olegk 2004/01/28 13:39:16
Modified: httpclient/src/java/org/apache/commons/httpclient
HttpMethodDirector.java
httpclient/src/java/org/apache/commons/httpclient/auth
AuthPolicy.java
Added: httpclient/src/examples AlternateAuthenticationExample.java
Log:
PR #15297 (Authenticator() - ability to perform alternate authentication)
Contributed by Oleg Kalnichevski
Reviewed by Ortwin Gluek & Michael Becke
Revision Changes Path
1.1
jakarta-commons/httpclient/src/examples/AlternateAuthenticationExample.java
Index: AlternateAuthenticationExample.java
===================================================================
/*
* $Header:
/home/cvs/jakarta-commons/httpclient/src/examples/AlternateAuthenticationExample.java,v
1.1 2004/01/28 21:39:15 olegk Exp $
* $Revision: 1.1 $
* $Date: 2004/01/28 21:39:15 $
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "HttpClient", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.apache.commons.httpclient.methods.GetMethod;
/**
* <p>A simple example that uses alternate authentication scheme selection
* if several authentication challenges are returned.
* </p>
*
* <p>Per default HttpClient picks the authentication challenge in the following
* order of preference: NTLM, Digest, Basic. In certain cases it may be desirable to
* force the use of a weaker authentication scheme.
* </p>
*
* @author Oleg Kalnichevski
*/
public class AlternateAuthenticationExample {
/**
* Constructor for BasicAuthenticatonExample.
*/
public AlternateAuthenticationExample() {
super();
}
public static void main(String[] args) throws Exception {
HttpClient client = new HttpClient();
client.getState().setCredentials("myrealm", "myhost",
new UsernamePasswordCredentials("username", "password"));
// Suppose the site supports several authetication schemes: NTLM and Basic
// Basic authetication is considered inherently insecure. Hence, NTLM
authentication
// is used per default
// This is to make HttpClient pick the Basic authentication scheme over NTLM
& Digest
List authPrefs = new ArrayList(3);
authPrefs.add(AuthPolicy.BASIC);
authPrefs.add(AuthPolicy.NTLM);
authPrefs.add(AuthPolicy.DIGEST);
client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs);
GetMethod httpget = new
GetMethod("http://myhost/protected/auth-required.html";);
try {
int status = client.executeMethod(httpget);
// print the status and response
System.out.println(httpget.getStatusLine());
System.out.println(httpget.getResponseBodyAsString());
} finally {
// release any connection resources used by the method
httpget.releaseConnection();
}
}
}
1.15 +13 -15
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodDirector.java
Index: HttpMethodDirector.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodDirector.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- HttpMethodDirector.java 14 Jan 2004 18:59:27 -0000 1.14
+++ HttpMethodDirector.java 28 Jan 2004 21:39:16 -0000 1.15
@@ -64,9 +64,8 @@
package org.apache.commons.httpclient;
import java.io.IOException;
-import java.util.ArrayList;
+import java.util.Collection;
import java.util.Iterator;
-import java.util.List;
import java.util.Map;
import org.apache.commons.httpclient.auth.AuthChallengeParser;
@@ -137,14 +136,6 @@
/** Whether preemtive proxy authentication is attempted */
private boolean proxyAuthPreemptive = false;
- //TODO: to be parameterized
- private static final List AUTH_PREFERENCES = new ArrayList(3);
- static {
- AUTH_PREFERENCES.add(AuthPolicy.NTLM);
- AUTH_PREFERENCES.add(AuthPolicy.DIGEST);
- AUTH_PREFERENCES.add(AuthPolicy.BASIC);
- }
-
public HttpMethodDirector(
final HttpConnectionManager connectionManager,
final HostConfiguration hostConfiguration,
@@ -766,13 +757,20 @@
private AuthScheme processChallenge(final Map challenges)
throws MalformedChallengeException, AuthenticationException {
+
+ Collection authPrefs = (Collection) this.params.getParameter(
+
AuthPolicy.AUTH_SCHEME_PRIORITY);
+ if (authPrefs == null || authPrefs.isEmpty()) {
+ authPrefs = AuthPolicy.getDefaultAuthPrefs();
+ }
+
AuthScheme authscheme = null;
String challenge = null;
if (LOG.isDebugEnabled()) {
LOG.debug("Supported authentication schemes in the order of preference:
"
- + AUTH_PREFERENCES);
+ + authPrefs);
}
- Iterator item = AUTH_PREFERENCES.iterator();
+ Iterator item = authPrefs.iterator();
while (item.hasNext()) {
String id = (String) item.next();
challenge = (String) challenges.get(id.toLowerCase());
1.2 +49 -12
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthPolicy.java
Index: AuthPolicy.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthPolicy.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- AuthPolicy.java 10 Dec 2003 21:37:42 -0000 1.1
+++ AuthPolicy.java 28 Jan 2004 21:39:16 -0000 1.2
@@ -63,9 +63,9 @@
package org.apache.commons.httpclient.auth;
-import java.util.Collections;
+import java.util.ArrayList;
import java.util.HashMap;
-import java.util.Map;
+import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -90,9 +90,28 @@
*/
public abstract class AuthPolicy {
- private static Map SCHEMES = Collections.synchronizedMap(new HashMap());
+ private static final HashMap SCHEMES = new HashMap();
+ private static final ArrayList SCHEME_LIST = new ArrayList();
/**
+ * The key used to look up the list of IDs of supported [EMAIL PROTECTED]
AuthScheme
+ * authentication schemes} in their order of preference. The scheme IDs are
+ * stored in a [EMAIL PROTECTED] Collection} as [EMAIL PROTECTED]
java.lang.String}s.
