infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-09 09:58:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
jdk/test/jdk/java/net/httpclient/UserAuthWithAuthenticator.java
Daniel Fuchs e8db14f584 8349910: Implement JEP 517: HTTP/3 for the HTTP Client API 
Co-authored-by: Aleksei Efimov <aefimov@openjdk.org>
Co-authored-by: Bradford Wetmore <wetmore@openjdk.org>
Co-authored-by: Daniel Jeliński <djelinski@openjdk.org>
Co-authored-by: Darragh Clarke <dclarke@openjdk.org>
Co-authored-by: Jaikiran Pai <jpai@openjdk.org>
Co-authored-by: Michael McMahon <michaelm@openjdk.org>
Co-authored-by: Volkan Yazici <vyazici@openjdk.org>
Co-authored-by: Conor Cleary <conor.cleary@oracle.com>
Co-authored-by: Patrick Concannon <patrick.concannon@oracle.com>
Co-authored-by: Rahul Yadav <rahul.r.yadav@oracle.com>
Co-authored-by: Daniel Fuchs <dfuchs@openjdk.org>
Reviewed-by: djelinski, jpai, aefimov, abarashev, michaelm
2025-09-22 10:12:12 +00:00

488 lines
19 KiB
Java
Raw Blame History

/*
* Copyright (c) 2024, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.*;
import java.net.*;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpOption.Http3DiscoveryMode;
import java.net.http.HttpResponse;
import javax.net.ssl.*;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.regex.*;
import java.util.*;
import jdk.test.lib.net.SimpleSSLContext;
import jdk.test.lib.net.URIBuilder;
import jdk.httpclient.test.lib.common.HttpServerAdapters;
import jdk.httpclient.test.lib.common.HttpServerAdapters.HttpTestHandler;
import jdk.httpclient.test.lib.common.HttpServerAdapters.HttpTestExchange;
import jdk.httpclient.test.lib.common.HttpServerAdapters.HttpTestServer;
import jdk.httpclient.test.lib.http2.Http2TestServer;
import com.sun.net.httpserver.BasicAuthenticator;
import org.junit.jupiter.api.Test;
import static java.nio.charset.StandardCharsets.US_ASCII;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
/*
* @test
* @bug 8326949
* @summary Authorization header is removed when a proxy Authenticator is set
* @library /test/lib /test/jdk/java/net/httpclient /test/jdk/java/net/httpclient/lib
* @build jdk.test.lib.net.SimpleSSLContext jdk.httpclient.test.lib.common.HttpServerAdapters
* jdk.httpclient.test.lib.http2.Http2TestServer
* jdk.test.lib.net.IPSupport
* @run junit UserAuthWithAuthenticator
*/
class UserAuthWithAuthenticator {
private static final class AuthTestHandler implements HttpTestHandler {
private volatile String authHeaderValue;
@Override
public void handle(HttpTestExchange t) throws IOException {
try (InputStream is = t.getRequestBody();
OutputStream os = t.getResponseBody()) {
is.readAllBytes();
authHeaderValue = t.getRequestHeaders()
.firstValue("Authorization")
.orElse("");
String response = "Hello world";
t.sendResponseHeaders(200, response.length());
os.write(response.getBytes(US_ASCII));
t.close();
}
}
}
@Test
void h2Test() throws Exception {
h2Test(true, true);
h2Test(false, true);
h2Test(true, false);
}
private static void h2Test(final boolean useHeader, boolean rightPassword) throws Exception {
SSLContext sslContext = new SimpleSSLContext().get();
try (ExecutorService executor = Executors.newCachedThreadPool();
HttpTestServer server = HttpTestServer.of(new Http2TestServer(
InetAddress.getLoopbackAddress(),
"::1",
true,
0,
executor,
10,
null,
sslContext,
false));
HttpClient client = HttpClient.newBuilder()
.sslContext(sslContext)
.executor(executor)
.authenticator(new ServerAuth())
.build()) {
hXTest(useHeader, rightPassword, server, client, HttpClient.Version.HTTP_2);
}
}
@Test
void h3Test() throws Exception {
h3Test(true, true);
h3Test(false, true);
h3Test(true, false);
}
private static void h3Test(final boolean useHeader, boolean rightPassword) throws Exception {
SSLContext sslContext = new SimpleSSLContext().get();
try (ExecutorService executor = Executors.newCachedThreadPool();
HttpTestServer server = HttpTestServer.create(Http3DiscoveryMode.HTTP_3_URI_ONLY, sslContext, executor);
HttpClient client = HttpServerAdapters.createClientBuilderForH3()
.sslContext(sslContext)
.executor(executor)
.authenticator(new ServerAuth())
.build()) {
hXTest(useHeader, rightPassword, server, client, HttpClient.Version.HTTP_3);
}
}
/**
* @param useHeader If {@code true}, we expect the authenticator was not called and the user set header used.
