commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject cvs commit: jakarta-commons/httpclient/src/test/org/apache/commons/httpclient TestAuthenticator.java
Date Mon, 07 Apr 2003 19:23:36 GMT
olegk       2003/04/07 12:23:36

  Modified:    httpclient/src/examples BasicAuthenticatonExample.java
                        TrivialApp.java
               httpclient/src/java/org/apache/commons/httpclient
                        Authenticator.java HttpMethodBase.java
                        HttpState.java
               httpclient/src/java/org/apache/commons/httpclient/auth
                        HttpAuthenticator.java
               httpclient/src/java/org/apache/commons/httpclient/methods
                        MultipartPostMethod.java
               httpclient/src/test/org/apache/commons/httpclient
                        TestAuthenticator.java
  Added:       httpclient/src/java/org/apache/commons/httpclient/auth
                        HttpAuthRealm.java
  Log:
  Bug fix:
  #18355
  
  Changelog:
  - Authentication credentials can be specified on per host and authentication realm basis in order to avoid conflicts between different hosts with the same realm names
  
  Contributed by Adrian Sutton & Oleg Kalnichevski
  
  Revision  Changes    Path
  1.4       +4 -3      jakarta-commons/httpclient/src/examples/BasicAuthenticatonExample.java
  
  Index: BasicAuthenticatonExample.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/examples/BasicAuthenticatonExample.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- BasicAuthenticatonExample.java	23 Jan 2003 22:47:42 -0000	1.3
  +++ BasicAuthenticatonExample.java	7 Apr 2003 19:23:35 -0000	1.4
  @@ -86,6 +86,7 @@
           // authenticating to servers with realm "realm", to authenticate agains
           // an arbitrary realm change this to null.
           client.getState().setCredentials(
  +            "www.verisign.com",
               "realm",
               new UsernamePasswordCredentials("username", "password")
           );
  
  
  
  1.11      +4 -4      jakarta-commons/httpclient/src/examples/TrivialApp.java
  
  Index: TrivialApp.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/examples/TrivialApp.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- TrivialApp.java	25 Feb 2003 23:33:48 -0000	1.10
  +++ TrivialApp.java	7 Apr 2003 19:23:36 -0000	1.11
  @@ -113,7 +113,7 @@
   
           //set username / password
           if (creds != null) {
  -            client.getState().setCredentials(null, creds);
  +            client.getState().setCredentials(null, null, creds);
           }
   
           String url = args[0];
  
  
  
  1.44      +13 -8     jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Authenticator.java
  
  Index: Authenticator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Authenticator.java,v
  retrieving revision 1.43
  retrieving revision 1.44
  diff -u -r1.43 -r1.44
  --- Authenticator.java	6 Apr 2003 22:31:52 -0000	1.43
  +++ Authenticator.java	7 Apr 2003 19:23:36 -0000	1.44
  @@ -199,12 +199,17 @@
        * @see HttpMethod#addRequestHeader
        */
       private static boolean authenticate(HttpMethod method, HttpState state, 
  -            boolean proxy)
  +        boolean proxy)
           throws HttpException, UnsupportedOperationException {
   
           LOG.trace("enter Authenticator.authenticate(HttpMethod, HttpState, "
                     + "Header, String)");
  +        return authenticate(method, null, state, proxy);
  +   }
   
  +    private static boolean authenticate(HttpMethod method, HttpConnection conn,
  +            HttpState state, boolean proxy)
  +            throws HttpException, UnsupportedOperationException {
           String challengeheader = proxy ? PROXY_AUTH : WWW_AUTH;
   
           // I REALLY hate doing this, but I need to avoid multiple autorization
  @@ -226,9 +231,9 @@
               if (state.isAuthenticationPreemptive()) {
                   LOG.debug("Preemptively sending default basic credentials");
                   if (proxy) {
  -                    return HttpAuthenticator.authenticateProxyDefault(method, state);
  +                    return HttpAuthenticator.authenticateProxyDefault(method, conn, state);
                   } else {
  -                    return HttpAuthenticator.authenticateDefault(method, state);
  +                    return HttpAuthenticator.authenticateDefault(method, conn, state);
                   }
               }
               return false;
  @@ -240,9 +245,9 @@
               LOG.debug("Using " + authscheme.getSchemeName() + " authentication scheme");
           }
           if (proxy) {
  -            return HttpAuthenticator.authenticateProxy(authscheme, method, state);
  +            return HttpAuthenticator.authenticateProxy(authscheme, method, conn, state);
           } else {
  -            return HttpAuthenticator.authenticate(authscheme, method, state);
  +            return HttpAuthenticator.authenticate(authscheme, method, conn, state);
           }
   
       }
  
  
  
  1.131     +11 -13    jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java
  
  Index: HttpMethodBase.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java,v
  retrieving revision 1.130
  retrieving revision 1.131
  diff -u -r1.130 -r1.131
  --- HttpMethodBase.java	6 Apr 2003 22:31:52 -0000	1.130
  +++ HttpMethodBase.java	7 Apr 2003 19:23:36 -0000	1.131
  @@ -992,11 +992,11 @@
                   LOG.debug("Preemptively sending default basic credentials");
   
