hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject svn commit: r1500407 - in /httpcomponents/httpclient/trunk/httpclient/src: main/java/org/apache/http/impl/auth/NTLMScheme.java test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
Date Sun, 07 Jul 2013 11:29:06 GMT
Author: olegk
Date: Sun Jul  7 11:29:06 2013
New Revision: 1500407

URL: http://svn.apache.org/r1500407
Log:
Follow up to HTTPCLIENT-1383: fixes another infinite loop in case of an out of sequence NTLM
response
Contributed by Ricardo Pereira <thc202 at gmail.com>

Modified:
    httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
    httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java?rev=1500407&r1=1500406&r2=1500407&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
Sun Jul  7 11:29:06 2013
@@ -107,7 +107,9 @@ public class NTLMScheme extends AuthSche
                 this.state = State.FAILED;
             }
         } else {
-            if (this.state == State.MSG_TYPE1_GENERATED) {
+            if (this.state.compareTo(State.MSG_TYPE1_GENERATED) < 0) {
+                this.state = State.FAILED;
+            } else if (this.state == State.MSG_TYPE1_GENERATED) {
                 this.state = State.MSG_TYPE2_RECEVIED;
             }
         }

Modified: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java?rev=1500407&r1=1500406&r2=1500407&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
Sun Jul  7 11:29:06 2013
@@ -176,4 +176,45 @@ public class TestClientAuthenticationFak
                 response.getStatusLine().getStatusCode());
     }
 
+    static class NtlmType2MessageOnlyResponseHandler implements HttpRequestHandler {
+
+        public void handle(
+                final HttpRequest request,
+                final HttpResponse response,
+                final HttpContext context) throws HttpException, IOException {
+            response.setStatusLine(new BasicStatusLine(
+                    HttpVersion.HTTP_1_1,
+                    HttpStatus.SC_UNAUTHORIZED,
+                    "Authentication Required"));
+            response.setHeader("Connection", "Keep-Alive");
+            response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM TlRMTVNTUAACAA" +
+                    "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
+                    "AGUAcgB2AGUAcgA=");
+        }
+    }
+
+    @Test
+    public void testNTLMType2MessageOnlyAuthenticationFailure() throws Exception {
+        this.localServer.register("*", new NtlmType2MessageOnlyResponseHandler());
+        this.localServer.start();
+
+        final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
+        credsProvider.setCredentials(AuthScope.ANY,
+                new NTCredentials("test", "test", null, null));
+
+        this.httpclient = HttpClients.custom()
+                .setDefaultCredentialsProvider(credsProvider)
+                .build();
+
+        final HttpContext context = HttpClientContext.create();
+
+        final HttpHost targethost = getServerHttp();
+        final HttpGet httpget = new HttpGet("/");
+
+        final HttpResponse response = this.httpclient.execute(targethost, httpget, context);
+        EntityUtils.consume(response.getEntity());
+        Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
+                response.getStatusLine().getStatusCode());
+    }
+
 }



Mime
View raw message