You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2013/07/07 13:28:30 UTC
svn commit: r1500406 - in
/httpcomponents/httpclient/branches/4.2.x/httpclient/src:
main/java/org/apache/http/impl/auth/NTLMScheme.java
test/java/org/apache/http/impl/client/TestClientAuthenticationFakeNTLM.java
Author: olegk
Date: Sun Jul 7 11:28:30 2013
New Revision: 1500406
URL: http://svn.apache.org/r1500406
Log:
Follow up to HTTPCLIENT-1383: fixes another infinite loop in case of an out of sequence NTLM response
Contributed by Ricardo Pereira <thc202 at gmail.com>
Modified:
httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/impl/client/TestClientAuthenticationFakeNTLM.java
Modified: httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java?rev=1500406&r1=1500405&r2=1500406&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java (original)
+++ httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java Sun Jul 7 11:28:30 2013
@@ -103,7 +103,9 @@ public class NTLMScheme extends AuthSche
this.state = State.FAILED;
}
} else {
- if (this.state == State.MSG_TYPE1_GENERATED) {
+ if (this.state.compareTo(State.MSG_TYPE1_GENERATED) < 0) {
+ this.state = State.FAILED;
+ } else if (this.state == State.MSG_TYPE1_GENERATED) {
this.state = State.MSG_TYPE2_RECEVIED;
}
}
Modified: httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/impl/client/TestClientAuthenticationFakeNTLM.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/impl/client/TestClientAuthenticationFakeNTLM.java?rev=1500406&r1=1500405&r2=1500406&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/impl/client/TestClientAuthenticationFakeNTLM.java (original)
+++ httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/impl/client/TestClientAuthenticationFakeNTLM.java Sun Jul 7 11:28:30 2013
@@ -169,4 +169,43 @@ public class TestClientAuthenticationFak
response.getStatusLine().getStatusCode());
}
+ static class NtlmType2MessageOnlyResponseHandler implements HttpRequestHandler {
+
+ public void handle(
+ final HttpRequest request,
+ final HttpResponse response,
+ final HttpContext context) throws HttpException, IOException {
+ response.setStatusLine(new BasicStatusLine(
+ HttpVersion.HTTP_1_1,
+ HttpStatus.SC_UNAUTHORIZED,
+ "Authentication Required"));
+ response.setHeader("Connection", "Keep-Alive");
+ response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM TlRMTVNTUAACAA" +
+ "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
+ "AGUAcgB2AGUAcgA=");
+ }
+ }
+
+ @Test
+ public void testNTLMType2MessageOnlyAuthenticationFailure() throws Exception {
+ this.localServer.register("*", new NtlmType2MessageOnlyResponseHandler());
+ this.localServer.start();
+
+ BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
+ credsProvider.setCredentials(AuthScope.ANY,
+ new NTCredentials("test", "test", null, null));
+
+ this.httpclient.setCredentialsProvider(credsProvider);
+
+ HttpContext context = new BasicHttpContext();
+
+ HttpHost targethost = getServerHttp();
+ HttpGet httpget = new HttpGet("/");
+
+ HttpResponse response = this.httpclient.execute(targethost, httpget, context);
+ EntityUtils.consume(response.getEntity());
+ Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
+ response.getStatusLine().getStatusCode());
+ }
+
}