Tweaked TU Darmstadt ShibHttpClient to deal with HTTP tunnel proxies.

[spaetow]

• Switched to CloseableHttpClient to gain access to JVM proxy settings
• Switched to HttpRequest (from HttpUriRequest) to cope with BasicHttpRequest objects
• Cleaned up unused classes
• Cleaned up indenting

[reckart]

Thanks for the patch. Can you please leave a note here stating that you contribute your changes under the Apache Software License 2.0?

[reckart]

The patch upgrades to the Apache Http Client 4.3. This breaks POST requests. The patch also breaks the anyCert parameter. I fixed these two problems (I hope). Can you please check if your setup still works with the new version?

[spaetow]

Hmmm, interesting. How does it break POST requests? I'll re-run it…

And yes, the changes are under Apache Software Licence 2.0 as the original was. Please credit Diamond Light Source Ltd. :-)

[reckart]

A POST request cannot be re-sent. This, when the shib-http-client gets a POST request, it first tries to "knock" at the target URL using a HEAD request to see if authentication is necessary.

For this, the shib-http-client needs to unwrap the http request object to access the URL from the request (don't ask me why the Apache HTTP client does this wrapping). To know if it needs to unwrap, it uses an "instanceof" condition. From version 4.2.3 to version 4.3, the wrapper class changed, so the instanceof did not work anymore. I updated the instanceof, and it appears to work again (at least for me).

There is more deprecated API used now, but I currently do not see how to replace it.

[spaetow]

Ahhh, I see. I didn't get that far (I suppose I should've run the tests too). I'll test things here.

[reckart]

The tests I have are in another project that accesses the DARIAH storage. Unfortunately, the shib-http-client itself doesn't have any tests due to the lack of an easy way of setting up a test IDP and SP during a unit test. At least I know of none… which doesn't need to mean much. Maybe you know of something?