                   try {
  -                    if (HttpAuthenticator.authenticateDefault(this, state)) {
  +                    if (HttpAuthenticator.authenticateDefault(this, conn, state)) {
                           LOG.debug("Default basic credentials applied");
                       }
                       if (conn.isProxied()) {
  -                        if (HttpAuthenticator.authenticateProxyDefault(this, state)) {
  +                        if (HttpAuthenticator.authenticateProxyDefault(this, conn, state)) {
                               LOG.debug("Default basic proxy credentials applied");
                           }
                       }
  @@ -1337,7 +1337,7 @@
               if (challenges.length > 0) {
                   try {
                       AuthScheme authscheme = HttpAuthenticator.selectAuthScheme(challenges);
  -                    HttpAuthenticator.authenticate(authscheme, this, state);
  +                    HttpAuthenticator.authenticate(authscheme, this, conn, state);
                   } catch (HttpException e) {
                       // log and move on
                       if (LOG.isErrorEnabled()) {
  @@ -1484,7 +1484,7 @@
               if (challenges.length > 0) {
                   try {
                       AuthScheme authscheme = HttpAuthenticator.selectAuthScheme(challenges);
  -                    HttpAuthenticator.authenticateProxy(authscheme, this, state);
  +                    HttpAuthenticator.authenticateProxy(authscheme, this, conn, state);
                   } catch (HttpException e) {
                       // log and move on
                       if (LOG.isErrorEnabled()) {
  @@ -2342,15 +2342,13 @@
                   switch (statusCode) {
                       case HttpStatus.SC_UNAUTHORIZED:
                           removeRequestHeader(HttpAuthenticator.WWW_AUTH_RESP);
  -                        authenticated = HttpAuthenticator.authenticate(authscheme, this, state);
  +                        authenticated = HttpAuthenticator.authenticate(
  +                            authscheme, this, conn, state);
                           break;
                       case HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED:
                           removeRequestHeader(HttpAuthenticator.PROXY_AUTH_RESP);
                           authenticated = HttpAuthenticator.authenticateProxy(
  -                            authscheme, 
  -                            this, 
  -                            state
  -                        );
  +                            authscheme, this, conn, state);
                           break;
                   }
               } catch (AuthenticationException e) {
  
  
  
  1.20      +176 -28   jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpState.java
  
  Index: HttpState.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpState.java,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- HttpState.java	1 Apr 2003 19:04:19 -0000	1.19
  +++ HttpState.java	7 Apr 2003 19:23:36 -0000	1.20
  @@ -69,9 +69,9 @@
   import java.util.Map;
   import java.util.List;
   import java.util.Iterator;
  -
   import org.apache.commons.httpclient.cookie.CookieSpec;
   import org.apache.commons.httpclient.cookie.CookiePolicy;
  +import org.apache.commons.httpclient.auth.HttpAuthRealm; 
   import org.apache.commons.logging.Log;
   import org.apache.commons.logging.LogFactory;
   
  @@ -94,6 +94,7 @@
    * @author <a href="mailto:becke@u.washington.edu">Michael Becke</a>
    * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
    * @author <a href="mailto:mbowler@GargoyleSoftware.com">Mike Bowler</a>
  + * @author <a href="mailto:adrian@intencha.com">Adrian Sutton</a>
    * 
    * @version $Revision$ $Date$
    * 
  @@ -129,6 +130,11 @@
       private HashMap proxyCred = new HashMap();
   
       /**
  +     * The default authentication realm.
  +     */
  +    public static final HttpAuthRealm DEFAULT_AUTH_REALM = new HttpAuthRealm(null, null); 
  +
  +    /**
        * My {@link Cookie Cookie}s.
        */
       private ArrayList cookies = new ArrayList();
  @@ -377,7 +383,6 @@
           this.cookiePolicy = policy;
       }
   
  -
       /**
        * Set the Credentials for the given authentication realm.
        *
  @@ -389,40 +394,131 @@
        * <p>
        * Any previous credentials for this realm will be overwritten.
        *
  +     * @deprecated This method does not distinguish between realms with the
  +     * same name on different hosts.  Use
  +     * {@link HttpState#setCredentials(String, Credentials)} instead.
  +     * 
        * @param realm the authentication realm
        * @param credentials the authentication credentials for the given realm
        * 
  -     * @see #getCredentials(String)
  -     * @see #setProxyCredentials(String, Credentials)
  +     * @see #getCredentials(String, String)
  +     * @see #setProxyCredentials(String, String, Credentials)
        * 
        */
  +    
       public synchronized void setCredentials(String realm, Credentials credentials) {
           LOG.trace("enter HttpState.setCredentials(String, Credentials)");
  -        credMap.put(realm, credentials);
  +        setCredentials(realm, null, credentials);
  +    }
  +    
  +    /** Sets the credentials for <tt>realm</tt> on <tt>host</tt>.
  +     * with no host.
  +     * 
  +     * When <i>realm</i> is <code>null</code>, I'll use the given
  +     * <i>credentials</i> when no other {@link Credentials} have
  +     * been supplied for the given challenging realm.
  +     * (I.e., use a <code>null</code> realm to set the "default"
  +     * credentials.)
  +     * <p>
  +     * Any previous credentials for this realm will be overwritten.
  +     * 
  +     * @param realm the authentication realm
  +     * @param host the host the realm belongs to
  +     * @param credentials the authentication credentials for the given realm.
  +     * 
  +     * @see #getCredentials(String, String)
  +     * @see #setProxyCredentials(String, String, Credentials) 
  +     */
  +    
  +    public synchronized void setCredentials(String realm, String host, Credentials credentials) {
  +    	LOG.trace(
  +            "enter HttpState.setCredentials(String realm, String host, Credentials credentials)");
  +        credMap.put(new HttpAuthRealm(host, realm), credentials);
       }
   
