olegk 2004/11/02 11:39:16
Modified: httpclient/src/java/org/apache/commons/httpclient
HttpMethodDirector.java
httpclient/src/java/org/apache/commons/httpclient/auth
AuthState.java
Log:
PR #31981 (SSL + proxy + Host auth + Keep Alive off causes an infinite loop in
HttpMethodDirector)
Contributed by Oleg Kalnichevski
Reviewed by Michael Becke and Rindress MacDonald <rmacdona at enterasys.com>
Revision Changes Path
1.32 +32 -41
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodDirector.java
Index: HttpMethodDirector.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodDirector.java,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- HttpMethodDirector.java 6 Oct 2004 17:32:04 -0000 1.31
+++ HttpMethodDirector.java 2 Nov 2004 19:39:16 -0000 1.32
@@ -90,15 +90,6 @@
/** A flag to indicate if the connection should be released after the method is
executed. */
private boolean releaseConnection = false;
- private static final int AUTH_UNINITIATED = 0;
- private static final int AUTH_PREEMPTIVE = 1;
- private static final int AUTH_WWW_REQUIRED = 2;
- private static final int AUTH_PROXY_REQUIRED = 3;
- private static final int AUTH_NOT_REQUIRED = Integer.MAX_VALUE;
-
- /** Actual state of authentication process */
- private int authProcess = AUTH_UNINITIATED;
-
/** Authentication processor */
private AuthChallengeProcessor authProcessor = null;
@@ -167,7 +158,6 @@
|| this.state.isAuthenticationPreemptive())
{
LOG.debug("Preemptively sending default basic credentials");
- this.authProcess = AUTH_PREEMPTIVE;
method.getHostAuthState().setPreemptive();
if (this.conn.isProxied()) {
method.getProxyAuthState().setPreemptive();
@@ -200,8 +190,6 @@
if (processAuthenticationResponse(method)) {
retry = true;
}
- } else {
- this.authProcess = AUTH_NOT_REQUIRED;
}
if (!retry) {
break;
@@ -265,11 +253,12 @@
// User defined authentication header(s) present
return;
}
- AuthScheme authscheme = method.getHostAuthState().getAuthScheme();
+ AuthState authstate = method.getHostAuthState();
+ AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
- if ((this.authProcess == AUTH_WWW_REQUIRED) ||
(!authscheme.isConnectionBased())) {
+ if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
String host = method.getParams().getVirtualHost();
if (host == null) {
host = conn.getHost();
@@ -307,11 +296,12 @@
// User defined authentication header(s) present
return;
}
- AuthScheme authscheme = method.getProxyAuthState().getAuthScheme();
+ AuthState authstate = method.getProxyAuthState();
+ AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
- if ((this.authProcess == AUTH_PROXY_REQUIRED) ||
(!authscheme.isConnectionBased())) {
+ if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
AuthScope authscope = new AuthScope(
conn.getProxyHost(), conn.getProxyPort(),
authscheme.getRealm(),
@@ -480,12 +470,12 @@
executeWithRetry(this.connectMethod);
code = this.connectMethod.getStatusCode();
boolean retry = false;
- if (code == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED) {
+ AuthState authstate = this.connectMethod.getProxyAuthState();
+ authstate.setAuthRequested(code ==
HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED);
+ if (authstate.isAuthRequested()) {
if (processAuthenticationResponse(this.connectMethod)) {
retry = true;
}
- } else {
- this.authProcess = AUTH_NOT_REQUIRED;
}
if (!retry) {
break;
@@ -682,7 +672,7 @@
authscheme.getRealm(),
authscheme.getSchemeName());
- if ((this.authProcess == AUTH_WWW_REQUIRED) && (authscheme.isComplete())) {
+ if (authstate.isAuthAttempted() && authscheme.isComplete()) {
// Already tried and failed
Credentials credentials = promptForCredentials(
authscheme, method.getParams(), authscope);
@@ -695,8 +685,7 @@
return true;
}
} else {
- this.authProcess = AUTH_WWW_REQUIRED;
-
+ authstate.setAuthAttempted(true);
Credentials credentials = this.state.getCredentials(authscope);
if (credentials == null) {
credentials = promptForCredentials(
@@ -741,7 +730,7 @@
authscheme.getRealm(),
authscheme.getSchemeName());
- if ((this.authProcess == AUTH_PROXY_REQUIRED) && (authscheme.isComplete()))
{
+ if (authstate.isAuthAttempted() && authscheme.isComplete()) {
// Already tried and failed
Credentials credentials = promptForProxyCredentials(
authscheme, method.getParams(), authscope);
@@ -754,8 +743,7 @@
return true;
}
} else {
- this.authProcess = AUTH_PROXY_REQUIRED;
-
+ authstate.setAuthAttempted(true);
Credentials credentials = this.state.getProxyCredentials(authscope);
if (credentials == null) {
credentials = promptForProxyCredentials(
@@ -806,20 +794,23 @@
* @return boolean <tt>true</tt> if a retry is needed, <tt>false</tt> otherwise.
