Package net.sourceforge.plantuml.security

Class SURL

java.lang.Object
net.sourceforge.plantuml.security.SURL
public class SURL extends Object
Secure replacement for java.net.URL.

This class should be used instead of java.net.URL.

This class does some control access and manages access-tokens via URL. If a URL contains a access-token, similar to a user prefix, SURL loads the authorization config for this user-token and passes the credentials to the host.

Example:

     SURL url = SURL.create ("https://[email protected]/api/json")
The jenkins-access will checked against the Security context access token configuration. If a configuration exists for this token name, the token will be removed from the URL and the credentials will be added to the headers. If the token is not found, the URL remains as it is and no separate authentication will be performed.

TODO: Some methods should be moved to a HttpClient implementation, because SURL is not the valid class to manage it.
TODO: BAD_HOSTS implementation should be reviewed and moved to HttpClient implementation with a circuit-breaker.
TODO: Token expiration with refresh should be implemented in future.

  • Field Details

    • WITHOUT_AUTHENTICATION

      public static final String WITHOUT_AUTHENTICATION
      Indicates, that we have no authentication to access the URL.
      See Also:

  • Method Details

    • create

      public static SURL create(String url)
      Create a secure URL from a String.

      The url must be http or https. Return null in case of error or if url is null

      Parameters:
      url - plain url starting by http:// or https//
      Returns:
      the secure URL or null

    • create

      public static SURL create(URL url) throws MalformedURLException, URISyntaxException
      Create a secure URL from a java.net.URL object.

      It takes into account credentials.

      Parameters:
      url -
      Returns:
      the secure URL
      Throws:
      MalformedURLException - if url is null
      URISyntaxException

    • readRasterImageFromURL

      public BufferedImage readRasterImageFromURL()

    • isUrlOk

      public boolean isUrlOk()
      Check SecurityProfile to see if this URL can be opened.

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getBytes

      public byte[] getBytes()
      Reads from an endpoint (with configured credentials and proxy) the response as blob.

      This method allows access to an endpoint, with a configured SecurityCredentials object. The credentials will load on the fly and authentication fetched from an authentication-manager. Caching of tokens is not supported.

      authors: Alain Corbiere, Aljoscha Rittner

      Returns:
      data loaded data from endpoint

    • getBytesOnPost

      public byte[] getBytesOnPost(Proxy proxy, SecurityAuthentication authentication, String data, Map<String,Object> headers)
      Post to an endpoint with a given authentication and proxy the response as blob.

      This method allows a parametrized access to an endpoint, without a configured SecurityCredentials object. This is useful to access internally identity providers (IDP), or authorization servers (to request access tokens).

      This method don't use the "bad-host" functionality, because the access to infrastructure services should not be obfuscated by some internal management.

      Please don't use this method directly from DSL scripts.

      Parameters:
      authentication - authentication object data. Caller is responsible to erase credentials
      proxy - proxy configuration
      data - content to post
      headers - headers, if needed
      Returns:
      loaded data from endpoint

    • openStream

      public InputStream openStream()

    • isAuthorizationConfigured

      public boolean isAuthorizationConfigured()
      Informs, if SecurityCredentials are configured for this connection.
      Returns:
      true, if credentials will be used for a connection