< prev index next >
src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
Print this page
rev 1564 : 7090158: Networking Libraries don't build with javac -Werror
7125055: ContentHandler.getContent API changed in error
Summary: Minor changes to networking java files to remove warnings
Reviewed-by: chegar, weijun, hawtin, alanb
Contributed-by: kurchi.subhra.hazra@oracle.com, sasha_bu@hotmail.com
rev 1571 : 8010297: Missing isLoggable() checks in logging code
Summary: Add isLoggable() checks
Reviewed-by: anthony, mchung, serb
Contributed-by: Laurent Bourges <bourges.laurent@gmail.com>
rev 1572 : 8160838: Better HTTP service
Reviewed-by: ahgross, alanb, michaelm
*** 24,73 ****
*/
package sun.net.www.protocol.http;
import java.lang.reflect.Constructor;
! import java.net.URL;
! import java.net.URLConnection;
! import java.net.ProtocolException;
import java.net.HttpRetryException;
import java.net.PasswordAuthentication;
import java.net.Authenticator;
import java.net.InetAddress;
! import java.net.UnknownHostException;
! import java.net.SocketTimeoutException;
import java.net.Proxy;
import java.net.ProxySelector;
- import java.net.URI;
- import java.net.InetSocketAddress;
- import java.net.CookieHandler;
import java.net.ResponseCache;
- import java.net.CacheResponse;
import java.net.SecureCacheResponse;
! import java.net.CacheRequest;
import java.net.Authenticator.RequestorType;
! import java.io.*;
import java.util.Date;
import java.util.Map;
import java.util.List;
import java.util.Locale;
import java.util.StringTokenizer;
import java.util.Iterator;
import java.util.HashSet;
import java.util.HashMap;
import java.util.Set;
import sun.net.*;
import sun.net.www.*;
import sun.net.www.http.HttpClient;
import sun.net.www.http.PosterOutputStream;
import sun.net.www.http.ChunkedInputStream;
import sun.net.www.http.ChunkedOutputStream;
import sun.net.www.http.HttpCapture;
- import java.text.SimpleDateFormat;
- import java.util.TimeZone;
- import java.net.MalformedURLException;
- import java.nio.ByteBuffer;
import static sun.net.www.protocol.http.AuthScheme.BASIC;
import static sun.net.www.protocol.http.AuthScheme.DIGEST;
import static sun.net.www.protocol.http.AuthScheme.NTLM;
import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
--- 24,83 ----
*/
package sun.net.www.protocol.http;
import java.lang.reflect.Constructor;
! import java.io.FileNotFoundException;
! import java.io.FilterInputStream;
! import java.io.FilterOutputStream;
! import java.io.InputStream;
! import java.io.IOException;
! import java.io.OutputStream;
! import java.io.PrintStream;
! import java.net.CacheResponse;
! import java.net.CacheRequest;
! import java.net.CookieHandler;
import java.net.HttpRetryException;
import java.net.PasswordAuthentication;
import java.net.Authenticator;
import java.net.InetAddress;
! import java.net.InetSocketAddress;
! import java.net.MalformedURLException;
! import java.net.ProtocolException;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.ResponseCache;
import java.net.SecureCacheResponse;
! import java.net.SocketTimeoutException;
! import java.net.UnknownHostException;
! import java.net.URI;
! import java.net.URL;
! import java.net.URLConnection;
import java.net.Authenticator.RequestorType;
! import java.nio.ByteBuffer;
! import java.security.AccessController;
! import java.security.PrivilegedAction;
! import java.text.SimpleDateFormat;
! import java.util.Arrays;
! import java.util.Collections;
import java.util.Date;
import java.util.Map;
import java.util.List;
import java.util.Locale;
import java.util.StringTokenizer;
import java.util.Iterator;
import java.util.HashSet;
import java.util.HashMap;
import java.util.Set;
+ import java.util.TimeZone;
import sun.net.*;
import sun.net.www.*;