* If {@code false}, authenticator must be called and the user set header discarded.
* @param rightPassword If {@code true}, we expect the authentication to succeed with {@code 200 OK}.
* If {@code false}, then an error should be returned.
*/
private static void hXTest(
final boolean useHeader,
boolean rightPassword,
HttpTestServer server,
HttpClient client,
HttpClient.Version version)
throws Exception {
AuthTestHandler handler = new AuthTestHandler();
var context = server.addHandler(handler, "/test1");
context.setAuthenticator(new BasicAuthenticator("realm") {
public boolean checkCredentials(String username, String password) {
if (useHeader) {
return username.equals("user") && password.equals("pwd");
} else {
return username.equals("serverUser") && password.equals("serverPwd");
}
}
});
server.start();
URI uri = URIBuilder.newBuilder()
.scheme("https")
.host(server.getAddress().getAddress())
.port(server.getAddress().getPort())
.path("/test1/foo.txt")
.build();
var authHeaderValue = authHeaderValue("user", rightPassword ? "pwd" : "wrongPwd");
HttpRequest req = HttpRequest.newBuilder(uri)
.version(version)
.header(useHeader ? "Authorization" : "X-Ignore", authHeaderValue)
.GET()
.build();
HttpResponse<String> resp = client.send(req, HttpResponse.BodyHandlers.ofString());
var sa = (ServerAuth) client.authenticator().orElseThrow();
if (!useHeader) {
assertEquals(200, resp.statusCode(), "Expected 200 response");
assertNotEquals(handler.authHeaderValue, authHeaderValue, "Expected user set header to not be set");
assertEquals(handler.authHeaderValue, ServerAuth.AUTH_HEADER_VALUE, "Expected auth value from Authenticator");
assertTrue(sa.called, "Expected authenticator to be called");
} else if (rightPassword) {
assertEquals(200, resp.statusCode(), "Expected 200 response");
assertEquals(authHeaderValue, handler.authHeaderValue, "Expected user set header to be set");
assertFalse(sa.called, "Expected authenticator not to be called");
} else {
assertEquals(401, resp.statusCode(), "Expected 401 response");
assertFalse(sa.called, "Expected authenticator not to be called");
}
}
private static final String data = "0123456789";
private static final String data1 = "ABCDEFGHIJKL";
private static final String[] proxyResponses = {
"HTTP/1.1 407 Proxy Authentication Required\r\n"+
"Content-Length: 0\r\n" +
"Proxy-Authenticate: Basic realm=\"Access to the proxy\"\r\n\r\n"
,
"HTTP/1.1 200 OK\r\n"+
"Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
"Server: Apache/1.3.14 (Unix)\r\n" +
"Content-Length: " + data.length() + "\r\n\r\n" + data
};
private static final String[] proxyWithErrorResponses = {
"HTTP/1.1 407 Proxy Authentication Required\r\n"+
"Content-Length: 0\r\n" +
"Proxy-Authenticate: Basic realm=\"Access to the proxy\"\r\n\r\n"
,
"HTTP/1.1 407 Proxy Authentication Required\r\n"+
"Content-Length: 0\r\n" +
"Proxy-Authenticate: Basic realm=\"Access to the proxy\"\r\n\r\n"
};
private static final String[] serverResponses = {
"HTTP/1.1 200 OK\r\n"+
"Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
"Server: Apache/1.3.14 (Unix)\r\n" +
"Content-Length: " + data1.length() + "\r\n\r\n" + data1
};
