hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 22655] New: - Authentication does not respond to stale nonce
Date Fri, 22 Aug 2003 13:23:21 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22655>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22655

Authentication does not respond to stale nonce

           Summary: Authentication does not respond to stale nonce
           Product: Commons
           Version: 2.0 Milestone 2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: HttpClient
        AssignedTo: commons-httpclient-dev@jakarta.apache.org
        ReportedBy: scohen@eavantia.com


When using digest authentication, HTTP allows the server to mark the nonce value
as stale. The client then must re-authenticate with a new nonce value provided
by the server. Currently, HttpClient does not support this functionality. I've
created a patch that allows HttpClient to support stale nonce values. It is
attached below. The patch should be applied to HttpMethodBase.java


***
/home/scohen/downloads/httpclient-src/commons-httpclient-2.0-rc1/src/java/org/apache/commons/httpclient/HttpMethodBase.java
2003-07-31 22:15:26.000000000 -0400
--- org/apache/commons/httpclient/HttpMethodBase.java   2003-08-20
17:22:52.000000000 -0400
***************
*** 1351,1384 ****
       *
       * @throws IOException when errors occur reading or writing to/from the
       *         connection
       * @throws HttpException when a recoverable error occurs
       */
!     protected void addAuthorizationRequestHeader(HttpState state,
!                                                  HttpConnection conn)
!     throws IOException, HttpException {
!         LOG.trace("enter HttpMethodBase.addAuthorizationRequestHeader("
!                   + "HttpState, HttpConnection)");
   
          // add authorization header, if needed
!         if (getRequestHeader(HttpAuthenticator.WWW_AUTH_RESP) == null) {
!             Header[] challenges = getResponseHeaderGroup().getHeaders(
!                                                HttpAuthenticator.WWW_AUTH);
!             if (challenges.length > 0) {
!                 try {
!                     AuthScheme authscheme =
HttpAuthenticator.selectAuthScheme(challenges);
                      HttpAuthenticator.authenticate(authscheme, this, conn, state);
!                 } catch (HttpException e) {
!                     // log and move on
!                     if (LOG.isErrorEnabled()) {
!                         LOG.error(e.getMessage(), e);
!                     }
                  }
              }
          }
      }
                                                                                
      /**
       * Adds a <tt>Content-Length</tt> or <tt>Transfer-Encoding: Chunked</tt>
       * request header, as long as no <tt>Content-Length</tt> request header
       * already exists.
       *
--- 1351,1391 ----
       *
       * @throws IOException when errors occur reading or writing to/from the
       *         connection
       * @throws HttpException when a recoverable error occurs
       */
!     protected void addAuthorizationRequestHeader(HttpState state,
HttpConnection conn)
!         throws IOException, HttpException {
!         LOG.trace("enter HttpMethodBase.addAuthorizationRequestHeader(" +
"HttpState, HttpConnection)");
                                                                                
          // add authorization header, if needed
!
!         Header[] challenges =
getResponseHeaderGroup().getHeaders(HttpAuthenticator.WWW_AUTH);
!         if (challenges.length > 0) {
!
!             try {
!                 AuthScheme authscheme =
HttpAuthenticator.selectAuthScheme(challenges);
!                 if (getRequestHeader(HttpAuthenticator.WWW_AUTH_RESP) == null
!                     || isNonceStale(authscheme) ) {
                      HttpAuthenticator.authenticate(authscheme, this, conn, state);
!                 }
!             } catch (HttpException e) {
!                 // log and move on
!                 if (LOG.isErrorEnabled()) {
!                     LOG.error(e.getMessage(), e);
                  }
              }
          }
      }
                                                                                
+
+     private boolean isNonceStale(AuthScheme authscheme) {
+         return authscheme.getSchemeName().equalsIgnoreCase("digest")
+             && "true".equalsIgnoreCase(authscheme.getParameter("stale"));
+     }
+
+
      /**
       * Adds a <tt>Content-Length</tt> or <tt>Transfer-Encoding: Chunked</tt>
       * request header, as long as no <tt>Content-Length</tt> request header
       * already exists.
       *
***************
*** 2419,2430 ****
                  buffer.append(port);
              }
              buffer.append('#');
              buffer.append(authscheme.getID());
              String realm = buffer.toString();
!
              if (realmsUsed.contains(realm)) {
                  if (LOG.isInfoEnabled()) {
                      LOG.info("Already tried to authenticate to \""
                               + realm + "\" but still receiving "
                               + statusCode + ".");
                  }
--- 2426,2442 ----
                  buffer.append(port);
              }
              buffer.append('#');
              buffer.append(authscheme.getID());
              String realm = buffer.toString();
!
!                       // check to see if the server has made our nonce stale.
!                       // if it has, re-auth
              if (realmsUsed.contains(realm)) {
+               if ( isNonceStale(authscheme)) {
+                       return false;
+               }
                  if (LOG.isInfoEnabled()) {
                      LOG.info("Already tried to authenticate to \""
                               + realm + "\" but still receiving "
                               + statusCode + ".");
                  }

Mime
View raw message