You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by mb...@apache.org on 2003/09/08 03:49:15 UTC
cvs commit: jakarta-commons/httpclient/src/test/org/apache/commons/httpclient TestAuthenticator.java
mbecke 2003/09/07 18:49:15
Modified: httpclient/src/java/org/apache/commons/httpclient/auth Tag:
HTTPCLIENT_2_0_BRANCH DigestScheme.java
httpclient/src/test/org/apache/commons/httpclient Tag:
HTTPCLIENT_2_0_BRANCH TestAuthenticator.java
Log:
Adds support for stale digest nonce values.
PR: 22655
Submitted by: Michael Becke
Reviewed by: Oleg Kalnichevski
Revision Changes Path
No revision
No revision
1.4.2.2 +19 -3 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java
Index: DigestScheme.java
===================================================================
RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java,v
retrieving revision 1.4.2.1
retrieving revision 1.4.2.2
diff -u -r1.4.2.1 -r1.4.2.2
--- DigestScheme.java 13 Aug 2003 19:58:14 -0000 1.4.2.1
+++ DigestScheme.java 8 Sep 2003 01:49:15 -0000 1.4.2.2
@@ -104,6 +104,22 @@
};
/**
+ * Gets an ID based upon the realm and the nonce value. This ensures that requests
+ * to the same realm with different nonce values will succeed. This differentiation
+ * allows servers to request re-authentication using a fresh nonce value.
+ */
+ public String getID() {
+
+ String id = getRealm();
+ String nonce = getParameter("nonce");
+ if (nonce != null) {
+ id += "-" + nonce;
+ }
+
+ return id;
+ }
+
+ /**
* Constructor for the digest authentication scheme.
*
* @param challenge The authentication challenge
No revision
No revision
1.25.2.2 +37 -4 jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java
Index: TestAuthenticator.java
===================================================================
RCS file: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v
retrieving revision 1.25.2.1
retrieving revision 1.25.2.2
diff -u -r1.25.2.1 -r1.25.2.2
--- TestAuthenticator.java 8 Aug 2003 06:38:06 -0000 1.25.2.1
+++ TestAuthenticator.java 8 Sep 2003 01:49:15 -0000 1.25.2.2
@@ -355,6 +355,39 @@
checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
}
+ public void testDigestAuthenticationWithStaleNonce() throws Exception {
+
+ String headers =
+ "HTTP/1.1 401 OK\r\n" +
+ "Connection: close\r\n" +
+ "Content-Length: 0\r\n" +
+ "WWW-Authenticate: Digest realm=\"realm1\", nonce=\"ABC123\"\r\n";
+ String headers2 =
+ "HTTP/1.1 401 OK\r\n" +
+ "Connection: close\r\n" +
+ "Content-Length: 0\r\n" +
+ "WWW-Authenticate: Digest realm=\"realm1\", nonce=\"321CBA\", stale=\"true\"\r\n";
+ String headers3 =
+ "HTTP/1.1 200 OK\r\n" +
+ "Connection: close\r\n" +
+ "Server: HttpClient Test/2.0\r\n\r\n" +
+ "stuff\r\n";
+
+ SimpleHttpConnection conn = new SimpleHttpConnection();
+
+ conn.addResponse(headers);
+ conn.addResponse(headers2);
+ conn.addResponse(headers3);
+ HttpState state = new HttpState();
+ UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
+ state.setCredentials(null, null, cred);
+
+ SimpleHttpMethod method = new SimpleHttpMethod();
+ method.setDoAuthentication(true);
+ assertEquals("Authentication failed", 200, method.execute(state, conn));
+ checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
+ }
+
public void testDigestAuthenticationWithMultipleRealms() throws Exception {
String challenge1 = "Digest realm=\"realm1\"";
String challenge2 = "Digest realm=\"realm2\"";