressListener listener) { 246 if (this.api == null) { 247 this.backoffCounter.reset(BoxAPIConnection.DEFAULT_MAX_ATTEMPTS); 248 } else { 249 this.backoffCounter.reset(this.api.getMaxRequestAttempts()); 250 } 251 252 while (this.backoffCounter.getAttemptsRemaining() > 0) { 253 try { 254 return this.trySend(listener); 255 } catch (BoxAPIException apiException) { 256 if (!this.backoffCounter.decrement() || !isResponseRetryable(apiException.getResponseCode())) { 257 throw apiException; 258 } 259 260 try { 261 this.resetBody(); 262 } catch (IOException ioException) { 263 throw apiException; 264 } 265 266 try { 267 this.backoffCounter.waitBackoff(); 268 } catch (InterruptedException interruptedException) { 269 Thread.currentThread().interrupt(); 270 throw apiException; 271 } 272 } 273 } 274 275 throw new RuntimeException(); 276 } 277 278 /** 279 * Returns a String containing the URL, HTTP method, headers and body of this request. 280 * @return a String containing information about this request. 281 */ 282 @Override 283 public String toString() { 284 String lineSeparator = System.getProperty("line.separator"); 285 StringBuilder builder = new StringBuilder(); 286 builder.append("Request"); 287 builder.append(lineSeparator); 288 builder.append(this.method); 289 builder.append(' '); 290 builder.append(this.url.toString()); 291 builder.append(lineSeparator); 292 293 for (Map.Entry<String, List<String>> entry : this.requestProperties.entrySet()) { 294 List<String> nonEmptyValues = new ArrayList<String>(); 295 for (String value : entry.getValue()) { 296 if (value != null && value.trim().length() != 0) { 297 nonEmptyValues.add(value); 298 } 299 } 300 301 if (nonEmptyValues.size() == 0) { 302 continue; 303 } 304 305 builder.append(entry.getKey()); 306 builder.append(": "); 307 for (String value : nonEmptyValues) { 308 builder.append(value); 309 builder.append(", "); 310 } 311 312 builder.delete(builder.length() - 2, builder.length()); 313 builder.append(lineSeparator); 314 } 315 316 String bodyString = this.bodyToString(); 317 if (bodyString != null) { 318 builder.append(lineSeparator); 319 builder.append(bodyString); 320 } 321 322 return builder.toString().trim(); 323 } 324 325 /** 326 * Returns a String representation of this request's body used in {@link #toString}. This method returns 327 * null by default. 328 * 329 * <p>A subclass may want override this method if the body can be converted to a String for logging or debugging 330 * purposes.</p> 331 * 332 * @return a String representation of this request's body. 333 */ 334 protected String bodyToString() { 335 return null; 336 } 337 338 /** 339 * Writes the body of this request to an HttpURLConnection. 340 * 341 * <p>Subclasses overriding this method must remember to close the connection's OutputStream after writing.</p> 342 * 343 * @param connection the connection to which the body should be written. 344 * @param listener an optional listener for monitoring the write progress. 345 * @throws BoxAPIException if an error occurs while writing to the connection. 346 */ 347 protected void writeBody(HttpURLConnection connection, ProgressListener listener) { 348 if (this.body == null) { 349 return; 350 } 351 352 connection.setDoOutput(true); 353 try { 354 OutputStream output = connection.getOutputStream(); 355 if (listener != null) { 356 output = new ProgressOutputStream(output, listener, this.bodyLength); 357 } 358 int b = this.body.read(); 359 while (b != -1) { 360 output.write(b); 361 b = this.body.read(); 362 } 363 output.close(); 364 } catch (IOException e) { 365 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 366 } 367 } 368 369 /** 370 * Resets the InputStream containing this request's body. 371 * 372 * <p>This method will be called before each attempt to resend the request, giving subclasses an opportunity to 373 * reset any streams that need to be read when sending the body.</p> 374 * 375 * @throws IOException if the stream cannot be reset. 376 */ 377 protected void resetBody() throws IOException { 378 if (this.body != null) { 379 this.body.reset(); 380 } 381 } 382 383 void setBackoffCounter(BackoffCounter counter) { 384 this.backoffCounter = counter; 385 } 386 387 private BoxAPIResponse trySend(ProgressListener listener) { 388 if (this.api != null) { 389 RequestInterceptor interceptor = this.api.getRequestInterceptor(); 390 if (interceptor != null) { 391 BoxAPIResponse response = interceptor.onRequest(this); 392 if (response != null) { 393 return response; 394 } 395 } 396 } 397 398 HttpURLConnection connection = this.createConnection(); 399 400 if (this.bodyLength > 0) { 401 connection.setFixedLengthStreamingMode((int) this.bodyLength); 402 connection.setDoOutput(true); 403 } 404 405 if (this.api != null) { 406 if (this.shouldAuthenticate) { 407 connection.addRequestProperty(HttpHeaders.AUTHORIZATION, "Bearer " + this.api.lockAccessToken()); 408 } 409 connection.setRequestProperty("User-Agent", this.api.getUserAgent()); 410 if (this.api.getProxy() != null) { 411 if (this.api.getProxyUsername() != null && this.api.getProxyPassword() != null) { 412 String usernameAndPassword = this.api.getProxyUsername() + ":" + this.api.getProxyPassword(); 413 String encoded = new String(Base64.encode(usernameAndPassword.getBytes())); 414 connection.addRequestProperty("Proxy-Authorization", "Basic " + encoded); 415 } 416 } 417 418 if (this.api instanceof SharedLinkAPIConnection) { 419 SharedLinkAPIConnection sharedItemAPI = (SharedLinkAPIConnection) this.api; 420 String sharedLink = sharedItemAPI.getSharedLink(); 421 String boxAPIValue = "shared_link=" + sharedLink; 422 String sharedLinkPassword = sharedItemAPI.getSharedLinkPassword(); 423 if (sharedLinkPassword != null) { 424 boxAPIValue += "&shared_link_password=" + sharedLinkPassword; 425 } 426 connection.addRequestProperty("BoxApi", boxAPIValue); 427 } 428 } 429 430 this.requestProperties = connection.getRequestProperties(); 431 432 int responseCode; 433 try { 434 this.writeBody(connection, listener); 435 436 // Ensure that we're connected in case writeBody() didn't write anything. 