   
       /**
  +     * Find matching credentials for the given authentication realm and host.
  +     *
  +     * If the <i>realm</i> exists on <i>host</i>, return the coresponding credentials.
  +     * If the <i>host</i> exists with a <tt>null</tt> <i>realm</i>, return the corresponding
  +     * credentials.
  +     * If the <i>realm</i> exists with a <tt>null</tt> <i>host</i>, return the
  +     * corresponding credentials.  If the <i>realm</i> does not exist, return
  +     * the default Credentials.  If there are no default credentials, return
  +     * <code>null</code>.
  +     *
  +     * @param map the credentials hash map
  +     * @param realm the authentication realm
  +     * @param host the host the realm is on
  +     * @return the credentials 
  +     * 
  +     */
  +    private static Credentials matchCredentials(HashMap map, String realm, String host) {
  +        HttpAuthRealm entry = new HttpAuthRealm(host, realm);
  +        Credentials creds = (Credentials) map.get(entry);
  +        if (creds == null && host != null && realm != null) {
  +            entry = new HttpAuthRealm(host, null);
  +            creds = (Credentials) map.get(entry);
  +            if (creds == null) {
  +                entry = new HttpAuthRealm(null, realm);
  +                creds = (Credentials) map.get(entry);
  +            }
  +        }
  +        if (creds == null) {
  +            creds = (Credentials) map.get(DEFAULT_AUTH_REALM);
  +        }
  +        return creds;
  +    }
  +    
  +    /**
        * Get the Credentials for the given authentication realm.
        *
  -     * If the <i>realm</i> exists, return the coresponding credentials.  If the 
  -     * <i>realm</i> does not exist, return the default Credentials.  If there is 
  -     * no default credentials, return <code>null</code>.
  +     * If the <i>realm</i> exists on <i>host</i>, return the coresponding credentials.
  +     * If the <i>host</i> exists with a <tt>null</tt> <i>realm</i>, return the corresponding
  +     * credentials.
  +     * If the <i>realm</i> exists with a <tt>null</tt> <i>host</i>, return the
  +     * corresponding credentials.  If the <i>realm</i> does not exist, return
  +     * the default Credentials.  If there are no default credentials, return
  +     * <code>null</code>.
        *
        * @param realm the authentication realm
  +     * @param host the host the realm is on
        * @return the credentials 
        * 
  -     * @see #setCredentials(String, Credentials)
  +     * @see #setCredentials(String, String, Credentials)
  +     * 
  +     */
  +    
  +    public synchronized Credentials getCredentials(String realm, String host) {
  +    	LOG.trace("enter HttpState.getCredentials(String, String");
  +    	return matchCredentials(this.credMap, realm, host);
  +    }
  +
  +    /**
  +     * Get the Credentials for the given authentication realm.
  +     *
  +     * If the <i>realm</i> exists on <i>host</i>, return the coresponding credentials.
  +     * If the <i>realm</i> exists with a <tt>null</tt> <i>host</i>, return the
  +     * corresponding credentials.  If the <i>realm</i> does not exist, return
  +     * the default Credentials.  If there is no default credentials, return
  +     * <code>null</code>.
  +     *
  +     * @deprecated This method does not distinguish between realms on different
  +     * servers with the same name.  Use {@link #getCredentials(String, String)}
  +     * instead.
  +     * 
  +     * @param realm the authentication realm
  +     * @return the credentials 
  +     * 
  +     * @see #setCredentials(String, String, Credentials)
        * 
        */
  +    
       public synchronized Credentials getCredentials(String realm) {
           LOG.trace("enter HttpState.getCredentials(String)");
   
  -        Credentials creds = (Credentials) credMap.get(realm);
  -        if (creds == null) {
  -            creds = (Credentials) credMap.get(null);
  -        }
  -        return creds;
  +        return getCredentials(realm, null);
       }
   
       /**
  @@ -437,6 +533,10 @@
        * <p>
        * Any previous credentials for this realm will be overwritten.
        *
  +     * @depreciated This method does not differentiate between realms with
  +     * the same name on different servers.  Use
  +     * {@link #setProxyCredentials(String, String, Credentials)} instead.
  +     * 
        * @param realm the authentication realm
        * @param credentials the authentication credentials for the given realm
        * 
  @@ -444,11 +544,36 @@
        * @see #setCredentials(String, Credentials)
        * 
        */
  +    
       public synchronized void setProxyCredentials(String realm, Credentials credentials) {
           LOG.trace("enter HttpState.setProxyCredentials(String, credentials)");
  -        proxyCred.put(realm, credentials);
  +        setProxyCredentials(realm, null, credentials);
  +    }
  +    
  +    /**
  +     * Set the for the proxy with the given authentication realm.
  +     *
  +     * When <i>realm</i> and <i>host</i> are <code>null</code>, I'll use the given
  +     * <i>credentials</i> when no other {@link Credentials} have
  +     * been supplied for the given challenging realm.
  +     * (I.e., use a <code>null</code> realm to set the "default"
  +     * credentials.) Realms rarely make much sense with proxies, so
  +     * <code>null</code> is normally a good choice here.
  +     * <p>
  +     * Any previous credentials for this realm will be overwritten.
  +     *
  +     * @param realm the authentication realm
  +     * @param credentials the authentication credentials for the given realm
  +     * 
  +     * @see #getProxyCredentials(String)
  +     * @see #setCredentials(String, Credentials)
  +     * 
  +     */
  +    
  +    public synchronized void setProxyCredentials(String realm, String proxyHost, Credentials credentials) {
  +    	LOG.trace("enter HttpState.setProxyCredentials(String, String, Credentials");
  +        proxyCred.put(new HttpAuthRealm(proxyHost, realm), credentials);
       }
  -
   
       /**
        * Get the Credentials for the proxy with the given authentication realm.
  @@ -456,21 +581,44 @@
        * If the <i>realm</i> exists, return the coresponding credentials.  If the 
        * <i>realm</i> does not exist, return the default Credentials.  If there is 
        * no default credentials, return <code>null</code>.
  +     * 
  +     * @deprecated This method does not distinguish between realms on different hosts.
  +     * Use {@link #getProxyCredentials(String, String)} instead.
        *
        * @param realm the authentication realm
        * @return the credentials 
  -     * @see #setProxyCredentials
  +     * @see #setProxyCredentials(String, String, Credentials)
        */
  +    
       public synchronized Credentials getProxyCredentials(String realm) {
           LOG.trace("enter HttpState.getProxyCredentials(String)");
  -        Credentials creds = (Credentials) proxyCred.get(realm);
  -        if (creds == null) {
  -            creds = (Credentials) proxyCred.get(null);
  -        }
  -        return creds;
  +        return getProxyCredentials(realm, null);
       }
       
