hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HTTPCLIENT-1458) SystemDefaultCredentialsProvider authenticates with wrong protocol for https requests
Date Thu, 13 Feb 2014 14:30:19 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleg Kalnichevski resolved HTTPCLIENT-1458.
-------------------------------------------

       Resolution: Fixed
    Fix Version/s: 4.4 Alpha1

I fixed the problem in 4.4 by making AuthScope retain a reference to the HttpHost of origin
(which contains protocol scheme used to connect to the host). I do not quite like it but that
was the only way to fix the problem properly. As far as 4.3 goes the best I can do is to use
'https' for port 443 and 'http' otherwise.

Oleg

> SystemDefaultCredentialsProvider authenticates with wrong protocol for https requests
> -------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1458
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1458
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth, HttpClient
>    Affects Versions: 4.3.2
>         Environment: Client: Oracle Java 6/7. 
>            Reporter: Mat Gessel
>             Fix For: 4.4 Alpha1
>
>
> Java has system property settings for specifying proxies. Java has different properties
for "http" and "https". The purpose of HttpClient's SystemDefaultCredentialsProvider is to
delegate authentication to a java.net.Authenticator. Authenticator implementations commonly
use the proxy system properties. However, SDCP loses the differentiation between "http" and
"https"; it always requests auth for "http". 
> SystemDefaultCredentialsProvider always passes "http" as the protocol to Authenticator.requestPasswordAuthentication().
This can result in an HTTP status 407 or other 3rd party errors due to a protocol mismatch.
> Here is an example of a default Authenticator that will fail because it relies on the
https.proxyXXX properties. 
> Authenticator.setDefault(new Authenticator()
> {
>   @Override
>   protected PasswordAuthentication getPasswordAuthentication()
>   {
>     if (getRequestorType() == RequestorType.PROXY)
>     {
>       if ("https".equals(getRequestingProtocol().toLowerCase()))
>       {
>         String host = System.getProperty("https.proxyHost", "");
>         String port = System.getProperty("https.proxyPort", "443");
>         String user = System.getProperty("https.proxyUser", "");
>         String password = System.getProperty("https.proxyPassword", "");
>         if (getRequestingHost().equalsIgnoreCase(host))
>         {
>           if (port != null && port.equals(Integer.toString(getRequestingPort())))
>           {
>             return new PasswordAuthentication(user, password.toCharArray());
>           }
>         }
>       }
>     }
>     return null;
>   }
> });
> JRE 7 Networking Properties: 
> http://docs.oracle.com/javase/7/docs/api/java/net/doc-files/net-properties.html
> Workaround: 
>   IF: a single proxy is used and it supports http and https on the same port
>   THEN: set http.proxyXXX and https.proxyXXX system properties to the same host/port.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message