| /* |
| * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| /** |
| * @test |
| * @bug 4678055 |
| * @library ../../../sun/net/www/httptest/ |
| * @build HttpCallback HttpServer ClosedChannelList HttpTransaction |
| * @run main B4678055 |
| * @summary Basic Authentication fails with multiple realms |
| */ |
| |
| import java.io.*; |
| import java.net.*; |
| |
| public class B4678055 implements HttpCallback { |
| |
| static int count = 0; |
| static String authstring; |
| |
| void errorReply (HttpTransaction req, String reply) throws IOException { |
| req.addResponseHeader ("Connection", "close"); |
| req.addResponseHeader ("WWW-Authenticate", reply); |
| req.sendResponse (401, "Unauthorized"); |
| req.orderlyClose(); |
| } |
| |
| void okReply (HttpTransaction req) throws IOException { |
| req.setResponseEntityBody ("Hello ."); |
| req.sendResponse (200, "Ok"); |
| req.orderlyClose(); |
| } |
| |
| public void request (HttpTransaction req) { |
| try { |
| authstring = req.getRequestHeader ("Authorization"); |
| System.out.println (authstring); |
| switch (count) { |
| case 0: |
| errorReply (req, "Basic realm=\"wallyworld\""); |
| break; |
| case 1: |
| /* client stores a username/pw for wallyworld |
| */ |
| okReply (req); |
| break; |
| case 2: |
| /* emulates a server that has configured a second |
| * realm, but by misconfiguration uses the same |
| * realm string as the previous one. |
| * |
| * An alternative (more likely) scenario that shows this behavior is |
| * the case where the password in the original realm has changed |
| */ |
| errorReply (req, "Basic realm=\"wallyworld\""); |
| break; |
| case 3: |
| /* The client replies with the username/password |
| * from the first realm, which is wrong (unexpectedly) |
| */ |
| errorReply (req, "Basic realm=\"wallyworld\""); |
| break; |
| case 4: |
| /* The client re-prompts for a password and |
| * we now reply with an OK. The client with the bug |
| * will throw NPE at this point. |
| */ |
| case 5: |
| /* Repeat the OK, to make sure the same new auth string is sent */ |
| okReply (req); |
| break; |
| } |
| count ++; |
| } catch (IOException e) { |
| e.printStackTrace(); |
| } |
| } |
| |
| static void read (InputStream is) throws IOException { |
| int c; |
| System.out.println ("reading"); |
| while ((c=is.read()) != -1) { |
| System.out.write (c); |
| } |
| System.out.println (""); |
| System.out.println ("finished reading"); |
| } |
| |
| static boolean checkFinalAuth () { |
| return authstring.equals ("Basic dXNlcjpwYXNzMg=="); |
| } |
| |
| static void client (String u) throws Exception { |
| URL url = new URL (u); |
| System.out.println ("client opening connection to: " + u); |
| URLConnection urlc = url.openConnection (); |
| InputStream is = urlc.getInputStream (); |
| read (is); |
| is.close(); |
| } |
| |
| static HttpServer server; |
| |
| public static void main (String[] args) throws Exception { |
| MyAuthenticator auth = new MyAuthenticator (); |
| Authenticator.setDefault (auth); |
| try { |
| server = new HttpServer (new B4678055(), 1, 10, 0); |
| System.out.println ("Server: listening on port: " + server.getLocalPort()); |
| client ("http://localhost:"+server.getLocalPort()+"/d1/foo.html"); |
| client ("http://localhost:"+server.getLocalPort()+"/d2/foo.html"); |
| client ("http://localhost:"+server.getLocalPort()+"/d2/foo.html"); |
| } catch (Exception e) { |
| if (server != null) { |
| server.terminate(); |
| } |
| throw e; |
| } |
| int f = auth.getCount(); |
| if (f != 2) { |
| except ("Authenticator was called "+f+" times. Should be 2"); |
| } |
| /* this checks the authorization string corresponding to second password "pass2"*/ |
| if (!checkFinalAuth()) { |
| except ("Wrong authorization string received from client"); |
| } |
| server.terminate(); |
| } |
| |
| public static void except (String s) { |
| server.terminate(); |
| throw new RuntimeException (s); |
| } |
| |
| static class MyAuthenticator extends Authenticator { |
| MyAuthenticator () { |
| super (); |
| } |
| |
| int count = 0; |
| |
| public PasswordAuthentication getPasswordAuthentication () { |
| PasswordAuthentication pw; |
| if (count == 0) { |
| pw = new PasswordAuthentication ("user", "pass1".toCharArray()); |
| } else { |
| pw = new PasswordAuthentication ("user", "pass2".toCharArray()); |
| } |
| count ++; |
| return pw; |
| } |
| |
| public int getCount () { |
| return (count); |
| } |
| } |
| } |