       /**
  +     * Get the Credentials for the proxy with the given authentication realm on the given
  +     * <i>host</i>.
  +     *
  +     * If the <i>realm</i> exists on <i>host</i>, return the coresponding credentials.
  +     * If the <i>host</i> exists with a <tt>null</tt> <i>realm</i>, return the corresponding
  +     * credentials.
  +     * If the <i>realm</i> exists with a <tt>null</tt> <i>host</i>, return the
  +     * corresponding credentials.  If the <i>realm</i> does not exist, return
  +     * the default Credentials.  If there are no default credentials, return
  +     * <code>null</code>.
  +     * 
  +     * @param realm the authentication realm
  +     * @param host the host the realm is on
  +     * @return the credentials 
  +     * @see #setProxyCredentials(String, String, Credentials)
  +     */
  +    
  +	public synchronized Credentials getProxyCredentials(String realm, String proxyHost) {
  +		LOG.trace("enter HttpState.getCredentials(String, String");
  +        return matchCredentials(this.proxyCred, realm, proxyHost);
  +	}
  +    
  +    /**
        * Return a string representation of this object.
        * @return The string representation.
        * @see java.lang.Object#toString()
  @@ -500,7 +648,7 @@
           StringBuffer sbResult = new StringBuffer();
           Iterator iter = proxyCredMap.keySet().iterator();
           while (iter.hasNext()) {
  -            String key = (String) iter.next();
  +            Object key = iter.next();
               Credentials cred = (Credentials) proxyCredMap.get(key);
               if (sbResult.length() > 0) {
                   sbResult.append(", ");
  @@ -521,7 +669,7 @@
           StringBuffer sbResult = new StringBuffer();
           Iterator iter = credMap.keySet().iterator();
           while (iter.hasNext()) {
  -            String key = (String) iter.next();
  +            Object key = iter.next();
               Credentials cred = (Credentials) credMap.get(key);
               if (sbResult.length() > 0) {
                   sbResult.append(", ");
  
  
  
  1.4       +64 -27    jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/HttpAuthenticator.java
  
  Index: HttpAuthenticator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/HttpAuthenticator.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- HttpAuthenticator.java	6 Apr 2003 22:31:53 -0000	1.3
  +++ HttpAuthenticator.java	7 Apr 2003 19:23:36 -0000	1.4
  @@ -66,6 +66,7 @@
   import java.util.Map;
   import java.util.HashMap;
   import org.apache.commons.httpclient.Header;
  +import org.apache.commons.httpclient.HttpConnection;
   import org.apache.commons.httpclient.HttpMethod;
   import org.apache.commons.httpclient.Credentials;
   import org.apache.commons.httpclient.HttpState;
  @@ -178,7 +179,11 @@
       }
       
   
  -    private static boolean doAuthenticateDefault(HttpMethod method, HttpState state, boolean proxy)
  +    private static boolean doAuthenticateDefault(
  +        HttpMethod method, 
  +        HttpConnection conn,
  +        HttpState state, 
  +        boolean proxy)
         throws AuthenticationException {
           if (method == null) {
               throw new IllegalArgumentException("HTTP method may not be null");
  @@ -186,8 +191,12 @@
           if (state == null) {
               throw new IllegalArgumentException("HTTP state may not be null");
           }
  +        String host = null;
  +        if (conn != null) {
  +            host = proxy ? conn.getProxyHost() : conn.getHost();
  +        }
           Credentials credentials = proxy 
  -            ? state.getProxyCredentials(null) : state.getCredentials(null);
  +            ? state.getProxyCredentials(null, host) : state.getCredentials(null, host);
           if (credentials == null) {
               return false;
           }
  @@ -209,10 +218,13 @@
       
       /**
        * Attempt to provide default authentication credentials 
  -     * to the given <i>method</i> in the given <i>state</i> using 
  -     * basic authentication scheme.
  +     * to the given method in the given context using basic 
  +     * authentication scheme.
        * 
        * @param method the HttpMethod which requires authentication
  +     * @param conn the connection to a specific host. This parameter 
  +     *   may be <tt>null</tt> if default credentials (not specific 
  +     *   to any particular host) are to be used
        * @param state the HttpState object providing Credentials
        * 
        * @return true if the <tt>Authenticate</tt> response header 
  @@ -220,21 +232,27 @@
        * 
        * @throws AuthenticationException when a parsing or other error occurs
   
  -     * @see HttpState#setCredentials(String,Credentials)
  +     * @see HttpState#setCredentials(String,String,Credentials)
        */
  -    public static boolean authenticateDefault(HttpMethod method, HttpState state)
  +    public static boolean authenticateDefault(
  +        HttpMethod method, 
  +        HttpConnection conn,
  +        HttpState state)
         throws AuthenticationException {
  -        LOG.trace("enter HttpAuthenticator.authenticateDefault(HttpMethod, HttpState)");
  -        return doAuthenticateDefault(method, state, false);
  +        LOG.trace("enter HttpAuthenticator.authenticateDefault(HttpMethod, HttpConnection, HttpState)");
  +        return doAuthenticateDefault(method, conn, state, false);
       }
   
   
       /**
        * Attempt to provide default proxy authentication credentials 
  -     * to the given <i>method</i> in the given <i>state</i> using 
  -     * basic authentication scheme.
  +     * to the given method in the given context using basic 
  +     * authentication scheme.
        * 
        * @param method the HttpMethod which requires authentication
  +     * @param conn the connection to a specific host. This parameter 
  +     *   may be <tt>null</tt> if default credentials (not specific 
  +     *   to any particular host) are to be used
        * @param state the HttpState object providing Credentials
        * 
        * @return true if the <tt>Proxy-Authenticate</tt> response header 
  @@ -244,19 +262,23 @@
   
