olegk 2003/12/10 12:44:38 Modified: httpclient/src/java/org/apache/commons/httpclient Tag: HTTPCLIENT_2_0_BRANCH HttpMethodBase.java httpclient/src/java/org/apache/commons/httpclient/auth Tag: HTTPCLIENT_2_0_BRANCH AuthScheme.java Log: PR: #24352 (NTLM Proxy and basic host authorization) The bug turned out to be nastier than I initially thought. Another (and hopefully the final) take at fixing it Contributed by Oleg Kalnichevski Reviewed By Michael Becke Revision Changes Path No revision No revision 1.159.2.19 +30 -10 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java Index: HttpMethodBase.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java,v retrieving revision 1.159.2.18 retrieving revision 1.159.2.19 diff -u -r1.159.2.18 -r1.159.2.19 --- HttpMethodBase.java 3 Nov 2003 23:21:08 -0000 1.159.2.18 +++ HttpMethodBase.java 10 Dec 2003 20:44:37 -0000 1.159.2.19 @@ -75,6 +75,7 @@ import org.apache.commons.httpclient.auth.AuthenticationException; import org.apache.commons.httpclient.auth.HttpAuthenticator; import org.apache.commons.httpclient.auth.MalformedChallengeException; +import org.apache.commons.httpclient.auth.NTLMScheme; import org.apache.commons.httpclient.cookie.CookiePolicy; import org.apache.commons.httpclient.cookie.CookieSpec; import org.apache.commons.httpclient.cookie.MalformedCookieException; @@ -178,12 +179,18 @@ /** Response trailer headers, if any. */ private HeaderGroup responseTrailerHeaders = new HeaderGroup(); + /** Authentication scheme used to authenticate againt the target server */ + private AuthScheme authScheme = null; + /** Realms this method tried to authenticate to */ private Set realms = null; /** Actual authentication realm */ private String realm = null; + /** Authentication scheme used to authenticate againt the proxy server */ + private AuthScheme proxyAuthScheme = null; + /** Proxy Realms this method tried to authenticate to */ private Set proxyRealms = null; @@ -1191,6 +1198,9 @@ //invalidate the list of authentication attempts this.realms.clear(); //remove exisitng authentication headers + if (this.proxyAuthScheme instanceof NTLMScheme) { + removeRequestHeader(HttpAuthenticator.PROXY_AUTH_RESP); + } removeRequestHeader(HttpAuthenticator.WWW_AUTH_RESP); //update the current location with the redirect location. //avoiding use of URL.getPath() and URL.getQuery() to keep @@ -1300,7 +1310,9 @@ path = null; followRedirects = false; doAuthentication = true; + authScheme = null; realm = null; + proxyAuthScheme = null; proxyRealm = null; queryString = null; getRequestHeaderGroup().clear(); @@ -1413,8 +1425,8 @@ HttpAuthenticator.WWW_AUTH); if (challenges.length > 0) { try { - AuthScheme authscheme = HttpAuthenticator.selectAuthScheme(challenges); - HttpAuthenticator.authenticate(authscheme, this, conn, state); + this.authScheme = HttpAuthenticator.selectAuthScheme(challenges); + HttpAuthenticator.authenticate(this.authScheme, this, conn, state); } catch (HttpException e) { // log and move on if (LOG.isErrorEnabled()) { @@ -1581,8 +1593,8 @@ HttpAuthenticator.PROXY_AUTH); if (challenges.length > 0) { try { - AuthScheme authscheme = HttpAuthenticator.selectAuthScheme(challenges); - HttpAuthenticator.authenticateProxy(authscheme, this, conn, state); + this.proxyAuthScheme = HttpAuthenticator.selectAuthScheme(challenges); + HttpAuthenticator.authenticateProxy(this.proxyAuthScheme, this, conn, state); } catch (HttpException e) { // log and move on if (LOG.isErrorEnabled()) { @@ -2475,6 +2487,12 @@ LOG.trace("enter HttpMethodBase.processAuthenticationResponse(" + "HttpState, HttpConnection)"); + if (this.proxyAuthScheme instanceof NTLMScheme) { + removeRequestHeader(HttpAuthenticator.PROXY_AUTH_RESP); + } + if (this.authScheme instanceof NTLMScheme) { + removeRequestHeader(HttpAuthenticator.WWW_AUTH_RESP); + } int statusCode = statusLine.getStatusCode(); // handle authentication required Header[] challenges = null; @@ -2535,20 +2553,22 @@ realmsUsed.add(realm); } - removeRequestHeader(HttpAuthenticator.WWW_AUTH_RESP); - removeRequestHeader(HttpAuthenticator.PROXY_AUTH_RESP); try { //remove preemptive header and reauthenticate switch (statusCode) { case HttpStatus.SC_UNAUTHORIZED: + removeRequestHeader(HttpAuthenticator.WWW_AUTH_RESP); authenticated = HttpAuthenticator.authenticate( authscheme, this, conn, state); this.realm = authscheme.getRealm(); + this.authScheme = authscheme; break; case HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED: + removeRequestHeader(HttpAuthenticator.PROXY_AUTH_RESP); authenticated = HttpAuthenticator.authenticateProxy( authscheme, this, conn, state); this.proxyRealm = authscheme.getRealm(); + this.proxyAuthScheme = authscheme; break; } } catch (AuthenticationException e) { No revision No revision 1.4.2.1 +4 -4 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthScheme.java Index: AuthScheme.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthScheme.java,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- AuthScheme.java 22 Apr 2003 17:00:25 -0000 1.4 +++ AuthScheme.java 10 Dec 2003 20:44:38 -0000 1.4.2.1 @@ -83,7 +83,7 @@ * </p> * <p> * Authentication schemes may ignore method name and URI parameters - * if they are relevant for the given authentication mechanism + * if they are not relevant for the given authentication mechanism * </p> * * @author <a href="mailto:[EMAIL PROTECTED]">Oleg Kalnichevski</a>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]