[
https://issues.apache.org/jira/browse/HTTPCLIENT-1215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13420450#comment-13420450
]
Radai Rosenblatt commented on HTTPCLIENT-1215:
----------------------------------------------
ok then, how about having some higher-up component that has access to both
SchemeRegistry and teh auth cache "pad" the cache with the "verbose" version of
any credentials it already contains?
> http://host and http://host:80 not considered the same for credential matching
> ------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1215
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1215
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.2.1
> Reporter: Radai Rosenblatt
> Fix For: 4.2.2
>
>
> the following code (taken from
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html
> section 4.8 and modified to use a URI) will not add authentication headers
> to the outgoing http request because the URI string does not explicitely
> specify the port:
> URI uri = new URI("http://somedomain.com/stuff";);
> HttpHost targetHost = new HttpHost(uri.getHost(), uri.getPort(),
> uri.getScheme());
> DefaultHttpClient httpclient = new DefaultHttpClient();
> httpclient.getCredentialsProvider().setCredentials(
> new AuthScope(targetHost.getHostName(), targetHost.getPort()),
> new UsernamePasswordCredentials("username", "password"));
> // Create AuthCache instance
> AuthCache authCache = new BasicAuthCache();
> // Generate BASIC scheme object and add it to the local auth cache
> BasicScheme basicAuth = new BasicScheme();
> authCache.put(targetHost, basicAuth);
> // Add AuthCache to the execution context
> BasicHttpContext localcontext = new BasicHttpContext();
> localcontext.setAttribute(ClientContext.AUTH_CACHE, authCache);
> HttpGet httpget = new HttpGet(uri);
> for (int i = 0; i < 3; i++) {
> HttpResponse response = httpclient.execute(targetHost, httpget,
> localcontext);
> System.err.println(response.getStatusLine());
> HttpEntity entity = response.getEntity();
> EntityUtils.consume(entity);
> }
> the root cause for this is in RequestAuthCache.java line 90:
> HttpHost target = (HttpHost)
> context.getAttribute(ExecutionContext.HTTP_TARGET_HOST);
> if (target.getPort() < 0) {
> SchemeRegistry schemeRegistry = (SchemeRegistry)
> context.getAttribute(
> ClientContext.SCHEME_REGISTRY);
> Scheme scheme = schemeRegistry.getScheme(target);
> target = new HttpHost(target.getHostName(),
> scheme.resolvePort(target.getPort()),
> target.getSchemeName());
> }
> AuthState targetState = (AuthState)
> context.getAttribute(ClientContext.TARGET_AUTH_STATE);
> if (target != null && targetState != null && targetState.getState()
> == AuthProtocolState.UNCHALLENGED) {
> AuthScheme authScheme = authCache.get(target);
> if (authScheme != null) {
> doPreemptiveAuth(target, authScheme, targetState,
> credsProvider);
> }
> }
> the target has no port (meaning <0 ), so its recreated with the default http
> scheme port of 80.
> meanwhile authCache uses the original target host as key, and so authScheme
> will be null.
> explicitely declaring port 80 in the URI string works around this, but i
> think this should work by default.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