        * @see HttpState#setCredentials(String,Credentials)
        */
  -    public static boolean authenticateProxyDefault(HttpMethod method, HttpState state)
  +    public static boolean authenticateProxyDefault(
  +        HttpMethod method, 
  +        HttpConnection conn,
  +        HttpState state)
         throws AuthenticationException {
           LOG.trace("enter HttpAuthenticator.authenticateProxyDefault(HttpMethod, HttpState)");
  -        return doAuthenticateDefault(method, state, true);
  +        return doAuthenticateDefault(method, conn, state, true);
       }
   
   
       private static boolean doAuthenticate(
           AuthScheme authscheme, 
           HttpMethod method, 
  +        HttpConnection conn,
           HttpState state, 
  -        boolean proxy
  -    ) throws AuthenticationException {
  +        boolean proxy)
  +       throws AuthenticationException {
           if (authscheme == null) {
               throw new IllegalArgumentException("Authentication scheme may not be null");
           }
  @@ -266,7 +288,12 @@
           if (state == null) {
               throw new IllegalArgumentException("HTTP state may not be null");
           }
  +        String host = null;
  +        if (conn != null) {
  +            host = proxy ? conn.getProxyHost() : conn.getHost();
  +        }
           String realm = authscheme.getRealm();
  +        // TODO: To be removed in the future. Required for backward compatibility
           if (realm == null) {
               Header hostheader = method.getRequestHeader("host");
               if (hostheader != null) {
  @@ -280,8 +307,8 @@
                   LOG.debug("Using '" + realm + "' authentication realm");
               }
           }
  -        Credentials credentials = proxy 
  -            ? state.getProxyCredentials(realm) : state.getCredentials(realm);
  +        Credentials credentials = proxy ? 
  +            state.getProxyCredentials(realm, host) : state.getCredentials(realm, host);
           if (credentials == null) {
               throw new AuthenticationException(
                   "No credentials available for the " + authscheme.getSchemeName() 
  @@ -297,14 +324,16 @@
           }
       }
   
  -
       /**
        * Attempt to provide requisite authentication credentials to the 
  -     * given <i>method</i> in the given <i>state</i> using the given 
  +     * given method in the given context using the given 
        * authentication scheme.
        * 
        * @param authscheme The authentication scheme to be used
        * @param method The HttpMethod which requires authentication
  +     * @param conn the connection to a specific host. This parameter 
  +     *   may be <tt>null</tt> if default credentials (not specific 
  +     *   to any particular host) are to be used
        * @param state The HttpState object providing Credentials
        * 
        * @return true if the <tt>Authenticate</tt> response header was added
  @@ -313,20 +342,27 @@
   
        * @see HttpState#setCredentials(String,Credentials)
        */
  -    public static boolean authenticate(AuthScheme authscheme, HttpMethod method, HttpState state)
  -      throws AuthenticationException {
  -       LOG.trace("enter HttpAuthenticator.authenticate(AuthScheme, HttpMethod, HttpState)");
  -        return doAuthenticate(authscheme, method, state, false);
  +    public static boolean authenticate(
  +        AuthScheme authscheme, 
  +        HttpMethod method, 
  +        HttpConnection conn,
  +        HttpState state) 
  +        throws AuthenticationException {
  +       LOG.trace("enter HttpAuthenticator.authenticate(AuthScheme, HttpMethod, HttpConnection, HttpState)");
  +        return doAuthenticate(authscheme, method, conn, state, false);
       }
   
   
       /**
        * Attempt to provide requisite proxy authentication credentials 
  -     * to the given <i>method</i> in the given <i>state</i> using 
  +     * to the given method in the given context using 
        * the given authentication scheme.
        * 
        * @param authscheme The authentication scheme to be used
        * @param method the HttpMethod which requires authentication
  +     * @param conn the connection to a specific host. This parameter 
  +     *   may be <tt>null</tt> if default credentials (not specific 
  +     *   to any particular host) are to be used
        * @param state the HttpState object providing Credentials
        * 
        * @return true if the <tt>Proxy-Authenticate</tt> response header 
  @@ -339,9 +375,10 @@
       public static boolean authenticateProxy(
           AuthScheme authscheme, 
           HttpMethod method, 
  +        HttpConnection conn,
           HttpState state
       ) throws AuthenticationException {
          LOG.trace("enter HttpAuthenticator.authenticateProxy(AuthScheme, HttpMethod, HttpState)");
  -       return doAuthenticate(authscheme, method, state, true);
  +       return doAuthenticate(authscheme, method, conn, state, true);
       }
   }
  
  
  
  1.1                  jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/HttpAuthRealm.java
  
  Index: HttpAuthRealm.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2002-2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Commons", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */
  
  package org.apache.commons.httpclient.auth;
  
  /** The key used to look up authentication credentials.
   * 
   * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
   * @author <a href="mailto:adrian@intencha.com">Adrian Sutton</a>
   */
  public class HttpAuthRealm {
      
      /** The realm the credentials apply to. */
      private String realm = null;
      
      /** The domain the credentials apply to. */
      private String domain = null;
          
      /** Creates a new HttpAuthRealm for the given <tt>domain</tt> and 
       * <tt>realm</tt>.
       * 
       * @param domain the domain the credentials apply to. May be set
       *   to <tt>null</null> if credenticals are applicable to
       *   any domain. 
       * @param realm the realm the credentials apply to. May be set 
       *   to <tt>null</null> if credenticals are applicable to
       *   any realm. 
       *   
       */
      public HttpAuthRealm(final String domain, final String realm) {
          this.domain = domain;
          this.realm = realm;
      }
      
      /** Determines if the given domains match.  Note that <tt>null</tt> acts as a
       * wildcard so if either of the domains are <tt>null</tt>, it is considered a match.
       * 
       * @param d1 the domain
       * @param d2 the other domain
       * @return boolean true if the domains match, otherwise false.
       */
      private static boolean domainAttribMatch(final String d1, final String d2) {
          return d1 == null || d2 == null || d1.equalsIgnoreCase(d2);
      }
  
      /** Determines if the given realms match.  Note that <tt>null</tt> acts as a
       * wildcard so if either realm is <tt>null</tt>, this function will return <tt>true</tt>.
       * 
       * @param r1 the realm
       * @param r2 the other realm
       * @return boolean true if the realms match, otherwise false.
       */ 
      private static boolean realmAttribMatch(final String r1, final String r2) {
          return r1 == null || r2 == null || r1.equals(r2);
      }
  
  
      /**
       * @see java.lang.Object#equals(Object)
       */
      public boolean equals(Object o) {
          if (o == null) {
              return false;
          }
          if (o == this) {
              return true;
          }
          if (!(o instanceof HttpAuthRealm)) {
              return super.equals(o);
          }
          HttpAuthRealm that = (HttpAuthRealm)o;
          return 
            domainAttribMatch(this.domain, that.domain) && 
            realmAttribMatch(this.realm, that.realm);
      }
  
