You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2013/07/06 16:12:43 UTC
svn commit: r1500275 - in /httpcomponents/httpclient/trunk: RELEASE_NOTES.txt
httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
Author: olegk
Date: Sat Jul 6 14:12:43 2013
New Revision: 1500275
URL: http://svn.apache.org/r1500275
Log:
HTTPCLIENT-1383: HttpClient enters an infinite loop during NTLM authentication if the opposite endpoint keeps responding with a type 2 NTLM response after type 3 MTLM message has already been sent by the client
Added:
httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java (with props)
Modified:
httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
Modified: httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt?rev=1500275&r1=1500274&r2=1500275&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/RELEASE_NOTES.txt (original)
+++ httpcomponents/httpclient/trunk/RELEASE_NOTES.txt Sat Jul 6 14:12:43 2013
@@ -2,6 +2,11 @@
Changes since release 4.3 BETA2
-------------------
+* [HTTPCLIENT-1383] HttpClient enters an infinite loop during NTLM authentication if the opposite
+ endpoint keeps responding with a type 2 NTLM response after type 3 MTLM message has already been
+ sent by the client.
+ Contributed by Oleg Kalnichevski <olegk at apache.org>
+
* [HTTPCLIENT-1372] Refactor HttpMultipart, and add RFC6532 mode, so that headers in post
are no longer constrained to ASCII values.
Contributed by Karl Wright <kwright at apache.org>
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java?rev=1500275&r1=1500274&r2=1500275&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java Sat Jul 6 14:12:43 2013
@@ -99,17 +99,17 @@ public class NTLMScheme extends AuthSche
protected void parseChallenge(
final CharArrayBuffer buffer,
final int beginIndex, final int endIndex) throws MalformedChallengeException {
- final String challenge = buffer.substringTrimmed(beginIndex, endIndex);
- if (challenge.length() == 0) {
+ this.challenge = buffer.substringTrimmed(beginIndex, endIndex);
+ if (this.challenge.length() == 0) {
if (this.state == State.UNINITIATED) {
this.state = State.CHALLENGE_RECEIVED;
} else {
this.state = State.FAILED;
}
- this.challenge = null;
} else {
- this.state = State.MSG_TYPE2_RECEVIED;
- this.challenge = challenge;
+ if (this.state == State.MSG_TYPE1_GENERATED) {
+ this.state = State.MSG_TYPE2_RECEVIED;
+ }
}
}
Added: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java?rev=1500275&view=auto
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java (added)
+++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java Sat Jul 6 14:12:43 2013
@@ -0,0 +1,147 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+package org.apache.http.impl.client.integration;
+
+import org.apache.http.HttpException;
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpHost;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpResponse;
+import org.apache.http.HttpStatus;
+import org.apache.http.HttpVersion;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.NTCredentials;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.localserver.LocalTestServer;
+import org.apache.http.message.BasicStatusLine;
+import org.apache.http.protocol.HttpContext;
+import org.apache.http.protocol.HttpRequestHandler;
+import org.apache.http.util.EntityUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+
+/**
+ * Unit tests for some of the NTLM auth functionality..
+ */
+public class TestClientAuthenticationFakeNTLM extends IntegrationTestBase {
+
+ @Before
+ public void setUp() throws Exception {
+ this.localServer = new LocalTestServer(null, null);
+ }
+
+ static class NtlmResponseHandler implements HttpRequestHandler {
+
+ public void handle(
+ final HttpRequest request,
+ final HttpResponse response,
+ final HttpContext context) throws HttpException, IOException {
+ response.setStatusLine(new BasicStatusLine(
+ HttpVersion.HTTP_1_1,
+ HttpStatus.SC_UNAUTHORIZED,
+ "Authentication Required"));
+ response.setHeader("Connection", "Keep-Alive");
+ response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
+ }
+ }
+
+ @Test
+ public void testNTLMAuthenticationFailure() throws Exception {
+ this.localServer.register("*", new NtlmResponseHandler());
+ this.localServer.start();
+
+ final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
+ credsProvider.setCredentials(AuthScope.ANY,
+ new NTCredentials("test", "test", "", ""));
+
+ this.httpclient = HttpClients.custom()
+ .setDefaultCredentialsProvider(credsProvider)
+ .build();
+
+ final HttpContext context = HttpClientContext.create();
+
+ final HttpHost targethost = getServerHttp();
+ final HttpGet httpget = new HttpGet("/");
+
+ final HttpResponse response = this.httpclient.execute(targethost, httpget, context);
+ EntityUtils.consume(response.getEntity());
+ Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
+ response.getStatusLine().getStatusCode());
+ }
+
+ static class NtlmType2ResponseHandler implements HttpRequestHandler {
+
+ public void handle(
+ final HttpRequest request,
+ final HttpResponse response,
+ final HttpContext context) throws HttpException, IOException {
+ response.setStatusLine(new BasicStatusLine(
+ HttpVersion.HTTP_1_1,
+ HttpStatus.SC_UNAUTHORIZED,
+ "Authentication Required"));
+ response.setHeader("Connection", "Keep-Alive");
+ if (!request.containsHeader(HttpHeaders.AUTHORIZATION)) {
+ response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
+ } else {
+ response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM TlRMTVNTUAACAA" +
+ "AADAAMADgAAAAzwoICLgEjRWfCicKrw43DrwAAAAAAAAAAAAAAAAAAAAAGAHAX" +
+ "AAAAD1MAZQByAHYAZQByAA==");
+ }
+ }
+ }
+
+ @Test
+ public void testNTLMType2() throws Exception {
+ this.localServer.register("*", new NtlmType2ResponseHandler());
+ this.localServer.start();
+
+ final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
+ credsProvider.setCredentials(AuthScope.ANY,
+ new NTCredentials("test", "test", "", ""));
+
+ this.httpclient = HttpClients.custom()
+ .setDefaultCredentialsProvider(credsProvider)
+ .build();
+
+ final HttpContext context = HttpClientContext.create();
+
+ final HttpHost targethost = getServerHttp();
+ final HttpGet httpget = new HttpGet("/");
+
+ final HttpResponse response = this.httpclient.execute(targethost, httpget, context);
+ EntityUtils.consume(response.getEntity());
+ Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
+ response.getStatusLine().getStatusCode());
+ }
+
+}
Propchange: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
------------------------------------------------------------------------------
svn:mime-type = text/plain