commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject cvs commit: jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth AuthPolicy.java
Date Wed, 28 Jan 2004 21:39:16 GMT
olegk       2004/01/28 13:39:16

  Modified:    httpclient/src/java/org/apache/commons/httpclient
                        HttpMethodDirector.java
               httpclient/src/java/org/apache/commons/httpclient/auth
                        AuthPolicy.java
  Added:       httpclient/src/examples AlternateAuthenticationExample.java
  Log:
  PR #15297 (Authenticator() - ability to perform alternate authentication)
  
  Contributed by Oleg Kalnichevski
  Reviewed by Ortwin Gluek & Michael Becke
  
  Revision  Changes    Path
  1.1                  jakarta-commons/httpclient/src/examples/AlternateAuthenticationExample.java
  
  Index: AlternateAuthenticationExample.java
  ===================================================================
  /*
   * $Header: /home/cvs/jakarta-commons/httpclient/src/examples/AlternateAuthenticationExample.java,v
1.1 2004/01/28 21:39:15 olegk Exp $
   * $Revision: 1.1 $
   * $Date: 2004/01/28 21:39:15 $
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999-2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "HttpClient", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */
  
  import java.util.ArrayList;
  import java.util.List;
  
  import org.apache.commons.httpclient.HttpClient;
  import org.apache.commons.httpclient.UsernamePasswordCredentials;
  import org.apache.commons.httpclient.auth.AuthPolicy;
  import org.apache.commons.httpclient.methods.GetMethod;
  
  /**
   * <p>A simple example that uses alternate authentication scheme selection
   * if several authentication challenges are returned.
   * </p>
   * 
   * <p>Per default HttpClient picks the authentication challenge in the following
   *  order of preference: NTLM, Digest, Basic. In certain cases it may be desirable to
   *  force the use of a weaker authentication scheme. 
   * </p>
   *
   * @author Oleg Kalnichevski
   */
  public class AlternateAuthenticationExample {
  
      /**
       * Constructor for BasicAuthenticatonExample.
       */
      public AlternateAuthenticationExample() {
          super();
      }
  
      public static void main(String[] args) throws Exception {
          HttpClient client = new HttpClient();
          client.getState().setCredentials("myrealm", "myhost",
              new UsernamePasswordCredentials("username", "password"));
          // Suppose the site supports several authetication schemes: NTLM and Basic
          // Basic authetication is considered inherently insecure. Hence, NTLM authentication
          // is used per default
  
          // This is to make HttpClient pick the Basic authentication scheme over NTLM &
Digest
          List authPrefs = new ArrayList(3);
          authPrefs.add(AuthPolicy.BASIC);
          authPrefs.add(AuthPolicy.NTLM);
          authPrefs.add(AuthPolicy.DIGEST);
          client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs);
  
          GetMethod httpget = new GetMethod("http://myhost/protected/auth-required.html");
  
          try {
              int status = client.executeMethod(httpget);
              // print the status and response
              System.out.println(httpget.getStatusLine());
              System.out.println(httpget.getResponseBodyAsString());
          } finally {
              // release any connection resources used by the method
              httpget.releaseConnection();
          }            
      }
  }
  
  
  
  1.15      +13 -15    jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodDirector.java
  
  Index: HttpMethodDirector.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodDirector.java,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- HttpMethodDirector.java	14 Jan 2004 18:59:27 -0000	1.14
  +++ HttpMethodDirector.java	28 Jan 2004 21:39:16 -0000	1.15
  @@ -64,9 +64,8 @@
   package org.apache.commons.httpclient;
   
   import java.io.IOException;
  -import java.util.ArrayList;
  +import java.util.Collection;
   import java.util.Iterator;
  -import java.util.List;
   import java.util.Map;
   
   import org.apache.commons.httpclient.auth.AuthChallengeParser;
  @@ -137,14 +136,6 @@
       /** Whether preemtive proxy authentication is attempted */
       private boolean proxyAuthPreemptive  = false; 
         
  -    //TODO: to be parameterized
  -    private static final List AUTH_PREFERENCES = new ArrayList(3);
  -    static {
  -        AUTH_PREFERENCES.add(AuthPolicy.NTLM);
  -        AUTH_PREFERENCES.add(AuthPolicy.DIGEST);
  -        AUTH_PREFERENCES.add(AuthPolicy.BASIC);
  -    }
  -    
       public HttpMethodDirector(
           final HttpConnectionManager connectionManager,
           final HostConfiguration hostConfiguration,
  @@ -766,13 +757,20 @@
       
       private AuthScheme processChallenge(final Map challenges)
           throws MalformedChallengeException, AuthenticationException {    
  +
  +        Collection authPrefs = (Collection) this.params.getParameter(
  +                                                                AuthPolicy.AUTH_SCHEME_PRIORITY);
  +        if (authPrefs == null || authPrefs.isEmpty()) {
  +            authPrefs = AuthPolicy.getDefaultAuthPrefs();    
  +        }
  +                                                                   
           AuthScheme authscheme = null;
           String challenge = null;
           if (LOG.isDebugEnabled()) {
               LOG.debug("Supported authentication schemes in the order of preference: " 
  -                + AUTH_PREFERENCES);
  +                + authPrefs);
           }
  -        Iterator item = AUTH_PREFERENCES.iterator();
  +        Iterator item = authPrefs.iterator();
           while (item.hasNext()) {
               String id = (String) item.next();
               challenge = (String) challenges.get(id.toLowerCase()); 
  
