Preemptive Authentication POC

src/main/java/org/opensearch/jdbc/config/ConnectionConfig.java

@@ -46,6 +46,7 @@ public class ConnectionConfig {
     private String trustStoreType;
     private boolean trustSelfSigned;
     private boolean hostnameVerification;
+    private boolean usePreemptiveAuth;
 
     private ConnectionConfig(Builder builder) {
         this.url = builder.getUrl();
@@ -80,6 +81,8 @@ private ConnectionConfig(Builder builder) {
         this.trustSelfSigned = builder.getTrustSelfSignedConnectionProperty().getValue();
 
         this.hostnameVerification = builder.getHostnameVerificationConnectionProperty().getValue();
+
+        this.usePreemptiveAuth = builder.getUsePreemptiveAuthConnectionProperty().getValue();
     }
 
     public static Builder builder() {
@@ -182,6 +185,10 @@ public boolean hostnameVerification() {
         return hostnameVerification;
     }
 
+    public boolean usePreemptiveAuth() {
+        return usePreemptiveAuth;
+    }
+
     @Override
     public String toString() {
         return "ConnectionConfig{" +
@@ -209,6 +216,7 @@ public String toString() {
                 ", trustStoreType='" + trustStoreType + '\'' +
                 ", trustSelfSigned='" + trustSelfSigned + '\'' +
                 ", hostnameVerification='" + hostnameVerification + '\'' +
+                ", usePreemptiveAuth='" + usePreemptiveAuth + '\'' +
                 '}';
     }
 
@@ -256,6 +264,9 @@ public static class Builder {
         private HostnameVerificationConnectionProperty hostnameVerificationConnectionProperty
                 = new HostnameVerificationConnectionProperty();
 
+        private UsePreemptiveAuthProperty usePreemptiveAuthConnectionProperty
+                = new UsePreemptiveAuthProperty();
+
         ConnectionProperty[] connectionProperties = new ConnectionProperty[]{
                 hostProperty,
                 portProperty,
@@ -278,7 +289,8 @@ public static class Builder {
                 trustStorePasswordConnectionProperty,
                 trustStoreTypeConnectionProperty,
                 trustSelfSignedConnectionProperty,
-                hostnameVerificationConnectionProperty
+                hostnameVerificationConnectionProperty,
+                usePreemptiveAuthConnectionProperty
         };
 
         private String url = null;
@@ -385,6 +397,10 @@ public HostnameVerificationConnectionProperty getHostnameVerificationConnectionP
             return hostnameVerificationConnectionProperty;
         }
 
+        public UsePreemptiveAuthProperty getUsePreemptiveAuthConnectionProperty() {
+            return usePreemptiveAuthConnectionProperty;
+        }
+
         public Builder setLogWriter(PrintWriter printWriter) {
             this.logWriter = printWriter;
             return this;

src/main/java/org/opensearch/jdbc/config/UsePreemptiveAuthProperty.java

@@ -0,0 +1,20 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+
+package org.opensearch.jdbc.config;
+
+public class UsePreemptiveAuthProperty extends BoolConnectionProperty {
+    public static final String KEY = "usePreemptiveAuth";
+
+    public UsePreemptiveAuthProperty() {
+        super(KEY);
+    }
+
+    @Override
+    public Boolean getDefault() {
+        return false;
+    }
+}

src/main/java/org/opensearch/jdbc/transport/http/ApacheHttpTransport.java

@@ -6,6 +6,9 @@
 
 package org.opensearch.jdbc.transport.http;
 
+import org.apache.http.auth.AuthenticationException;
+import org.apache.http.auth.Credentials;
+import org.apache.http.impl.auth.BasicScheme;
 import org.opensearch.jdbc.auth.AuthenticationType;
 import org.opensearch.jdbc.config.ConnectionConfig;
 import org.opensearch.jdbc.logging.Logger;
@@ -64,12 +67,14 @@ public class ApacheHttpTransport implements HttpTransport, LoggingSource {
 
     private RequestConfig requestConfig;
     private CloseableHttpClient httpClient;
+    private Credentials preemptiveCreds;
 
     public ApacheHttpTransport(ConnectionConfig connectionConfig, Logger log, String userAgent) throws TransportException {
         this.host = connectionConfig.getHost();
         this.port = connectionConfig.getPort();
         this.scheme = connectionConfig.isUseSSL() ? "https" : "http";
         this.path = connectionConfig.getPath();
+        this.preemptiveCreds = null;
 
         updateRequestConfig();
 
@@ -106,6 +111,11 @@ public ApacheHttpTransport(ConnectionConfig connectionConfig, Logger log, String
             basicCredsProvider.setCredentials(
                     AuthScope.ANY,
                     new UsernamePasswordCredentials(connectionConfig.getUser(), connectionConfig.getPassword()));
+
+            // sets the credentials for authentication on the first request
+            if (connectionConfig.usePreemptiveAuth()) {
+                this.preemptiveCreds = basicCredsProvider.getCredentials(AuthScope.ANY);
+            }
             httpClientBuilder.setDefaultCredentialsProvider(basicCredsProvider);
 
         } else if (connectionConfig.getAuthenticationType() == AuthenticationType.AWS_SIGV4) {
@@ -239,8 +249,12 @@ private CloseableHttpResponse doGet(URI uri, Header[] headers, int readTimeout)
             HttpGet request = new HttpGet(uri);
             request.setHeaders(headers);
             request.setConfig(getRequestConfig());
+
+            if (this.preemptiveCreds != null) {
+                request.addHeader(new BasicScheme().authenticate(this.preemptiveCreds, request, null));
+            }
             return httpClient.execute(request);
-        } catch (IOException e) {
+        } catch (IOException | AuthenticationException e) {
             throw new TransportException(e);
         }
     }