@Test
public void testConnectionBasedAuthOnlyIfChallenged() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
AuthState authstate = new AuthState();
BasicScheme authscheme =
new BasicScheme() {
@Override
public boolean isConnectionBased() {
return true;
}
};
BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
Credentials creds = new UsernamePasswordCredentials("user", "secret");
authstate.setState(AuthProtocolState.SUCCESS);
authstate.update(authscheme, creds);
context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP);
Assert.assertNull(header);
}
public void process(final HttpRequest request, final HttpContext context)
throws HttpException, IOException {
AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE);
if (authState.getAuthScheme() != null || authState.hasAuthOptions()) {
return;
}
// If no authState has been established and this is a PUT or POST request, add preemptive
// authorisation
String requestMethod = request.getRequestLine().getMethod();
if (requestMethod.equals(HttpPut.METHOD_NAME) || requestMethod.equals(HttpPost.METHOD_NAME)) {
CredentialsProvider credentialsProvider =
(CredentialsProvider) context.getAttribute(ClientContext.CREDS_PROVIDER);
HttpHost targetHost = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST);
Credentials credentials =
credentialsProvider.getCredentials(
new AuthScope(targetHost.getHostName(), targetHost.getPort()));
if (credentials == null) {
throw new HttpException("No credentials for preemptive authentication");
}
authState.update(authScheme, credentials);
}
}
@Override
public void process(final HttpRequest request, final HttpContext context)
throws HttpException, IOException {
AuthState authState = (AuthState) context.getAttribute(HttpClientContext.TARGET_AUTH_STATE);
if (authState.getAuthScheme() == null) {
Credentials creds = new UsernamePasswordCredentials(myUsername, myPassword);
authState.update(new BasicScheme(), creds);
}
}
@Test
public void testExecEntityEnclosingRequestRetryOnAuthChallenge() throws Exception {
final HttpRoute route = new HttpRoute(target);
final HttpRequestWrapper request = HttpRequestWrapper.wrap(new HttpGet("http://bar/test"));
final HttpResponse response1 = new BasicHttpResponse(HttpVersion.HTTP_1_1, 401, "Huh?");
final InputStream instream1 = Mockito.spy(new ByteArrayInputStream(new byte[] {1, 2, 3}));
response1.setEntity(EntityBuilder.create().setStream(instream1).build());
final HttpResponse response2 = new BasicHttpResponse(HttpVersion.HTTP_1_1, 200, "OK");
final InputStream instream2 = Mockito.spy(new ByteArrayInputStream(new byte[] {2, 3, 4}));
response2.setEntity(EntityBuilder.create().setStream(instream2).build());
final AuthState proxyAuthState = new AuthState();
proxyAuthState.setState(AuthProtocolState.SUCCESS);
proxyAuthState.update(new NTLMScheme(), new NTCredentials("user:pass"));
final HttpClientContext context = new HttpClientContext();
context.setAttribute(HttpClientContext.PROXY_AUTH_STATE, proxyAuthState);
Mockito.when(managedConn.isOpen()).thenReturn(Boolean.TRUE);
Mockito.when(managedConn.isStale()).thenReturn(Boolean.FALSE);
Mockito.when(
requestExecutor.execute(
Mockito.same(request),
Mockito.<HttpClientConnection>any(),
Mockito.<HttpClientContext>any()))
.thenReturn(response1, response2);
Mockito.when(
reuseStrategy.keepAlive(Mockito.<HttpResponse>any(), Mockito.<HttpClientContext>any()))
.thenReturn(Boolean.FALSE);
Mockito.when(
targetAuthStrategy.isAuthenticationRequested(
Mockito.eq(target), Mockito.same(response1), Mockito.<HttpClientContext>any()))
.thenReturn(Boolean.TRUE);
final CloseableHttpResponse finalResponse =
mainClientExec.execute(route, request, context, execAware);
Mockito.verify(requestExecutor, Mockito.times(2)).execute(request, managedConn, context);
Mockito.verify(managedConn).close();
Mockito.verify(instream2, Mockito.never()).close();
Assert.assertNotNull(finalResponse);
Assert.assertEquals(200, finalResponse.getStatusLine().getStatusCode());
Assert.assertNull(proxyAuthState.getAuthScheme());
Assert.assertNull(proxyAuthState.getCredentials());
}
@Test
public void testNoTargetAuthForConnectRequests() throws Exception {
HttpRequest request = new BasicHttpRequest("CONNECT", "www.somedomain.com");
HttpContext context = new BasicHttpContext();
BasicScheme authscheme = new BasicScheme();
Credentials creds = new UsernamePasswordCredentials("user", "secret");
BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
AuthState authstate = new AuthState();
authstate.update(authscheme, creds);
context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP);
Assert.assertNull(header);
}
@Test
public void testTargetAuth() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
BasicScheme authscheme = new BasicScheme();
Credentials creds = new UsernamePasswordCredentials("user", "secret");
BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
AuthState authstate = new AuthState();
authstate.update(authscheme, creds);
context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP);
Assert.assertNotNull(header);
Assert.assertEquals("Basic dXNlcjpzZWNyZXQ=", header.getValue());
}
@Override
public void process(final HttpRequest request, final HttpContext context)
throws HttpException, IOException {
AuthState authState = (AuthState) context.getAttribute(HttpClientContext.TARGET_AUTH_STATE);
// If no auth scheme available yet, try to initialize it preemptively
if (authState.getAuthScheme() == null) {
AuthScheme authScheme = (AuthScheme) context.getAttribute("preemptive-auth");
CredentialsProvider credsProvider =
(CredentialsProvider) context.getAttribute(HttpClientContext.CREDS_PROVIDER);
HttpHost targetHost = (HttpHost) context.getAttribute(HttpCoreContext.HTTP_TARGET_HOST);
if (authScheme != null) {
Credentials creds =
credsProvider.getCredentials(
new AuthScope(targetHost.getHostName(), targetHost.getPort()));
if (creds == null) {
throw new HttpException("No credentials for preemptive authentication");
}
authState.update(authScheme, creds);
}
}
}