You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2013/06/12 17:31:31 UTC
svn commit: r1492241 - in
/httpcomponents/httpasyncclient/trunk/httpasyncclient/src:
main/java/org/apache/http/impl/nio/client/MainClientExec.java
test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java
Author: olegk
Date: Wed Jun 12 15:31:31 2013
New Revision: 1492241
URL: http://svn.apache.org/r1492241
Log:
HTTPCLIENT-1344: Userinfo credentials in URI should not default to preemptive BASIC authentication
HTTPCLIENT-1345: Useinfo credentials ignored in redirect location header
Modified:
httpcomponents/httpasyncclient/trunk/httpasyncclient/src/main/java/org/apache/http/impl/nio/client/MainClientExec.java
httpcomponents/httpasyncclient/trunk/httpasyncclient/src/test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java
Modified: httpcomponents/httpasyncclient/trunk/httpasyncclient/src/main/java/org/apache/http/impl/nio/client/MainClientExec.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpasyncclient/trunk/httpasyncclient/src/main/java/org/apache/http/impl/nio/client/MainClientExec.java?rev=1492241&r1=1492240&r2=1492241&view=diff
==============================================================================
--- httpcomponents/httpasyncclient/trunk/httpasyncclient/src/main/java/org/apache/http/impl/nio/client/MainClientExec.java (original)
+++ httpcomponents/httpasyncclient/trunk/httpasyncclient/src/main/java/org/apache/http/impl/nio/client/MainClientExec.java Wed Jun 12 15:31:31 2013
@@ -45,6 +45,7 @@ import org.apache.http.ProtocolException
import org.apache.http.auth.AUTH;
import org.apache.http.auth.AuthProtocolState;
import org.apache.http.auth.AuthScheme;
+import org.apache.http.auth.AuthScope;
import org.apache.http.auth.AuthState;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.AuthenticationStrategy;
@@ -65,7 +66,6 @@ import org.apache.http.conn.routing.Http
import org.apache.http.conn.routing.HttpRouteDirector;
import org.apache.http.conn.routing.HttpRoutePlanner;
import org.apache.http.conn.routing.RouteTracker;
-import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.auth.HttpAuthenticator;
import org.apache.http.message.BasicHttpRequest;
import org.apache.http.nio.ContentDecoder;
@@ -457,17 +457,7 @@ class MainClientExec implements Internal
final HttpClientContext localContext = state.getLocalContext();
final HttpRequestWrapper currentRequest = state.getCurrentRequest();
final HttpRoute route = state.getRoute();
- // Get user info from the URI
- final URI requestURI = currentRequest.getURI();
- if (requestURI != null) {
- final String userinfo = requestURI.getUserInfo();
- if (userinfo != null) {
- final AuthState targetAuthState = localContext.getTargetAuthState();
- targetAuthState.update(new BasicScheme(), new UsernamePasswordCredentials(userinfo));
- }
- }
- HttpHost target = null;
final HttpRequest original = currentRequest.getOriginal();
URI uri = null;
if (original instanceof HttpUriRequest) {
@@ -478,10 +468,18 @@ class MainClientExec implements Internal
uri = URI.create(uriString);
} catch (final IllegalArgumentException ex) {
if (this.log.isDebugEnabled()) {
- this.log.debug("Unable to parse '" + uriString + "' request URI: " + ex.getMessage());
+ this.log.debug("Unable to parse '" + uriString + "' as a valid URI; " +
+ "request URI and Host header may be inconsistent", ex);
}
}
+
}
+ currentRequest.setURI(uri);
+
+ // Re-write request URI if needed
+ rewriteRequestURI(state);
+
+ HttpHost target = null;
if (uri != null && uri.isAbsolute() && uri.getHost() != null) {
target = new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
}
@@ -489,8 +487,16 @@ class MainClientExec implements Internal
target = route.getTargetHost();
}
- // Re-write request URI if needed
- rewriteRequestURI(state);
+ // Get user info from the URI
+ if (uri != null) {
+ final String userinfo = uri.getUserInfo();
+ if (userinfo != null) {
+ final CredentialsProvider credsProvider = localContext.getCredentialsProvider();
+ credsProvider.setCredentials(
+ new AuthScope(target),
+ new UsernamePasswordCredentials(userinfo));
+ }
+ }