private static final String[] authenticatorResponses = {
"HTTP/1.1 401 Authentication Required\r\n"+
"Content-Length: 0\r\n" +
"WWW-Authenticate: Basic realm=\"Access to the server\"\r\n\r\n"
,
"HTTP/1.1 200 OK\r\n"+
"Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
"Server: Apache/1.3.14 (Unix)\r\n" +
"Content-Length: " + data1.length() + "\r\n\r\n" + data1
};
@Test
void h1TestServerWithProxy() throws IOException, InterruptedException {
ProxyAuth p = new ProxyAuth();
try (var proxyMock = new Mocker(proxyResponses);
var client = HttpClient.newBuilder()
.version(java.net.http.HttpClient.Version.HTTP_1_1)
.proxy(new ProxySel(proxyMock.getPort()))
.authenticator(p)
.build()) {
var authHeaderValue = authHeaderValue("user", "pwd");
var request = HttpRequest.newBuilder().uri(URI.create("http://127.0.0.1/some_url"))
.setHeader("User-Agent", "myUserAgent")
.setHeader("Authorization", authHeaderValue)
.build();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
assertEquals(200, response.statusCode());
assertTrue(p.called, "Proxy authenticator was not called");
assertEquals(data, response.body());
var proxyStr = proxyMock.requests.get(1);
assertContains(proxyStr, "/some_url");
assertPattern(".*^Proxy-Authorization:.*\\Q" + authHeaderValue + "\\E.*", proxyStr);
assertPattern(".*^User-Agent:.*myUserAgent.*", proxyStr);
assertPattern(".*^Authorization:.*Basic.*", proxyStr);
}
}
@Test
void h1TestServerWithProxyError() throws IOException, InterruptedException {
ProxyAuth p = new ProxyAuth();
try (var proxyMock = new Mocker(proxyWithErrorResponses);
var client = HttpClient.newBuilder()
.version(java.net.http.HttpClient.Version.HTTP_1_1)
.proxy(new ProxySel(proxyMock.getPort()))
.authenticator(p)
.build()) {
var authHeaderValue = authHeaderValue("user", "wrong");
var request = HttpRequest.newBuilder().uri(URI.create("http://127.0.0.1/some_url"))
.setHeader("User-Agent", "myUserAgent")
.setHeader("Proxy-Authorization", authHeaderValue)
.build();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
var proxyStr = proxyMock.requests.getFirst();
assertEquals(407, response.statusCode());
assertPattern(".*^Proxy-Authorization:.*\\Q" + authHeaderValue + "\\E.*", proxyStr);
assertFalse(p.called, "Proxy Auth should not have been called");
}
}
@Test
void h1TestServerOnly() throws IOException, InterruptedException {
try (var serverMock = new Mocker(serverResponses);
var client = HttpClient.newBuilder()
.version(java.net.http.HttpClient.Version.HTTP_1_1)
.build()) {
var authHeaderValue = authHeaderValue("user", "pwd");
var request = HttpRequest.newBuilder().uri(URI.create(serverMock.baseURL() + "/some_serv_url"))
.setHeader("User-Agent", "myUserAgent")
.setHeader("Authorization", authHeaderValue)
.build();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
assertEquals(200, response.statusCode());
assertEquals(data1, response.body());
var serverStr = serverMock.requests.getFirst();
assertContains(serverStr, "/some_serv_url");
assertPattern(".*^User-Agent:.*myUserAgent.*", serverStr);
assertPattern(".*^Authorization:.*\\Q" + authHeaderValue + "\\E.*", serverStr);
}
}
/**
* A regression test for existing behavior.