      /**
       * @see java.lang.Object#toString()
       */
      public String toString() {
          StringBuffer buffer = new StringBuffer();
          buffer.append("Authentication domain: '");
          buffer.append(this.domain);
          buffer.append("', authentication realm: '");
          buffer.append(this.realm);
          buffer.append("'");
          return buffer.toString();
      }
      /**
       * @see java.lang.Object#hashCode()
       */
      public int hashCode() {
          StringBuffer buffer = new StringBuffer();
          buffer.append(this.domain);
          buffer.append(this.realm);
          return buffer.toString().hashCode();
      }
  
  }
  
  
  1.17      +3 -5      jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/methods/MultipartPostMethod.java
  
  Index: MultipartPostMethod.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/methods/MultipartPostMethod.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- MultipartPostMethod.java	4 Apr 2003 02:37:03 -0000	1.16
  +++ MultipartPostMethod.java	7 Apr 2003 19:23:36 -0000	1.17
  @@ -82,8 +82,6 @@
   /**
    * POST Method for Multipart encoded forms.
    *
  - * TODO: Privide decent class documentation
  - *
    * @author <a href="mailto:mattalbright@yahoo.com">Matthew Albright</a>
    * @author <a href="mailto:jsdever@apache.org">Jeff Dever</a>
    * @author <a href="mailto:adrian@ephox.com">Adrian Sutton</a>
  
  
  
  1.24      +115 -51   jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java
  
  Index: TestAuthenticator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- TestAuthenticator.java	28 Mar 2003 16:37:50 -0000	1.23
  +++ TestAuthenticator.java	7 Apr 2003 19:23:36 -0000	1.24
  @@ -129,7 +129,7 @@
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           try {
               AuthScheme authscheme = new BasicScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method, state);
  +            HttpAuthenticator.authenticate(authscheme, method, null, state);
               fail("Should have thrown HttpException");
           } catch(HttpException e) {
               // expected
  @@ -142,7 +142,7 @@
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           try {
               AuthScheme authscheme = new BasicScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method, state);
  +            HttpAuthenticator.authenticate(authscheme, method, null, state);
               fail("Should have thrown HttpException");
           } catch(HttpException e) {
               // expected
  @@ -155,7 +155,7 @@
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           try {
               AuthScheme authscheme = new BasicScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method, state);
  +            HttpAuthenticator.authenticate(authscheme, method, null, state);
               fail("Should have thrown HttpException");
           } catch(HttpException e) {
               // expected
  @@ -167,7 +167,7 @@
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           try {
               AuthScheme authscheme = new BasicScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method,(HttpState)null);
  +            HttpAuthenticator.authenticate(authscheme, method, null, null);
               fail("Should have thrown IllegalArgumentException");
           } catch(IllegalArgumentException e) {
               // expected
  @@ -188,10 +188,10 @@
       public void testBasicAuthenticationCaseInsensitivity() throws Exception {
           String challenge = "bAsIc ReAlM=\"realm1\"";
           HttpState state = new HttpState();
  -        state.setCredentials(null,new UsernamePasswordCredentials("username","password"));
  +        state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
           HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
           AuthScheme authscheme = new BasicScheme(challenge);
  -        assertTrue(HttpAuthenticator.authenticate(authscheme, method, state));
  +        assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
           String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
           assertEquals(expected,method.getRequestHeader("Authorization").getValue());
  @@ -200,9 +200,9 @@
   
       public void testBasicAuthenticationWithDefaultCreds() throws Exception {
           HttpState state = new HttpState();
  -        state.setCredentials(null,new UsernamePasswordCredentials("username","password"));
  +        state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate","Basic realm=\"realm1\""));
  -        assertTrue(HttpAuthenticator.authenticateDefault(method, state));
  +        assertTrue(HttpAuthenticator.authenticateDefault(method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
           String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
           assertEquals(expected,method.getRequestHeader("Authorization").getValue());
  @@ -211,10 +211,10 @@
       public void testBasicAuthentication() throws Exception {
           String challenge = "Basic realm=\"realm\"";
           HttpState state = new HttpState();
  -        state.setCredentials("realm", new UsernamePasswordCredentials("username","password"));
  +        state.setCredentials("realm", null, new UsernamePasswordCredentials("username","password"));
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           AuthScheme authscheme = new BasicScheme(challenge);
  -        assertTrue(HttpAuthenticator.authenticate(authscheme, method, state));
  +        assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
           String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
           assertEquals(expected,method.getRequestHeader("Authorization").getValue());
  @@ -225,20 +225,20 @@
           String challenge1 = "Basic realm=\"realm1\"";
           String challenge2 = "Basic realm=\"realm2\"";
           HttpState state = new HttpState();
  -        state.setCredentials("realm1",new UsernamePasswordCredentials("username","password"));
  -        state.setCredentials("realm2",new UsernamePasswordCredentials("uname2","password2"));
  +        state.setCredentials("realm1", null, new UsernamePasswordCredentials("username","password"));
  +        state.setCredentials("realm2", null, new UsernamePasswordCredentials("uname2","password2"));
           AuthScheme authscheme1 = new BasicScheme(challenge1);
           AuthScheme authscheme2 = new BasicScheme(challenge2);
           {
               HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1));
  -            assertTrue(HttpAuthenticator.authenticate(authscheme1, method, state));
  +            assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state));
               assertTrue(null != method.getRequestHeader("Authorization"));
               String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
               assertEquals(expected,method.getRequestHeader("Authorization").getValue());
           }
           {
               HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge2));
  -            assertTrue(HttpAuthenticator.authenticate(authscheme2, method, state));
  +            assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state));
               assertTrue(null != method.getRequestHeader("Authorization"));
               String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("uname2:password2")));
               assertEquals(expected,method.getRequestHeader("Authorization").getValue());
  @@ -250,17 +250,17 @@
           HttpMethod method = new SimpleHttpMethod();
   
           state.setAuthenticationPreemptive(true);
  -        assertTrue(!HttpAuthenticator.authenticateDefault(method, state));
  +        assertTrue(!HttpAuthenticator.authenticateDefault(method, null, state));
           assertTrue(null == method.getRequestHeader("Authorization"));
       }
   