*/
private boolean isAuthenticationNeeded(final HttpMethod method) {
- switch (method.getStatusCode()) {
- case HttpStatus.SC_UNAUTHORIZED:
- case HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED:
- LOG.debug("Authorization required");
- if (method.getDoAuthentication()) { //process authentication
response
- return true;
- } else { //let the client handle the authenticaiton
- LOG.info("Authentication requested but doAuthentication is "
- + "disabled");
- return false;
- }
- default:
+ method.getHostAuthState().setAuthRequested(
+ method.getStatusCode() == HttpStatus.SC_UNAUTHORIZED);
+ method.getProxyAuthState().setAuthRequested(
+ method.getStatusCode() ==
HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED);
+ if (method.getHostAuthState().isAuthRequested() ||
+ method.getProxyAuthState().isAuthRequested()) {
+ LOG.debug("Authorization required");
+ if (method.getDoAuthentication()) { //process authentication response
+ return true;
+ } else { //let the client handle the authenticaiton
+ LOG.info("Authentication requested but doAuthentication is "
+ + "disabled");
return false;
- } //end of switch
+ }
+ } else {
+ return false;
+ }
}
private Credentials promptForCredentials(
1.3 +59 -11
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthState.java
Index: AuthState.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthState.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- AuthState.java 18 Apr 2004 23:51:36 -0000 1.2
+++ AuthState.java 2 Nov 2004 19:39:16 -0000 1.3
@@ -41,6 +41,12 @@
/** Actual authentication scheme */
private AuthScheme authScheme = null;
+ /** Whether an authetication challenged has been received */
+ private boolean authRequested = false;
+
+ /** Whether the authetication challenge has been responsed to */
+ private boolean authAttempted = false;
+
/** Whether preemtive authentication is attempted */
private boolean preemptive = false;
@@ -53,6 +59,56 @@
}
/**
+ * Invalidates the authentication state by resetting its parameters.
+ */
+ public void invalidate() {
+ this.authScheme = null;
+ this.authRequested = false;
+ this.authAttempted = false;
+ this.preemptive = false;
+ }
+
+ /**
+ * Tests whether authenication challenge has been received
+ *
+ * @return <tt>true</tt> if authenication challenge has been received,
+ * <tt>false</tt> otherwise
+ */
+ public boolean isAuthRequested() {
+ return this.authRequested;
+ }
+
+ /**
+ * Sets authentication request status
+ *
+ * @param challengeReceived <tt>true</tt> if authenication has been requested,
+ * <tt>false</tt> otherwise
+ */
+ public void setAuthRequested(boolean challengeReceived) {
+ this.authRequested = challengeReceived;
+ }
+
+ /**
+ * Tests whether authenication challenge has been responsed to
+ *
+ * @return <tt>true</tt> if authenication challenge has been responsed to,
+ * <tt>false</tt> otherwise
+ */
+ public boolean isAuthAttempted() {
+ return this.authAttempted;
+ }
+
+ /**
+ * Sets authentication attempt status
+ *
+ * @param challengeResponded <tt>true</tt> if authenication has been attempted,
+ * <tt>false</tt> otherwise
+ */
+ public void setAuthAttempted(boolean challengeResponded) {
+ this.authAttempted = challengeResponded;
+ }
+
+ /**
* Preemptively assigns Basic authentication scheme.
*/
public void setPreemptive() {
@@ -63,14 +119,6 @@
this.preemptive = true;
}
- /**
- * Invalidates the authentication state by resetting its parameters.
- */
- public void invalidate() {
- this.authScheme = null;
- this.preemptive = false;
- }
-
/**
* Tests if preemptive authentication is used.
*
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