import sun.net.www.http.HttpClient;
import sun.net.www.http.PosterOutputStream;
import sun.net.www.http.ChunkedInputStream;
import sun.net.www.http.ChunkedOutputStream;
import sun.net.www.http.HttpCapture;
import static sun.net.www.protocol.http.AuthScheme.BASIC;
import static sun.net.www.protocol.http.AuthScheme.DIGEST;
import static sun.net.www.protocol.http.AuthScheme.NTLM;
import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
*** 91,100 ****
--- 101,118 ----
* By default, we don't require them to be sent
*/
static final boolean validateProxy;
static final boolean validateServer;
+ /** A, possibly empty, set of authentication schemes that are disabled
+ * when proxying plain HTTP ( not HTTPS ). */
+ static final Set<String> disabledProxyingSchemes;
+
+ /** A, possibly empty, set of authentication schemes that are disabled
+ * when setting up a tunnel for HTTPS ( HTTP CONNECT ). */
+ static final Set<String> disabledTunnelingSchemes;
+
private StreamingOutputStream strOutputStream;
private final static String RETRY_MSG1 =
"cannot retry due to proxy authentication, in streaming mode";
private final static String RETRY_MSG2 =
"cannot retry due to server authentication, in streaming mode";
*** 190,199 ****
--- 208,237 ----
"Upgrade",
//"User-Agent",
"Via"
};
+ private static String getNetProperty(final String name) {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return NetProperties.get(name);
+ }
+ });
+ }
+
+ private static Set<String> schemesListToSet(String list) {
+ if (list == null || list.isEmpty())
+ return Collections.<String>emptySet();
+
+ Set<String> s = new HashSet<String>();
+ String[] parts = list.split("\\s*,\\s*");
+ for (String part : parts)
+ s.add(part.toLowerCase(Locale.ROOT));
+ return s;
+ }
+
static {
maxRedirects = java.security.AccessController.doPrivileged(
new sun.security.action.GetIntegerAction(
"http.maxRedirects", defaultmaxRedirects)).intValue();
version = java.security.AccessController.doPrivileged(
*** 204,213 ****
--- 242,259 ----
agent = "Java/"+version;
} else {
agent = agent + " Java/"+version;
}
userAgent = agent;
+
+ // A set of net properties to control the use of authentication schemes
+ // when proxing/tunneling.
+ String p = getNetProperty("jdk.http.auth.tunneling.disabledSchemes");
+ disabledTunnelingSchemes = schemesListToSet(p);
+ p = getNetProperty("jdk.http.auth.proxying.disabledSchemes");
+ disabledProxyingSchemes = schemesListToSet(p);
+
validateProxy = java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction(
"http.auth.digest.validateProxy")).booleanValue();
validateServer = java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction(
*** 228,240 ****
"sun.net.http.errorstream.bufferSize", 4096)).intValue();
if (bufSize4ES <= 0) {
bufSize4ES = 4096; // use the default
}
! allowRestrictedHeaders = ((Boolean)java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction(
! "sun.net.http.allowRestrictedHeaders"))).booleanValue();
if (!allowRestrictedHeaders) {
restrictedHeaderSet = new HashSet<String>(restrictedHeaders.length);
for (int i=0; i < restrictedHeaders.length; i++) {
restrictedHeaderSet.add(restrictedHeaders[i].toLowerCase());
}
--- 274,286 ----
"sun.net.http.errorstream.bufferSize", 4096)).intValue();
if (bufSize4ES <= 0) {
bufSize4ES = 4096; // use the default
}
! allowRestrictedHeaders = java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction(
! "sun.net.http.allowRestrictedHeaders")).booleanValue();
if (!allowRestrictedHeaders) {
restrictedHeaderSet = new HashSet<String>(restrictedHeaders.length);
for (int i=0; i < restrictedHeaders.length; i++) {
restrictedHeaderSet.add(restrictedHeaders[i].toLowerCase());
}
*** 288,297 ****
--- 334,344 ----
/* We only have a single static authenticator for now.