       public void testPreemptiveAuthorizationTrueWithCreds() throws Exception {
           HttpState state = new HttpState();
           HttpMethod method = new SimpleHttpMethod();
  -        state.setCredentials(null, new UsernamePasswordCredentials("username","password"));
  +        state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
   
           state.setAuthenticationPreemptive(true);
  -        assertTrue(HttpAuthenticator.authenticateDefault(method, state));
  +        assertTrue(HttpAuthenticator.authenticateDefault(method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
           String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
           assertEquals(expected, method.getRequestHeader("Authorization").getValue());
  @@ -274,7 +274,7 @@
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           try {
               AuthScheme authscheme = new DigestScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method, state);
  +            HttpAuthenticator.authenticate(authscheme, method, null, state);
               fail("Should have thrown HttpException");
           } catch(HttpException e) {
               // expected
  @@ -287,7 +287,7 @@
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           try {
               AuthScheme authscheme = new DigestScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method, state);
  +            HttpAuthenticator.authenticate(authscheme, method, null, state);
               fail("Should have thrown HttpException");
           } catch(HttpException e) {
               // expected
  @@ -300,7 +300,7 @@
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           try {
               AuthScheme authscheme = new DigestScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method, state);
  +            HttpAuthenticator.authenticate(authscheme, method, null, state);
               fail("Should have thrown HttpException");
           } catch(HttpException e) {
               // expected
  @@ -312,7 +312,7 @@
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           try {
               AuthScheme authscheme = new DigestScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method, (HttpState)null);
  +            HttpAuthenticator.authenticate(authscheme, method, null, null);
               fail("Should have thrown IllegalArgumentException");
           } catch(IllegalArgumentException e) {
               // expected
  @@ -323,10 +323,10 @@
           String challenge = "dIgEsT ReAlM=\"realm1\"";
           HttpState state = new HttpState();
           UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
  -        state.setCredentials(null, cred);
  +        state.setCredentials(null, null, cred);
           HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
           AuthScheme authscheme = new DigestScheme(challenge);
  -        assertTrue(HttpAuthenticator.authenticate(authscheme, method, state));
  +        assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
       }
   
  @@ -335,10 +335,10 @@
           String challenge = "Digest realm=\"realm1\"";
           HttpState state = new HttpState();
           UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
  -        state.setCredentials(null, cred);
  +        state.setCredentials(null, null, cred);
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           AuthScheme authscheme = new DigestScheme(challenge);
  -        assertTrue(HttpAuthenticator.authenticate(authscheme, method, state));
  +        assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
           checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
       }
  @@ -347,10 +347,10 @@
           String challenge = "Digest realm=\"realm1\"";
           HttpState state = new HttpState();
           UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
  -        state.setCredentials(null, cred);
  +        state.setCredentials(null, null, cred);
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           AuthScheme authscheme = new DigestScheme(challenge);
  -        assertTrue(HttpAuthenticator.authenticate(authscheme, method, state));
  +        assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
           checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
       }
  @@ -360,20 +360,20 @@
           String challenge2 = "Digest realm=\"realm2\"";
           HttpState state = new HttpState();
           UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
  -        state.setCredentials("realm1", cred);
  +        state.setCredentials("realm1", null, cred);
           UsernamePasswordCredentials cred2 = new UsernamePasswordCredentials("uname2","password2");
  -        state.setCredentials("realm2", cred2);
  +        state.setCredentials("realm2", null, cred2);
           AuthScheme authscheme1 = new DigestScheme(challenge1);
           AuthScheme authscheme2 = new DigestScheme(challenge2);
           {
               HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1));
  -            assertTrue(HttpAuthenticator.authenticate(authscheme1, method, state));
  +            assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state));
               assertTrue(null != method.getRequestHeader("Authorization"));
               checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
           }
           {
               HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge2));
  -            assertTrue(HttpAuthenticator.authenticate(authscheme2, method, state));
  +            assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state));
               assertTrue(null != method.getRequestHeader("Authorization"));
               checkAuthorization(cred2, method.getName(), method.getRequestHeader("Authorization").getValue());
           }
  @@ -388,7 +388,7 @@
           method.addRequestHeader("Host", "host");
           try {
               AuthScheme authscheme = new NTLMScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method, state);
  +            HttpAuthenticator.authenticate(authscheme, method, null, state);
               fail("Should have thrown HttpException");
           } catch(HttpException e) {
               // expected
  @@ -401,7 +401,7 @@
           method.addRequestHeader("Host", "host");
           try {
               AuthScheme authscheme = new NTLMScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method,(HttpState)null);
  +            HttpAuthenticator.authenticate(authscheme, method, null, null);
               fail("Should have thrown IllegalArgumentException");
           } catch(IllegalArgumentException e) {
               // expected
  @@ -413,11 +413,11 @@
           HttpState state = new HttpState();
           NTCredentials cred = new NTCredentials("username","password", "host",
                   "domain");
  -        state.setCredentials("host", cred);
  +        state.setCredentials("host", null, cred);
           HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
           method.addRequestHeader("Host", "host");
           AuthScheme authscheme = new NTLMScheme(challenge);
  -        assertTrue(HttpAuthenticator.authenticate(authscheme, method, state));
  +        assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
       }
   
