[jira] [Created] (HTTPCLIENT-1215) http://host and http://host:80 not considered the same for credential matching

Tue, 17 Jul 2012 05:10:48 -0700 

Radai Rosenblatt created HTTPCLIENT-1215:
--------------------------------------------

             Summary: http://host and http://host:80 not considered the same 
for credential matching
                 Key: HTTPCLIENT-1215
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1215
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.2.1
            Reporter: Radai Rosenblatt


the following code (taken from 
http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html 
section 4.8 and modified to use a URI) will not add authentication headers to 
the outgoing http request because the URI string does not explicitely specify 
the port:

        URI uri = new URI("http://somedomain.com/stuff";);
        HttpHost targetHost = new HttpHost(uri.getHost(), uri.getPort(), 
uri.getScheme());

        DefaultHttpClient httpclient = new DefaultHttpClient();

        httpclient.getCredentialsProvider().setCredentials(
                new AuthScope(targetHost.getHostName(), targetHost.getPort()),
                new UsernamePasswordCredentials("username", "password"));

        // Create AuthCache instance
        AuthCache authCache = new BasicAuthCache();
        // Generate BASIC scheme object and add it to the local auth cache
        BasicScheme basicAuth = new BasicScheme();
        authCache.put(targetHost, basicAuth);

        // Add AuthCache to the execution context
        BasicHttpContext localcontext = new BasicHttpContext();
        localcontext.setAttribute(ClientContext.AUTH_CACHE, authCache);

        HttpGet httpget = new HttpGet(uri);
        for (int i = 0; i < 3; i++) {
            HttpResponse response = httpclient.execute(targetHost, httpget, 
localcontext);
            System.err.println(response.getStatusLine());
            HttpEntity entity = response.getEntity();
            EntityUtils.consume(entity);
        }

the root cause for this is in RequestAuthCache.java line 90:

    HttpHost target = (HttpHost) 
context.getAttribute(ExecutionContext.HTTP_TARGET_HOST);
        if (target.getPort() < 0) {
            SchemeRegistry schemeRegistry = (SchemeRegistry) 
context.getAttribute(
                    ClientContext.SCHEME_REGISTRY);
            Scheme scheme = schemeRegistry.getScheme(target);
            target = new HttpHost(target.getHostName(),
                    scheme.resolvePort(target.getPort()), 
target.getSchemeName());
        }

        AuthState targetState = (AuthState) 
context.getAttribute(ClientContext.TARGET_AUTH_STATE);
        if (target != null && targetState != null && targetState.getState() == 
AuthProtocolState.UNCHALLENGED) {
            AuthScheme authScheme = authCache.get(target);
            if (authScheme != null) {
                doPreemptiveAuth(target, authScheme, targetState, 
credsProvider);
            }
        }

the target has no port (meaning <0 ), so its recreated with the default http 
scheme port of 80.
meanwhile authCache uses the original target host as key, and so authScheme 
will be null.
explicitely declaring port 80 in the URI string works around this, but i think 
this should work by default.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to