* REMIND: backwards compatibility with JDK 1.1. Should be
* eliminated for JDK 2.0.
*/
+ @Deprecated
private static HttpAuthenticator defaultAuth;
/* all the headers we send
* NOTE: do *NOT* dump out the content of 'requests' in the
* output or stacktrace since it may contain security-sensitive
*** 711,720 ****
--- 758,768 ----
}
/**
* @deprecated. Use java.net.Authenticator.setDefault() instead.
*/
+ @Deprecated
public static void setDefaultAuthenticator(HttpAuthenticator a) {
defaultAuth = a;
}
/**
*** 1268,1280 ****
// isSupported can be tested.
// The other 2 appearances of "new AuthenticationHeader" is
// altered in similar ways.
AuthenticationHeader authhdr = new AuthenticationHeader (
! "Proxy-Authenticate", responses,
! new HttpCallerInfo(url, http.getProxyHostUsed(),
! http.getProxyPortUsed())
);
if (!doingNTLMp2ndStage) {
proxyAuthentication =
resetProxyAuthentication(proxyAuthentication, authhdr);
--- 1316,1331 ----
// isSupported can be tested.
// The other 2 appearances of "new AuthenticationHeader" is
// altered in similar ways.
AuthenticationHeader authhdr = new AuthenticationHeader (
! "Proxy-Authenticate",
! responses,
! new HttpCallerInfo(url,
! http.getProxyHostUsed(),
! http.getProxyPortUsed()),
! disabledProxyingSchemes
);
if (!doingNTLMp2ndStage) {
proxyAuthentication =
resetProxyAuthentication(proxyAuthentication, authhdr);
*** 1467,1479 ****
try {
// use reflection to get to the public
// HttpsURLConnection instance saved in
// DelegateHttpsURLConnection
uconn = (URLConnection)this.getClass().getField("httpsURLConnection").get(this);
! } catch (IllegalAccessException iae) {
// ignored; use 'this'
! } catch (NoSuchFieldException nsfe) {
// ignored; use 'this'
}
}
CacheRequest cacheRequest =
cacheHandler.put(uri, uconn);
--- 1518,1530 ----
try {
// use reflection to get to the public
// HttpsURLConnection instance saved in
// DelegateHttpsURLConnection
uconn = (URLConnection)this.getClass().getField("httpsURLConnection").get(this);
! } catch (IllegalAccessException e) {
// ignored; use 'this'
! } catch (NoSuchFieldException e) {
// ignored; use 'this'
}
}
CacheRequest cacheRequest =
cacheHandler.put(uri, uconn);
*** 1633,1645 ****
StringTokenizer st = new StringTokenizer(statusLine);
st.nextToken();
respCode = Integer.parseInt(st.nextToken().trim());
if (respCode == HTTP_PROXY_AUTH) {
AuthenticationHeader authhdr = new AuthenticationHeader (
! "Proxy-Authenticate", responses,
! new HttpCallerInfo(url, http.getProxyHostUsed(),
! http.getProxyPortUsed())
);
if (!doingNTLMp2ndStage) {
proxyAuthentication =
resetProxyAuthentication(proxyAuthentication, authhdr);
if (proxyAuthentication != null) {
--- 1684,1699 ----
StringTokenizer st = new StringTokenizer(statusLine);
st.nextToken();
respCode = Integer.parseInt(st.nextToken().trim());
if (respCode == HTTP_PROXY_AUTH) {
AuthenticationHeader authhdr = new AuthenticationHeader (
! "Proxy-Authenticate",
! responses,
! new HttpCallerInfo(url,
! http.getProxyHostUsed(),
! http.getProxyPortUsed()),
! disabledTunnelingSchemes
);
if (!doingNTLMp2ndStage) {
proxyAuthentication =
resetProxyAuthentication(proxyAuthentication, authhdr);
if (proxyAuthentication != null) {
*** 1751,1760 ****
--- 1805,1815 ----
/**
* Gets the authentication for an HTTP proxy, and applies it to
* the connection.
