oglueck 2003/11/24 00:48:25
Modified: httpclient/src/test/org/apache/commons/httpclient Tag:
HTTPCLIENT_2_0_BRANCH TestAuthenticator.java
httpclient/src/java/org/apache/commons/httpclient/auth Tag:
HTTPCLIENT_2_0_BRANCH AuthChallengeParser.java
DigestScheme.java
Log:
The patch changes the behaviour to suppress out optional fields that are not
present.
DigestScheme now only accepts a challenge if all fields required by RFC 2617 are
present. Otherwise an exception is thrown. Test cases have been updated
accordingly. The test case also makes sure that there is no "null" string in the
response.
PR: 24869
Reviewed by: Oleg Kalnichevski
Revision Changes Path
No revision
No revision
1.25.2.5 +22 -23
jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java
Index: TestAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v
retrieving revision 1.25.2.4
retrieving revision 1.25.2.5
diff -u -r1.25.2.4 -r1.25.2.5
--- TestAuthenticator.java 14 Nov 2003 02:26:16 -0000 1.25.2.4
+++ TestAuthenticator.java 24 Nov 2003 08:48:25 -0000 1.25.2.5
@@ -101,14 +101,17 @@
String value = null;
if(tokenizer.hasMoreTokens())
key = tokenizer.nextToken();
- if(tokenizer.hasMoreTokens())
+ if(tokenizer.hasMoreTokens()) {
value = tokenizer.nextToken();
+ assertFalse("Value of "+key+" was \"null\"", "null".equals(value));
+ }
if(key != null && value != null){
table.put(key.trim(),value.trim());
}
}
String response = (String) table.get("response");
table.put( "methodname", methodName );
+ //System.out.println(auth);
String digest =
DigestScheme.createDigest(cred.getUserName(),cred.getPassword(), table);
assertEquals(response, digest);
}
@@ -279,7 +282,7 @@
// --------------------------------- Test Methods for DigestScheme
Authentication
public void testDigestAuthenticationWithNoCreds() {
- String challenge = "Digest realm=\"realm1\"";
+ String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
HttpState state = new HttpState();
HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",
challenge));
try {
@@ -293,32 +296,28 @@
public void testDigestAuthenticationWithNoRealm() {
String challenge = "Digest";
- HttpState state = new HttpState();
- HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",
challenge));
try {
AuthScheme authscheme = new DigestScheme(challenge);
- HttpAuthenticator.authenticate(authscheme, method, null, state);
+ authscheme.hashCode(); //quiet Eclipse compiler
fail("Should have thrown HttpException");
- } catch(HttpException e) {
+ } catch(MalformedChallengeException e) {
// expected
}
}
public void testDigestAuthenticationWithNoRealm2() {
String challenge = "Digest ";
- HttpState state = new HttpState();
- HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",
challenge));
try {
AuthScheme authscheme = new DigestScheme(challenge);
- HttpAuthenticator.authenticate(authscheme, method, null, state);
+ authscheme.hashCode(); //quiet Eclipse compiler
fail("Should have thrown HttpException");
- } catch(HttpException e) {
+ } catch(MalformedChallengeException e) {
// expected
}
}
public void testDigestAuthenticationWithNullHttpState() throws Exception {
- String challenge = "Digest realm=\"realm1\"";
+ String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",
challenge));
try {
AuthScheme authscheme = new DigestScheme(challenge);
@@ -330,7 +329,7 @@
}
public void testDigestAuthenticationCaseInsensitivity() throws Exception {
- String challenge = "dIgEsT ReAlM=\"realm1\"";
+ String challenge = "dIgEsT ReAlM=\"realm1\", nONce=\"ABC123\"";
HttpState state = new HttpState();
UsernamePasswordCredentials cred = new
UsernamePasswordCredentials("username","password");
state.setCredentials(null, null, cred);
@@ -342,7 +341,7 @@
public void testDigestAuthenticationWithDefaultCreds() throws Exception {
- String challenge = "Digest realm=\"realm1\"";
+ String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