*/
@Test
void h1TestServerOnlyAuthenticator() throws IOException, InterruptedException {
try (var serverMock = new Mocker(authenticatorResponses);
var client = HttpClient.newBuilder()
.version(java.net.http.HttpClient.Version.HTTP_1_1)
.authenticator(new ServerAuth())
.build()) {
// credentials set in the server authenticator
var request = HttpRequest.newBuilder().uri(URI.create(serverMock.baseURL() + "/some_serv_url"))
.setHeader("User-Agent", "myUserAgent")
.build();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
assertEquals(200, response.statusCode());
assertEquals(data1, response.body());
var serverStr = serverMock.requests.get(1);
assertContains(serverStr, "/some_serv_url");
assertPattern(".*^User-Agent:.*myUserAgent.*", serverStr);
assertPattern(".*^Authorization:.*\\Q" + authHeaderValue("serverUser", "serverPwd") + "\\E.*", serverStr);
}
}
private static final class Mocker extends Thread implements AutoCloseable {
private final ServerSocket ss;
private final String[] responses;
private final List<String> requests;
private volatile InputStream in;
private volatile OutputStream out;
private volatile Socket s = null;
private Mocker(String[] responses) throws IOException {
this.ss = new ServerSocket(0, 0, InetAddress.getLoopbackAddress());
this.responses = responses;
this.requests = new LinkedList<>();
start();
}
@Override
public void close() {
close(ss, s, in, out);
}
private static void close(Closeable... clarray) {
for (Closeable c : clarray) {
try {
c.close();
} catch (Exception e) {
// Do nothing
}
}
}
public int getPort() {
return ss.getLocalPort();
}
public String baseURL() {
try {
return URIBuilder.newBuilder()
.scheme("http")
.loopback()
.port(getPort())
.build()
.toString();
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
}
private String readRequest() throws IOException {
String req = "";
while (!req.endsWith("\r\n\r\n")) {
int x = in.read();
if (x == -1) {
s.close();
s = ss.accept();
in = s.getInputStream();
out = s.getOutputStream();
}
// noinspection StringConcatenationInLoop
req += (char) x;
}
return req;
}
public void run() {
try {
int index=0;
s = ss.accept();
in = s.getInputStream();
out = s.getOutputStream();
while (index < responses.length) {
requests.add(readRequest());
out.write(responses[index++].getBytes(US_ASCII));
}
} catch (Exception e) {
// noinspection CallToPrintStackTrace
e.printStackTrace();
}
}
}
private static final class ProxySel extends ProxySelector {
private final int port;
private ProxySel(int port) {
this.port = port;
}
@Override
public List<Proxy> select(URI uri) {
return List.of(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(
InetAddress.getLoopbackAddress(), port)));
}
@Override
public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {}
}
private static final class ProxyAuth extends Authenticator {
private volatile boolean called = false;
@Override
protected PasswordAuthentication getPasswordAuthentication() {
called = true;
return new PasswordAuthentication("proxyUser", "proxyPwd".toCharArray());
}
}
private static final class ServerAuth extends Authenticator {
private volatile boolean called = false;
private static final String USER = "serverUser";
private static final String PASS = "serverPwd";
private static final String AUTH_HEADER_VALUE = authHeaderValue(USER, PASS);
@Override
protected PasswordAuthentication getPasswordAuthentication() {
called = true;
if (getRequestorType() != RequestorType.SERVER) {
// We only want to handle server authentication here
return null;
}
return new PasswordAuthentication(USER, PASS.toCharArray());
}
}
private static String authHeaderValue(String username, String password) {
String credentials = username + ':' + password;
return "Basic " + java.util.Base64.getEncoder().encodeToString(credentials.getBytes(US_ASCII));
}
private static void assertContains(String container, String containee) {
assertTrue(container.contains(containee), String.format("Error: expected %s Got %s", container, containee));
}
private static void assertPattern(String pattern, String candidate) {
Pattern pat = Pattern.compile(pattern, Pattern.DOTALL | Pattern.MULTILINE);
Matcher matcher = pat.matcher(candidate);
assertTrue(matcher.matches(), String.format("Error: expected %s Got %s", pattern, candidate));
}
}
Reference in New Issue View Git Blame Copy Permalink