You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2013/06/12 17:31:31 UTC

svn commit: r1492241 - in /httpcomponents/httpasyncclient/trunk/httpasyncclient/src: main/java/org/apache/http/impl/nio/client/MainClientExec.java test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java

Author: olegk
Date: Wed Jun 12 15:31:31 2013
New Revision: 1492241

URL: http://svn.apache.org/r1492241
Log:
HTTPCLIENT-1344: Userinfo credentials in URI should not default to preemptive BASIC authentication
HTTPCLIENT-1345: Useinfo credentials ignored in redirect location header

Modified:
    httpcomponents/httpasyncclient/trunk/httpasyncclient/src/main/java/org/apache/http/impl/nio/client/MainClientExec.java
    httpcomponents/httpasyncclient/trunk/httpasyncclient/src/test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java

Modified: httpcomponents/httpasyncclient/trunk/httpasyncclient/src/main/java/org/apache/http/impl/nio/client/MainClientExec.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpasyncclient/trunk/httpasyncclient/src/main/java/org/apache/http/impl/nio/client/MainClientExec.java?rev=1492241&r1=1492240&r2=1492241&view=diff
==============================================================================
--- httpcomponents/httpasyncclient/trunk/httpasyncclient/src/main/java/org/apache/http/impl/nio/client/MainClientExec.java (original)
+++ httpcomponents/httpasyncclient/trunk/httpasyncclient/src/main/java/org/apache/http/impl/nio/client/MainClientExec.java Wed Jun 12 15:31:31 2013
@@ -45,6 +45,7 @@ import org.apache.http.ProtocolException
 import org.apache.http.auth.AUTH;
 import org.apache.http.auth.AuthProtocolState;
 import org.apache.http.auth.AuthScheme;
+import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.AuthState;
 import org.apache.http.auth.UsernamePasswordCredentials;
 import org.apache.http.client.AuthenticationStrategy;
@@ -65,7 +66,6 @@ import org.apache.http.conn.routing.Http
 import org.apache.http.conn.routing.HttpRouteDirector;
 import org.apache.http.conn.routing.HttpRoutePlanner;
 import org.apache.http.conn.routing.RouteTracker;
-import org.apache.http.impl.auth.BasicScheme;
 import org.apache.http.impl.auth.HttpAuthenticator;
 import org.apache.http.message.BasicHttpRequest;
 import org.apache.http.nio.ContentDecoder;
@@ -457,17 +457,7 @@ class MainClientExec implements Internal
         final HttpClientContext localContext = state.getLocalContext();
         final HttpRequestWrapper currentRequest = state.getCurrentRequest();
         final HttpRoute route = state.getRoute();
-        // Get user info from the URI
-        final URI requestURI = currentRequest.getURI();
-        if (requestURI != null) {
-            final String userinfo = requestURI.getUserInfo();
-            if (userinfo != null) {
-                final AuthState targetAuthState = localContext.getTargetAuthState();
-                targetAuthState.update(new BasicScheme(), new UsernamePasswordCredentials(userinfo));
-            }
-        }
 
-        HttpHost target = null;
         final HttpRequest original = currentRequest.getOriginal();
         URI uri = null;
         if (original instanceof HttpUriRequest) {
@@ -478,10 +468,18 @@ class MainClientExec implements Internal
                 uri = URI.create(uriString);
             } catch (final IllegalArgumentException ex) {
                 if (this.log.isDebugEnabled()) {
-                    this.log.debug("Unable to parse '" + uriString + "' request URI: " + ex.getMessage());
+                    this.log.debug("Unable to parse '" + uriString + "' as a valid URI; " +
+                        "request URI and Host header may be inconsistent", ex);
                 }
             }
+
         }
+        currentRequest.setURI(uri);
+
+        // Re-write request URI if needed
+        rewriteRequestURI(state);
+
+        HttpHost target = null;
         if (uri != null && uri.isAbsolute() && uri.getHost() != null) {
             target = new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
         }
@@ -489,8 +487,16 @@ class MainClientExec implements Internal
             target = route.getTargetHost();
         }
 
-        // Re-write request URI if needed
-        rewriteRequestURI(state);
+        // Get user info from the URI
+        if (uri != null) {
+            final String userinfo = uri.getUserInfo();
+            if (userinfo != null) {
+                final CredentialsProvider credsProvider = localContext.getCredentialsProvider();
+                credsProvider.setCredentials(
+                        new AuthScope(target),
+                        new UsernamePasswordCredentials(userinfo));
+            }
+        }
 
         localContext.setAttribute(HttpClientContext.HTTP_REQUEST, currentRequest);
         localContext.setAttribute(HttpClientContext.HTTP_TARGET_HOST, target);