HttpState state = new HttpState();
UsernamePasswordCredentials cred = new
UsernamePasswordCredentials("username","password");
state.setCredentials(null, null, cred);
@@ -354,7 +353,7 @@
}
public void testDigestAuthentication() throws Exception {
- String challenge = "Digest realm=\"realm1\"";
+ String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
HttpState state = new HttpState();
UsernamePasswordCredentials cred = new
UsernamePasswordCredentials("username","password");
state.setCredentials(null, null, cred);
@@ -399,8 +398,8 @@
}
public void testDigestAuthenticationWithMultipleRealms() throws Exception {
- String challenge1 = "Digest realm=\"realm1\"";
- String challenge2 = "Digest realm=\"realm2\"";
+ String challenge1 = "Digest realm=\"realm1\", nonce=\"ABC123\"";
+ String challenge2 = "Digest realm=\"realm2\", nonce=\"ABC123\"";
HttpState state = new HttpState();
UsernamePasswordCredentials cred = new
UsernamePasswordCredentials("username","password");
state.setCredentials("realm1", null, cred);
@@ -434,7 +433,7 @@
String nonce="e273f1776275974f1a120d8b92c5b3cb";
String challenge="Digest realm=\"" + realm + "\", "
- + nonce + "\"" + nonce + "\", "
+ + "nonce=\"" + nonce + "\", "
+ "opaque=\"SomeString\", "
+ "stale=false, "
+ "algorithm=MD5-sess, "
@@ -692,7 +691,7 @@
conn.addResponse(
"HTTP/1.1 401 Unauthorized\r\n" +
"WWW-Authenticate: Unsupported\r\n" +
- "WWW-Authenticate: Digest realm=\"Protected\"\r\n" +
+ "WWW-Authenticate: Digest realm=\"Protected\", nonce=\"ABC123\"\r\n" +
"WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
"Connection: close\r\n" +
"Server: HttpClient Test/2.0\r\n"
@@ -745,7 +744,7 @@
conn.addResponse(
"HTTP/1.1 407 Proxy Authentication Required\r\n" +
"Proxy-Authenticate: Basic realm=\"Protected\"\r\n" +
- "Proxy-Authenticate: Digest realm=\"Protected\"\r\n" +
+ "Proxy-Authenticate: Digest realm=\"Protected\", nonce=\"ABC123\"\r\n" +
"Proxy-Authenticate: Unsupported\r\n" +
"Connection: close\r\n" +
"Server: HttpClient Test/2.0\r\n"
No revision
No revision
1.4.2.1 +4 -4
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthChallengeParser.java
Index: AuthChallengeParser.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthChallengeParser.java,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- AuthChallengeParser.java 6 Apr 2003 22:31:53 -0000 1.4
+++ AuthChallengeParser.java 24 Nov 2003 08:48:25 -0000 1.4.2.1
@@ -224,7 +224,7 @@
}
}
- elements.put(name, value);
+ elements.put(name.toLowerCase(), value);
parsingName = true;
gotIt = false;
}
1.4.2.5 +12 -5
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java
Index: DigestScheme.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java,v
retrieving revision 1.4.2.4
retrieving revision 1.4.2.5
diff -u -r1.4.2.4 -r1.4.2.5
--- DigestScheme.java 4 Oct 2003 02:31:25 -0000 1.4.2.4
+++ DigestScheme.java 24 Nov 2003 08:48:25 -0000 1.4.2.5
@@ -132,6 +132,12 @@
public DigestScheme(final String challenge)
throws MalformedChallengeException {
super(challenge);
+ if (this.getParameter("realm") == null) {
+ throw new MalformedChallengeException("realm missing");
+ }
+ if (this.getParameter("nonce") == null) {
+ throw new MalformedChallengeException("nonce missing");
+ }
this.getParameters().put("nc", "00000001");
}
@@ -332,9 +338,10 @@
sb.append("username=\"" + uname + "\"")
.append(", realm=\"" + realm + "\"")
- .append(", nonce=\"" + nonce + "\"").append(", uri=\"" + uri + "\"")
+ .append(", nonce=\"" + nonce + "\"")
+ .append(", uri=\"" + uri + "\"")
.append(((qop == null) ? "" : ", qop=\"" + qop + "\""))
- .append(", algorithm=\"" + algorithm + "\"")
+ .append((algorithm == null) ? "" : ", algorithm=\"" + algorithm + "\"")
.append(((qop == null) ? "" : ", nc=" + nc))
.append(((qop == null) ? "" : ", cnonce=\"" + cnonce + "\""))
.append(", response=\"" + response + "\"")
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
