[PATCH] Proxy authentication realm problem

Fri, 08 Aug 2003 00:14:53 -0700 

The patch addresses the problem with the proxy authentication realm
reported by David Rowe. HttpAuthenticator should now be picking up the
correct credentials when authenticating with an NTLM proxy (NTLM
authentication does not support the concept of authentication realm as
defined in RFC2617).

Please let me know what you think

Oleg

Index: java/org/apache/commons/httpclient/auth/HttpAuthenticator.java
===================================================================
RCS file: /home/cvspublic/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/HttpAuthenticator.java,v
retrieving revision 1.7
diff -u -r1.7 HttpAuthenticator.java
--- java/org/apache/commons/httpclient/auth/HttpAuthenticator.java	26 May 2003 22:07:22 -0000	1.7
+++ java/org/apache/commons/httpclient/auth/HttpAuthenticator.java	7 Aug 2003 20:01:08 -0000
@@ -291,30 +291,41 @@
         }
         String host = null;
         if (conn != null) {
-            host = proxy ? conn.getProxyHost() : conn.getHost();
+            if (proxy) {
+                host = conn.getProxyHost();
+            } else {
+                host = conn.getVirtualHost();
+                if (host == null) {
+                    host = conn.getHost();
+                }
+            }
         }
         String realm = authscheme.getRealm();
         // TODO: To be removed in the future. Required for backward compatibility
         if (realm == null) {
-            Header hostheader = method.getRequestHeader("host");
-            if (hostheader != null) {
-                realm = hostheader.getValue();
-            }
+            realm = host;
         }
         if (LOG.isDebugEnabled()) {
+            StringBuffer buffer = new StringBuffer();
+            buffer.append("Authenticating with the "); 
             if (realm == null) {
-                LOG.debug("Using default authentication realm");
+                buffer.append("default");
             } else {
-                LOG.debug("Using '" + realm + "' authentication realm");
+                buffer.append('\'');
+                buffer.append(authscheme.getRealm());
+                buffer.append('\'');
             }
+            buffer.append(" authentication realm at "); 
+            buffer.append(host); 
+            LOG.debug(buffer.toString());
         }
         Credentials credentials = proxy 
             ? state.getProxyCredentials(realm, host) 
             : state.getCredentials(realm, host);
         if (credentials == null) {
             throw new AuthenticationException(
-                "No credentials available for the " + authscheme.getSchemeName() 
-                + "authentication realm '" + realm + "'");
+                "No credentials available for the '" + authscheme.getRealm() 
+                + "' authentication realm at " + host);
         }
         String auth = authscheme.authenticate(credentials, method.getName(), method.getPath());
         if (auth != null) {
Index: test/org/apache/commons/httpclient/TestAuthenticator.java
===================================================================
RCS file: /home/cvspublic/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v
retrieving revision 1.25
diff -u -r1.25 TestAuthenticator.java
--- test/org/apache/commons/httpclient/TestAuthenticator.java	22 Apr 2003 17:00:26 -0000	1.25
+++ test/org/apache/commons/httpclient/TestAuthenticator.java	7 Aug 2003 20:01:15 -0000
@@ -413,9 +413,8 @@
         HttpState state = new HttpState();
         NTCredentials cred = new NTCredentials("username","password", "host",
                 "domain");
-        state.setCredentials("host", null, cred);
+        state.setCredentials(null, null, cred);
         HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
-        method.addRequestHeader("Host", "host");
         AuthScheme authscheme = new NTLMScheme(challenge);
         assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
         assertTrue(null != method.getRequestHeader("Authorization"));
@@ -428,9 +427,8 @@
         HttpState state = new HttpState();
         NTCredentials cred = new NTCredentials("username","password", "host",
                 "domain");
-        state.setCredentials("host", null, cred);
+        state.setCredentials(null, null, cred);
         HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
-        method.addRequestHeader("Host", "host");
         AuthScheme authscheme = new NTLMScheme(challenge);
         assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
         assertTrue(null != method.getRequestHeader("Authorization"));
@@ -452,9 +450,8 @@
         HttpState state = new HttpState();
         NTCredentials cred = new NTCredentials("username","password", "host",
                 "domain");
-        state.setCredentials("host", null, cred);
+        state.setCredentials(null, null, cred);
         HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
-        method.addRequestHeader("Host", "host");
         AuthScheme authscheme = new NTLMScheme(challenge);
         assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
         assertTrue(null != method.getRequestHeader("Authorization"));

Attachment: proxyauth.patch.zip
Description: Zip archive

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to