Modified: httpcomponents/httpasyncclient/trunk/httpasyncclient/src/test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpasyncclient/trunk/httpasyncclient/src/test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java?rev=1492241&r1=1492240&r2=1492241&view=diff
==============================================================================
--- httpcomponents/httpasyncclient/trunk/httpasyncclient/src/test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java (original)
+++ httpcomponents/httpasyncclient/trunk/httpasyncclient/src/test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java Wed Jun 12 15:31:31 2013
@@ -36,6 +36,7 @@ import org.apache.http.HttpAsyncTestBase
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpException;
 import org.apache.http.HttpHost;
+import org.apache.http.HttpInetConnection;
 import org.apache.http.HttpRequest;
 import org.apache.http.HttpRequestInterceptor;
 import org.apache.http.HttpResponse;
@@ -62,6 +63,7 @@ import org.apache.http.impl.nio.client.H
 import org.apache.http.localserver.BasicAuthTokenExtractor;
 import org.apache.http.localserver.RequestBasicAuth;
 import org.apache.http.localserver.ResponseBasicUnauthorized;
+import org.apache.http.message.BasicHeader;
 import org.apache.http.message.BasicHttpResponse;
 import org.apache.http.nio.NHttpConnectionFactory;
 import org.apache.http.nio.entity.NByteArrayEntity;
@@ -78,13 +80,13 @@ import org.apache.http.nio.reactor.Liste
 import org.apache.http.protocol.BasicHttpContext;
 import org.apache.http.protocol.HTTP;
 import org.apache.http.protocol.HttpContext;
+import org.apache.http.protocol.HttpCoreContext;
 import org.apache.http.protocol.HttpRequestHandler;
 import org.apache.http.protocol.ImmutableHttpProcessor;
 import org.apache.http.protocol.ResponseConnControl;
 import org.apache.http.protocol.ResponseContent;
 import org.apache.http.protocol.ResponseDate;
 import org.apache.http.protocol.ResponseServer;
-import org.apache.http.util.EntityUtils;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
@@ -522,7 +524,6 @@ public class TestClientAuthentication ex
         final HttpEntity entity = response.getEntity();
         Assert.assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
         Assert.assertNotNull(entity);
-        EntityUtils.consume(entity);
     }
 
     @Test
@@ -544,7 +545,47 @@ public class TestClientAuthentication ex
         final HttpEntity entity = response.getEntity();
         Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getStatusLine().getStatusCode());
         Assert.assertNotNull(entity);
-        EntityUtils.consume(entity);
+    }
+
+    private static class RedirectHandler implements HttpRequestHandler {
+
+        public RedirectHandler() {
+            super();
+        }
+
+        public void handle(
+                final HttpRequest request,
+                final HttpResponse response,
+                final HttpContext context) throws HttpException, IOException {
+            final HttpInetConnection conn = (HttpInetConnection) context.getAttribute(HttpCoreContext.HTTP_CONNECTION);
+            final String localhost = conn.getLocalAddress().getHostName();
+            final int port = conn.getLocalPort();
+            response.setStatusCode(HttpStatus.SC_MOVED_PERMANENTLY);
+            response.addHeader(new BasicHeader("Location",
+                    "http://test:test@" + localhost + ":" + port + "/"));
+        }
+
+    }
+
+    @Test
+    public void testAuthenticationUserinfoInRedirectSuccess() throws Exception {
+        final UriHttpAsyncRequestHandlerMapper registry = new UriHttpAsyncRequestHandlerMapper();
+        registry.register("*", new BasicAsyncRequestHandler(new AuthHandler()));
+        registry.register("/thatway", new BasicAsyncRequestHandler(new RedirectHandler()));
+
+        this.httpclient = HttpAsyncClients.custom()
+            .setConnectionManager(this.connMgr)
+            .build();
+
+        final HttpHost target = start(registry, null);
+
+        final HttpGet httpget = new HttpGet("http://test:test@" +  target.toHostString() + "/thatway");
+        final Future<HttpResponse> future = this.httpclient.execute(target, httpget, null);
+        final HttpResponse response = future.get();
+        Assert.assertNotNull(response);
+        final HttpEntity entity = response.getEntity();
+        Assert.assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
+        Assert.assertNotNull(entity);
     }
 
 }
\ No newline at end of file