You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by ol...@apache.org on 2005/11/07 22:32:44 UTC
svn commit: r331601 - in /jakarta/commons/proper/httpclient/trunk/src:
java/org/apache/commons/httpclient/HttpMethodDirector.java
test/org/apache/commons/httpclient/TestProxy.java
Author: olegk
Date: Mon Nov 7 13:32:36 2005
New Revision: 331601
URL: http://svn.apache.org/viewcvs?rev=331601&view=rev
Log:
PR #37345 (ProxyCredentials disclosed to remote host)
Contributed by Oleg Kalnichevski
Reviewed by Michael Becke
Modified:
jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java
jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestProxy.java
Modified: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java
URL: http://svn.apache.org/viewcvs/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java?rev=331601&r1=331600&r2=331601&view=diff
==============================================================================
--- jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java (original)
+++ jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java Mon Nov 7 13:32:36 2005
@@ -160,7 +160,7 @@
LOG.debug("Preemptively sending default basic credentials");
method.getHostAuthState().setPreemptive();
method.getHostAuthState().setAuthAttempted(true);
- if (this.conn.isProxied()) {
+ if (this.conn.isProxied() && !this.conn.isSecure()) {
method.getProxyAuthState().setPreemptive();
method.getProxyAuthState().setAuthAttempted(true);
}
@@ -227,7 +227,9 @@
private void authenticate(final HttpMethod method) {
try {
- authenticateProxy(method);
+ if (this.conn.isProxied() && !this.conn.isSecure()) {
+ authenticateProxy(method);
+ }
authenticateHost(method);
} catch (AuthenticationException e) {
LOG.error(e.getMessage(), e);
Modified: jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestProxy.java
URL: http://svn.apache.org/viewcvs/jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestProxy.java?rev=331601&r1=331600&r2=331601&view=diff
==============================================================================
--- jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestProxy.java (original)
+++ jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestProxy.java Mon Nov 7 13:32:36 2005
@@ -767,6 +767,11 @@
try {
this.client.executeMethod(get);
assertEquals(HttpStatus.SC_OK, get.getStatusCode());
+ if (isUseSSL()) {
+ assertNull(get.getRequestHeader("Proxy-Authorization"));
+ } else {
+ assertNotNull(get.getRequestHeader("Proxy-Authorization"));
+ }
} finally {
get.releaseConnection();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org