  @@ -428,11 +428,11 @@
           HttpState state = new HttpState();
           NTCredentials cred = new NTCredentials("username","password", "host",
                   "domain");
  -        state.setCredentials("host", cred);
  +        state.setCredentials("host", null, cred);
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           method.addRequestHeader("Host", "host");
           AuthScheme authscheme = new NTLMScheme(challenge);
  -        assertTrue(HttpAuthenticator.authenticate(authscheme, method, state));
  +        assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
           assertEquals(expected,
                   method.getRequestHeader("Authorization").getValue());
  @@ -452,11 +452,11 @@
           HttpState state = new HttpState();
           NTCredentials cred = new NTCredentials("username","password", "host",
                   "domain");
  -        state.setCredentials("host", cred);
  +        state.setCredentials("host", null, cred);
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           method.addRequestHeader("Host", "host");
           AuthScheme authscheme = new NTLMScheme(challenge);
  -        assertTrue(HttpAuthenticator.authenticate(authscheme, method, state));
  +        assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
           assertEquals(expected,
                   method.getRequestHeader("Authorization").getValue());
  @@ -475,11 +475,11 @@
           HttpState state = new HttpState();
           NTCredentials cred = new NTCredentials("username","password", "host",
                   "domain");
  -        state.setCredentials(null, cred);
  +        state.setCredentials(null, null, cred);
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
           method.addRequestHeader("Host", "host");
           AuthScheme authscheme = new NTLMScheme(challenge);
  -        assertTrue(HttpAuthenticator.authenticate(authscheme, method, state));
  +        assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
           assertTrue(null != method.getRequestHeader("Authorization"));
           assertEquals(expected,
                   method.getRequestHeader("Authorization").getValue());
  @@ -490,7 +490,7 @@
        */
       public void testDoAuthenticateFalse() throws Exception {
           HttpState state = new HttpState();
  -        state.setCredentials("Protected",
  +        state.setCredentials(null, "Protected",
                   new UsernamePasswordCredentials("name", "pass"));
           HttpMethod method = new SimpleHttpMethod();
           method.setDoAuthentication(false);
  @@ -516,7 +516,7 @@
        */
       public void testInvalidCredentials() throws Exception {
           HttpState state = new HttpState();
  -        state.setCredentials("Protected", new UsernamePasswordCredentials("name", "pass"));
  +        state.setCredentials(null, "Protected", new UsernamePasswordCredentials("name", "pass"));
           HttpMethod method = new SimpleHttpMethod();
           method.setDoAuthentication(false);
           SimpleHttpConnection conn = new SimpleHttpConnection();
  @@ -535,7 +535,7 @@
   
       public void testMultipleChallengeBasic() throws Exception {
           HttpState state = new HttpState();
  -        state.setCredentials("Protected", new UsernamePasswordCredentials("name", "pass"));
  +        state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass"));
           HttpMethod method = new SimpleHttpMethod();
           SimpleHttpConnection conn = new SimpleHttpConnection();
           conn.addResponse(
  @@ -560,7 +560,7 @@
   
       public void testMultipleChallengeBasicLongRealm() throws Exception {
           HttpState state = new HttpState();
  -        state.setCredentials(null, new UsernamePasswordCredentials("name", "pass"));
  +        state.setCredentials(null, null, new UsernamePasswordCredentials("name", "pass"));
           HttpMethod method = new SimpleHttpMethod();
           SimpleHttpConnection conn = new SimpleHttpConnection();
           conn.addResponse(
  @@ -588,7 +588,7 @@
   
       public void testMultipleChallengeDigest() throws Exception {
           HttpState state = new HttpState();
  -        state.setCredentials("Protected", new UsernamePasswordCredentials("name", "pass"));
  +        state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass"));
           HttpMethod method = new SimpleHttpMethod();
           SimpleHttpConnection conn = new SimpleHttpConnection();
           conn.addResponse(
  @@ -666,5 +666,69 @@
       }
   
   
  -
  +    // --------------------------------- Test Methods for Selecting Credentials
  +    
  +    public void testDefaultCredentials() throws Exception {
  +        HttpState state = new HttpState();
  +        Credentials expected = new UsernamePasswordCredentials("name", "pass");
  +        state.setCredentials(null, null, expected);
  +        Credentials got = state.getCredentials("realm", "host");
  +        assertEquals(got, expected);
  +    }
  +    
  +    public void testRealmCredentials() throws Exception {
  +        HttpState state = new HttpState();
  +        Credentials expected = new UsernamePasswordCredentials("name", "pass");
  +        state.setCredentials("realm", null, expected);
  +        Credentials got = state.getCredentials("realm", "host");
  +        assertEquals(expected, got);
  +    }
  +    
  +    public void testHostCredentials() throws Exception {
  +        HttpState state = new HttpState();
  +        Credentials expected = new UsernamePasswordCredentials("name", "pass");
  +        state.setCredentials(null, "host", expected);
  +        Credentials got = state.getCredentials("realm", "host");
  +        assertEquals(expected, got);
  +    }
  +    
  +    public void testBothCredentials() throws Exception {
  +        HttpState state = new HttpState();
  +        Credentials expected = new UsernamePasswordCredentials("name", "pass");
  +        state.setCredentials("realm", "host", expected);
  +        Credentials got = state.getCredentials("realm", "host");
  +        assertEquals(expected, got);
  +    }
  +    
  +    public void testWrongHostCredentials() throws Exception {
  +        HttpState state = new HttpState();
  +        Credentials expected = new UsernamePasswordCredentials("name", "pass");
  +        state.setCredentials(null, "host1", expected);
  +        Credentials got = state.getCredentials("realm", "host2");
  +        assertNotSame(expected, got);
  +    }
  +    
  +    public void testWrongRealmCredentials() throws Exception {
  +        HttpState state = new HttpState();
  +        Credentials cred = new UsernamePasswordCredentials("name", "pass");
  +        state.setCredentials("realm1", "host", cred);
  +        Credentials got = state.getCredentials("realm2", "host");
  +        assertNotSame(cred, got);
  +    }
  +    
  +    public void testRealmSpoof() throws Exception {
  +        HttpState state = new HttpState();
  +        Credentials cred = new UsernamePasswordCredentials("name", "pass");
  +        state.setCredentials(null, "admin.apache.org", cred);
  +        Credentials got = state.getCredentials("admin.apache.org", "myhost");
  +        assertNotSame(cred, got);
  +    }
  +    
  +    public void testRealmSpoof2() throws Exception {
  +        HttpState state = new HttpState();
  +        Credentials cred = new UsernamePasswordCredentials("name", "pass");
  +        state.setCredentials(null, "whatever", cred);
  +        Credentials got = state.getCredentials("nullwhatever", null);
  +        assertNotSame(cred, got);
  +    }
   }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message