localContext.setAttribute(HttpClientContext.HTTP_REQUEST, currentRequest);
localContext.setAttribute(HttpClientContext.HTTP_TARGET_HOST, target);
Modified: httpcomponents/httpasyncclient/trunk/httpasyncclient/src/test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpasyncclient/trunk/httpasyncclient/src/test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java?rev=1492241&r1=1492240&r2=1492241&view=diff
==============================================================================
--- httpcomponents/httpasyncclient/trunk/httpasyncclient/src/test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java (original)
+++ httpcomponents/httpasyncclient/trunk/httpasyncclient/src/test/java/org/apache/http/nio/client/integration/TestClientAuthentication.java Wed Jun 12 15:31:31 2013
@@ -36,6 +36,7 @@ import org.apache.http.HttpAsyncTestBase
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
+import org.apache.http.HttpInetConnection;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.HttpResponse;
@@ -62,6 +63,7 @@ import org.apache.http.impl.nio.client.H
import org.apache.http.localserver.BasicAuthTokenExtractor;
import org.apache.http.localserver.RequestBasicAuth;
import org.apache.http.localserver.ResponseBasicUnauthorized;
+import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicHttpResponse;
import org.apache.http.nio.NHttpConnectionFactory;
import org.apache.http.nio.entity.NByteArrayEntity;
@@ -78,13 +80,13 @@ import org.apache.http.nio.reactor.Liste
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HTTP;
import org.apache.http.protocol.HttpContext;
+import org.apache.http.protocol.HttpCoreContext;
import org.apache.http.protocol.HttpRequestHandler;
import org.apache.http.protocol.ImmutableHttpProcessor;
import org.apache.http.protocol.ResponseConnControl;
import org.apache.http.protocol.ResponseContent;
import org.apache.http.protocol.ResponseDate;
import org.apache.http.protocol.ResponseServer;
-import org.apache.http.util.EntityUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@@ -522,7 +524,6 @@ public class TestClientAuthentication ex
final HttpEntity entity = response.getEntity();
Assert.assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
Assert.assertNotNull(entity);
- EntityUtils.consume(entity);
}
@Test
@@ -544,7 +545,47 @@ public class TestClientAuthentication ex
final HttpEntity entity = response.getEntity();
Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getStatusLine().getStatusCode());
Assert.assertNotNull(entity);
- EntityUtils.consume(entity);
+ }
+
+ private static class RedirectHandler implements HttpRequestHandler {
+
+ public RedirectHandler() {
+ super();
+ }
+
+ public void handle(
+ final HttpRequest request,
+ final HttpResponse response,
+ final HttpContext context) throws HttpException, IOException {
+ final HttpInetConnection conn = (HttpInetConnection) context.getAttribute(HttpCoreContext.HTTP_CONNECTION);
+ final String localhost = conn.getLocalAddress().getHostName();
+ final int port = conn.getLocalPort();
+ response.setStatusCode(HttpStatus.SC_MOVED_PERMANENTLY);
+ response.addHeader(new BasicHeader("Location",
+ "http://test:test@" + localhost + ":" + port + "/"));
+ }
+
+ }
+
+ @Test
+ public void testAuthenticationUserinfoInRedirectSuccess() throws Exception {
+ final UriHttpAsyncRequestHandlerMapper registry = new UriHttpAsyncRequestHandlerMapper();
+ registry.register("*", new BasicAsyncRequestHandler(new AuthHandler()));
+ registry.register("/thatway", new BasicAsyncRequestHandler(new RedirectHandler()));
+
+ this.httpclient = HttpAsyncClients.custom()
+ .setConnectionManager(this.connMgr)
+ .build();
+
+ final HttpHost target = start(registry, null);
+
+ final HttpGet httpget = new HttpGet("http://test:test@" + target.toHostString() + "/thatway");
+ final Future<HttpResponse> future = this.httpclient.execute(target, httpget, null);
+ final HttpResponse response = future.get();
+ Assert.assertNotNull(response);
+ final HttpEntity entity = response.getEntity();
+ Assert.assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
+ Assert.assertNotNull(entity);
}
}
\ No newline at end of file