437 try { 438 connection.connect(); 439 } catch (IOException e) { 440 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 441 } 442 443 this.logRequest(connection); 444 445 // We need to manually handle redirects by creating a new HttpURLConnection so that connection pooling 446 // happens correctly. There seems to be a bug in Oracle's Java implementation where automatically handled 447 // redirects will not keep the connection alive. 448 try { 449 responseCode = connection.getResponseCode(); 450 } catch (IOException e) { 451 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 452 } 453 } finally { 454 if (this.api != null && this.shouldAuthenticate) { 455 this.api.unlockAccessToken(); 456 } 457 } 458 459 if (isResponseRedirect(responseCode)) { 460 return this.handleRedirect(connection, listener); 461 } 462 463 String contentType = connection.getContentType(); 464 BoxAPIResponse response; 465 if (contentType == null) { 466 response = new BoxAPIResponse(connection); 467 } else if (contentType.contains("application/json")) { 468 response = new BoxJSONResponse(connection); 469 } else { 470 response = new BoxAPIResponse(connection); 471 } 472 473 return response; 474 } 475 476 private BoxAPIResponse handleRedirect(HttpURLConnection connection, ProgressListener listener) { 477 if (this.numRedirects >= MAX_REDIRECTS) { 478 throw new BoxAPIException("The Box API responded with too many redirects."); 479 } 480 this.numRedirects++; 481 482 // Even though the redirect response won't have a body, we need to read the InputStream so that Java will put 483 // the connection back in the connection pool. 484 try { 485 InputStream stream = connection.getInputStream(); 486 byte[] buffer = new byte[8192]; 487 int n = stream.read(buffer); 488 while (n != -1) { 489 n = stream.read(buffer); 490 } 491 stream.close(); 492 } catch (IOException e) { 493 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 494 } 495 496 String redirect = connection.getHeaderField("Location"); 497 try { 498 this.url = new URL(redirect); 499 } catch (MalformedURLException e) { 500 throw new BoxAPIException("The Box API responded with an invalid redirect.", e); 501 } 502 503 if (this.followRedirects) { 504 return this.trySend(listener); 505 } else { 506 BoxRedirectResponse redirectResponse = new BoxRedirectResponse(); 507 redirectResponse.setRedirectURL(this.url); 508 return redirectResponse; 509 } 510 } 511 512 private void logRequest(HttpURLConnection connection) { 513 if (LOGGER.isLoggable(Level.FINE)) { 514 LOGGER.log(Level.FINE, this.toString()); 515 } 516 } 517 518 private HttpURLConnection createConnection() { 519 HttpURLConnection connection = null; 520 521 try { 522 if (this.api == null || this.api.getProxy() == null) { 523 connection = (HttpURLConnection) this.url.openConnection(); 524 } else { 525 connection = (HttpURLConnection) this.url.openConnection(this.api.getProxy()); 526 } 527 } catch (IOException e) { 528 throw new BoxAPIException("Couldn't connect to the Box API due to a network error.", e); 529 } 530 531 try { 532 connection.setRequestMethod(this.method); 533 } catch (ProtocolException e) { 534 throw new BoxAPIException("Couldn't connect to the Box API because the request's method was invalid.", e); 535 } 536 537 connection.setConnectTimeout(this.timeout); 538 connection.setReadTimeout(this.timeout); 539 540 // Don't allow HttpURLConnection to automatically redirect because it messes up the connection pool. See the 541 // trySend(ProgressListener) method for how we handle redirects. 542 connection.setInstanceFollowRedirects(false); 543 544 for (RequestHeader header : this.headers) { 545 connection.addRequestProperty(header.getKey(), header.getValue()); 546 } 547 548 return connection; 549 } 550 551 void shouldAuthenticate(boolean shouldAuthenticate) { 552 this.shouldAuthenticate = shouldAuthenticate; 553 } 554 555 private static boolean isResponseRetryable(int responseCode) { 556 return (responseCode >= 500 || responseCode == 429); 557 } 558 559 private static boolean isResponseRedirect(int responseCode) { 560 return (responseCode == 301 || responseCode == 302); 561 } 562 563 /** 564 * Class for mapping a request header and value. 565 */ 566 public final class RequestHeader { 567 private final String key; 568 private final String value; 569 570 /** 571 * Construct a request header from header key and value. 572 * @param key header name 573 * @param value header value 574 */ 575 public RequestHeader(String key, String value) { 576 this.key = key; 577 this.value = value; 578 } 579 580 /** 581 * Get header key. 582 * @return http header name 583 */ 584 public String getKey() { 585 return this.key; 586 } 587 588 /** 589 * Get header value. 590 * @return http header value 591 */ 592 public String getValue() { 593 return this.value; 594 } 595 } 596}