+ *
+ * <p>
+ * If several schemes are returned in the <tt>WWW-Authenticate</tt>
+ * or <tt>Proxy-Authenticate</tt> header, this parameter defines which
+ * [EMAIL PROTECTED] AuthScheme authentication schemes} takes precedence over
others.
+ * The first item in the collection represents the most preferred
+ * [EMAIL PROTECTED] AuthScheme authentication scheme}, the last item
represents the ID
+ * of the least preferred one.
+ * </p>
+ *
+ * @see org.apache.commons.httpclient.params.DefaultHttpParams
+ */
+ public static final String AUTH_SCHEME_PRIORITY = "http.auth.scheme-priority";
+
+ /**
* The NTLM scheme is a proprietary Microsoft Windows Authentication
* protocol (considered to be the most secure among currently supported
* authentication schemes).
@@ -111,9 +130,9 @@
public static final String BASIC = "Basic";
static {
- AuthPolicy.registerAuthScheme(BASIC, BasicScheme.class);
+ AuthPolicy.registerAuthScheme(NTLM, NTLMScheme.class);
AuthPolicy.registerAuthScheme(DIGEST, DigestScheme.class);
- AuthPolicy.registerAuthScheme(NTLM, NTLMScheme.class);
+ AuthPolicy.registerAuthScheme(BASIC, BasicScheme.class);
}
/** Log object. */
@@ -125,12 +144,18 @@
* This ID is the same one used to retrieve the [EMAIL PROTECTED] AuthScheme
authentication scheme}
* from [EMAIL PROTECTED] #getAuthScheme(String)}.
*
+ * <p>
+ * Please note that custom authentication preferences, if used, need to be
updated accordingly
+ * for the new [EMAIL PROTECTED] AuthScheme authentication scheme} to take
effect.
+ * </p>
+ *
* @param id the identifier for this scheme
* @param clazz the class to register
*
* @see #getAuthScheme(String)
+ * @see #AUTH_SCHEME_PRIORITY
*/
- public static void registerAuthScheme(final String id, Class clazz) {
+ public static synchronized void registerAuthScheme(final String id, Class
clazz) {
if (id == null) {
throw new IllegalArgumentException("Id may not be null");
}
@@ -138,6 +163,7 @@
throw new IllegalArgumentException("Authentication scheme class may not
be null");
}
SCHEMES.put(id.toLowerCase(), clazz);
+ SCHEME_LIST.add(id.toLowerCase());
}
/**
@@ -146,11 +172,12 @@
*
* @param id the ID of the class to unregister
*/
- public static void unregisterAuthScheme(final String id) {
+ public static synchronized void unregisterAuthScheme(final String id) {
if (id == null) {
throw new IllegalArgumentException("Id may not be null");
}
SCHEMES.remove(id.toLowerCase());
+ SCHEME_LIST.remove(id.toLowerCase());
}
/**
@@ -162,7 +189,7 @@
*
* @throws IllegalStateException if a scheme with the ID cannot be found
*/
- public static AuthScheme getAuthScheme(final String id)
+ public static synchronized AuthScheme getAuthScheme(final String id)
throws IllegalStateException {
if (id == null) {
@@ -181,5 +208,15 @@
} else {
throw new IllegalStateException("Unsupported authentication scheme " +
id);
}
+ }
+
+ /**
+ * Returns a list containing all registered [EMAIL PROTECTED] AuthScheme
authentication
+ * schemes} in their default order.
+ *
+ * @return [EMAIL PROTECTED] AuthScheme authentication scheme}
+ */
+ public static synchronized List getDefaultAuthPrefs() {
+ return (List)SCHEME_LIST.clone();
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
