Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/java/net/Authenticator/B4678055.java
38812 views
/*1* Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/**24* @test25* @bug 467805526* @library ../../../sun/net/www/httptest/27* @build HttpCallback TestHttpServer ClosedChannelList HttpTransaction28* @run main B467805529* @summary Basic Authentication fails with multiple realms30*/3132import java.io.*;33import java.net.*;3435public class B4678055 implements HttpCallback {3637static int count = 0;38static String authstring;3940void errorReply (HttpTransaction req, String reply) throws IOException {41req.addResponseHeader ("Connection", "close");42req.addResponseHeader ("WWW-Authenticate", reply);43req.sendResponse (401, "Unauthorized");44req.orderlyClose();45}4647void okReply (HttpTransaction req) throws IOException {48req.setResponseEntityBody ("Hello .");49req.sendResponse (200, "Ok");50req.orderlyClose();51}5253public void request (HttpTransaction req) {54try {55authstring = req.getRequestHeader ("Authorization");56System.out.println (authstring);57switch (count) {58case 0:59errorReply (req, "Basic realm=\"wallyworld\"");60break;61case 1:62/* client stores a username/pw for wallyworld63*/64okReply (req);65break;66case 2:67/* emulates a server that has configured a second68* realm, but by misconfiguration uses the same69* realm string as the previous one.70*71* An alternative (more likely) scenario that shows this behavior is72* the case where the password in the original realm has changed73*/74errorReply (req, "Basic realm=\"wallyworld\"");75break;76case 3:77/* The client replies with the username/password78* from the first realm, which is wrong (unexpectedly)79*/80errorReply (req, "Basic realm=\"wallyworld\"");81break;82case 4:83/* The client re-prompts for a password and84* we now reply with an OK. The client with the bug85* will throw NPE at this point.86*/87case 5:88/* Repeat the OK, to make sure the same new auth string is sent */89okReply (req);90break;91}92count ++;93} catch (IOException e) {94e.printStackTrace();95}96}9798static void read (InputStream is) throws IOException {99int c;100System.out.println ("reading");101while ((c=is.read()) != -1) {102System.out.write (c);103}104System.out.println ("");105System.out.println ("finished reading");106}107108static boolean checkFinalAuth () {109return authstring.equals ("Basic dXNlcjpwYXNzMg==");110}111112static void client (String u) throws Exception {113URL url = new URL (u);114System.out.println ("client opening connection to: " + u);115URLConnection urlc = url.openConnection ();116InputStream is = urlc.getInputStream ();117read (is);118is.close();119}120121static TestHttpServer server;122123public static void main (String[] args) throws Exception {124MyAuthenticator auth = new MyAuthenticator ();125Authenticator.setDefault (auth);126try {127server = new TestHttpServer (new B4678055(), 1, 10, 0);128System.out.println ("Server: listening on port: " + server.getLocalPort());129client ("http://localhost:"+server.getLocalPort()+"/d1/foo.html");130client ("http://localhost:"+server.getLocalPort()+"/d2/foo.html");131client ("http://localhost:"+server.getLocalPort()+"/d2/foo.html");132} catch (Exception e) {133if (server != null) {134server.terminate();135}136throw e;137}138int f = auth.getCount();139if (f != 2) {140except ("Authenticator was called "+f+" times. Should be 2");141}142/* this checks the authorization string corresponding to second password "pass2"*/143if (!checkFinalAuth()) {144except ("Wrong authorization string received from client");145}146server.terminate();147}148149public static void except (String s) {150server.terminate();151throw new RuntimeException (s);152}153154static class MyAuthenticator extends Authenticator {155MyAuthenticator () {156super ();157}158159int count = 0;160161public PasswordAuthentication getPasswordAuthentication () {162PasswordAuthentication pw;163if (count == 0) {164pw = new PasswordAuthentication ("user", "pass1".toCharArray());165} else {166pw = new PasswordAuthentication ("user", "pass2".toCharArray());167}168count ++;169return pw;170}171172public int getCount () {173return (count);174}175}176}177178179