You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by rw...@apache.org on 2001/11/16 00:00:38 UTC
cvs commit: jakarta-commons/httpclient/src/test/org/apache/commons/httpclient TestWebappBasicAuth.java
rwaldhoff 01/11/15 15:00:37
Modified: httpclient/src/java/org/apache/commons/httpclient
HttpMethodBase.java
httpclient/src/test/org/apache/commons/httpclient
TestWebappBasicAuth.java
Log:
Fixing bug 4902, Http Authentication with invalid credentials causes infinite loop (unless log.isInfoEnabled is true)
Also adding unit test to TestWebappBasicAuth that demonstrates the bug.
[Paul Bryan's patch]
Revision Changes Path
1.19 +8 -8 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java
Index: HttpMethodBase.java
===================================================================
RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- HttpMethodBase.java 2001/10/12 17:55:35 1.18
+++ HttpMethodBase.java 2001/11/15 23:00:37 1.19
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java,v 1.18 2001/10/12 17:55:35 rwaldhoff Exp $
- * $Revision: 1.18 $
- * $Date: 2001/10/12 17:55:35 $
+ * $Header: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java,v 1.19 2001/11/15 23:00:37 rwaldhoff Exp $
+ * $Revision: 1.19 $
+ * $Date: 2001/11/15 23:00:37 $
* ====================================================================
*
* The Apache Software License, Version 1.1
@@ -109,7 +109,7 @@
*
* @author <a href="mailto:remm@apache.org">Remy Maucherat</a>
* @author Rodney Waldhoff
- * @version $Revision: 1.18 $ $Date: 2001/10/12 17:55:35 $
+ * @version $Revision: 1.19 $ $Date: 2001/11/15 23:00:37 $
*/
public abstract class HttpMethodBase implements HttpMethod {
@@ -453,14 +453,14 @@
if(HttpStatus.SC_UNAUTHORIZED == statusCode) {
Header wwwauth = getResponseHeader("WWW-Authenticate");
if(null != wwwauth) {
- String foo = getPath() + ":" + wwwauth.getValue();
- if(realms.contains(foo)) {
+ String pathAndCreds = getPath() + ":" + wwwauth.getValue();
+ if(realms.contains(pathAndCreds)) {
if(log.isInfoEnabled()) {
log.info("Already tried to authenticate to \"" + wwwauth.getValue() + "\" but still receiving " + HttpStatus.SC_UNAUTHORIZED + ".");
- break;
}
+ break;
} else {
- realms.add(foo);
+ realms.add(pathAndCreds);
}
boolean authenticated = false;
1.3 +34 -4 jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestWebappBasicAuth.java
Index: TestWebappBasicAuth.java
===================================================================
RCS file: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestWebappBasicAuth.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- TestWebappBasicAuth.java 2001/10/04 17:49:13 1.2
+++ TestWebappBasicAuth.java 2001/11/15 23:00:37 1.3
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestWebappBasicAuth.java,v 1.2 2001/10/04 17:49:13 rwaldhoff Exp $
- * $Revision: 1.2 $
- * $Date: 2001/10/04 17:49:13 $
+ * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestWebappBasicAuth.java,v 1.3 2001/11/15 23:00:37 rwaldhoff Exp $
+ * $Revision: 1.3 $
+ * $Date: 2001/11/15 23:00:37 $
* ====================================================================
*
* The Apache Software License, Version 1.1
@@ -83,7 +83,7 @@
* "httpclient.test.webappContext" property.
*
* @author Rodney Waldhoff
- * @version $Id: TestWebappBasicAuth.java,v 1.2 2001/10/04 17:49:13 rwaldhoff Exp $
+ * @version $Id: TestWebappBasicAuth.java,v 1.3 2001/11/15 23:00:37 rwaldhoff Exp $
*/
public class TestWebappBasicAuth extends TestWebappBase {
@@ -220,6 +220,36 @@
assertEquals(200,method.getStatusCode());
assert(method.getResponseBodyAsString().indexOf("<title>BasicAuth Servlet: GET</title>") >= 0);
assert(method.getResponseBodyAsString().indexOf("<p>You have authenticated as \"jakarta:commons\"</p>") >= 0);
+ }
+
+ public void testBadCredFails() throws Exception {
+ HttpClient client = new HttpClient();
+ client.startSession(host, port);
+ GetMethod method = new GetMethod("/" + context + "/auth/basic");
+ method.setUseDisk(false);
+ try {
+ client.executeMethod(method);
+ } catch (Throwable t) {
+ t.printStackTrace();
+ fail("Unable to execute method : " + t.toString());
+ }
+ assertEquals(HttpStatus.SC_UNAUTHORIZED,method.getStatusCode());
+ assert(method.getResponseBodyAsString().indexOf("<title>BasicAuth Servlet: GET</title>") >= 0);
+ assert(method.getResponseBodyAsString().indexOf("<p>Not authorized.</p>") >= 0);
+
+ client.getState().setCredentials("BasicAuthServlet",new UsernamePasswordCredentials("bad","creds"));
+
+ method.recycle();
+ method.setPath("/" + context + "/auth/basic");
+ try {
+ client.executeMethod(method);
+ } catch (Throwable t) {
+ t.printStackTrace();
+ fail("Unable to execute method : " + t.toString());
+ }
+ assertEquals(HttpStatus.SC_UNAUTHORIZED,method.getStatusCode());
+ assert(method.getResponseBodyAsString().indexOf("<title>BasicAuth Servlet: GET</title>") >= 0);
+ assert(method.getResponseBodyAsString().indexOf("<p>Not authorized. \"Basic YmFkOmNyZWRz\" not recognized.</p>") >= 0);
}
}
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>