  
  
  1.2       +49 -12    jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthPolicy.java
  
  Index: AuthPolicy.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthPolicy.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- AuthPolicy.java	10 Dec 2003 21:37:42 -0000	1.1
  +++ AuthPolicy.java	28 Jan 2004 21:39:16 -0000	1.2
  @@ -63,9 +63,9 @@
   
   package org.apache.commons.httpclient.auth;
   
  -import java.util.Collections;
  +import java.util.ArrayList;
   import java.util.HashMap;
  -import java.util.Map;
  +import java.util.List;
   
   import org.apache.commons.logging.Log;
   import org.apache.commons.logging.LogFactory;
  @@ -90,9 +90,28 @@
    */
   public abstract class AuthPolicy {
   
  -    private static Map SCHEMES = Collections.synchronizedMap(new HashMap());
  +    private static final HashMap   SCHEMES     = new HashMap();
  +    private static final ArrayList SCHEME_LIST = new ArrayList();
       
       /**
  +     * The key used to look up the list of IDs of supported {@link AuthScheme 
  +     * authentication schemes} in their order of preference. The scheme IDs are 
  +     * stored in a {@link Collection} as {@link java.lang.String}s. 
  +     * 
  +     * <p>
  +     * If several schemes are returned in the <tt>WWW-Authenticate</tt> 
  +     * or <tt>Proxy-Authenticate</tt> header, this parameter defines which
  +     * {@link AuthScheme authentication schemes} takes precedence over others.
  +     * The first item in the collection represents the most preferred 
  +     * {@link AuthScheme authentication scheme}, the last item represents the ID 
  +     * of the least preferred one.
  +     * </p>
  +     * 
  +     * @see org.apache.commons.httpclient.params.DefaultHttpParams
  +     */
  +    public static final String AUTH_SCHEME_PRIORITY = "http.auth.scheme-priority";
  +
  +    /**
        * The NTLM scheme is a proprietary Microsoft Windows Authentication 
        * protocol (considered to be the most secure among currently supported 
        * authentication schemes).
  @@ -111,9 +130,9 @@
       public static final String BASIC = "Basic";
       
       static {
  -        AuthPolicy.registerAuthScheme(BASIC, BasicScheme.class);
  +        AuthPolicy.registerAuthScheme(NTLM,   NTLMScheme.class);
           AuthPolicy.registerAuthScheme(DIGEST, DigestScheme.class);
  -        AuthPolicy.registerAuthScheme(NTLM, NTLMScheme.class);
  +        AuthPolicy.registerAuthScheme(BASIC,  BasicScheme.class);
       }
       
       /** Log object. */
  @@ -125,12 +144,18 @@
        * This ID is the same one used to retrieve the {@link AuthScheme authentication scheme}

        * from {@link #getAuthScheme(String)}.
        * 
  +     * <p>
  +     * Please note that custom authentication preferences, if used, need to be updated
accordingly 
  +     * for the new {@link AuthScheme authentication scheme} to take effect.
  +     * </p>    
  +     * 
        * @param id the identifier for this scheme
        * @param clazz the class to register
        * 
        * @see #getAuthScheme(String)
  +     * @see #AUTH_SCHEME_PRIORITY
        */
  -    public static void registerAuthScheme(final String id, Class clazz) {
  +    public static synchronized void registerAuthScheme(final String id, Class clazz) {
            if (id == null) {
                throw new IllegalArgumentException("Id may not be null");
            }
  @@ -138,6 +163,7 @@
               throw new IllegalArgumentException("Authentication scheme class may not be
null");
           }
           SCHEMES.put(id.toLowerCase(), clazz);
  +        SCHEME_LIST.add(id.toLowerCase());
       }
   
       /**
  @@ -146,11 +172,12 @@
        * 
        * @param id the ID of the class to unregister
        */
  -    public static void unregisterAuthScheme(final String id) {
  +    public static synchronized void unregisterAuthScheme(final String id) {
            if (id == null) {
                throw new IllegalArgumentException("Id may not be null");
            }
           SCHEMES.remove(id.toLowerCase());
  +        SCHEME_LIST.remove(id.toLowerCase());
       }
   
       /**
  @@ -162,7 +189,7 @@
        * 
        * @throws IllegalStateException if a scheme with the ID cannot be found
        */
  -    public static AuthScheme getAuthScheme(final String id) 
  +    public static synchronized AuthScheme getAuthScheme(final String id) 
           throws IllegalStateException {
   
           if (id == null) {
  @@ -181,5 +208,15 @@
           } else {
               throw new IllegalStateException("Unsupported authentication scheme " + id);
           }
  +    } 
  +
  +    /**
  +     * Returns a list containing all registered {@link AuthScheme authentication 
  +     * schemes} in their default order.
  +     * 
  +     * @return {@link AuthScheme authentication scheme}
  +     */
  +    public static synchronized List getDefaultAuthPrefs() {
  +        return (List)SCHEME_LIST.clone(); 
       } 
   }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message