*/
+ @SuppressWarnings("fallthrough")
private AuthenticationInfo getHttpProxyAuthentication (AuthenticationHeader authhdr) {
/* get authorization from authenticator */
AuthenticationInfo ret = null;
String raw = authhdr.raw();
String host = http.getProxyHostUsed();
*** 1820,1836 ****
ret = new DigestAuthentication(true, host, port, realm,
scheme, a, params);
}
break;
case NTLM:
! if (NTLMAuthenticationProxy.proxy.supported) {
/* tryTransparentNTLMProxy will always be true the first
* time around, but verify that the platform supports it
* otherwise don't try. */
if (tryTransparentNTLMProxy) {
tryTransparentNTLMProxy =
! NTLMAuthenticationProxy.proxy.supportsTransparentAuth;
/* If the platform supports transparent authentication
* then normally it's ok to do transparent auth to a proxy
* because we generally trust proxies (chosen by the user)
* But not in the case of 305 response where the server
* chose it. */
--- 1875,1891 ----
ret = new DigestAuthentication(true, host, port, realm,
scheme, a, params);
}
break;
case NTLM:
! if (NTLMAuthenticationProxy.supported) {
/* tryTransparentNTLMProxy will always be true the first
* time around, but verify that the platform supports it
* otherwise don't try. */
if (tryTransparentNTLMProxy) {
tryTransparentNTLMProxy =
! NTLMAuthenticationProxy.supportsTransparentAuth;
/* If the platform supports transparent authentication
* then normally it's ok to do transparent auth to a proxy
* because we generally trust proxies (chosen by the user)
* But not in the case of 305 response where the server
* chose it. */
*** 1866,1876 ****
--- 1921,1934 ----
break;
case KERBEROS:
ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos"));
break;
case UNKNOWN:
+ if (HttpCapture.isLoggable("FINEST")) {
HttpCapture.finest("Unknown/Unsupported authentication scheme: " + scheme);
+ }
+ /*fall through*/
default:
throw new AssertionError("should not reach here");
}
}
// For backwards compatibility, we also try defaultAuth
*** 1904,1913 ****
--- 1962,1972 ----
* Gets the authentication for an HTTP server, and applies it to
* the connection.
* @param authHdr the AuthenticationHeader which tells what auth scheme is
* prefered.
*/
+ @SuppressWarnings("fallthrough")
private AuthenticationInfo getServerAuthentication (AuthenticationHeader authhdr) {
/* get authorization from authenticator */
AuthenticationInfo ret = null;
String raw = authhdr.raw();
/* When we get an NTLM auth from cache, don't set any special headers */
*** 1973,1983 ****
digestparams = new DigestAuthentication.Parameters();
ret = new DigestAuthentication(false, url, realm, scheme, a, digestparams);
}
break;
case NTLM:
! if (NTLMAuthenticationProxy.proxy.supported) {
URL url1;
try {
url1 = new URL (url, "/"); /* truncate the path */
} catch (Exception e) {
url1 = url;
--- 2032,2042 ----
digestparams = new DigestAuthentication.Parameters();
ret = new DigestAuthentication(false, url, realm, scheme, a, digestparams);
}
break;
case NTLM:
! if (NTLMAuthenticationProxy.supported) {
URL url1;
try {
url1 = new URL (url, "/"); /* truncate the path */
} catch (Exception e) {
url1 = url;
*** 1986,1996 ****
/* tryTransparentNTLMServer will always be true the first
* time around, but verify that the platform supports it
* otherwise don't try. */
if (tryTransparentNTLMServer) {
tryTransparentNTLMServer =
! NTLMAuthenticationProxy.proxy.supportsTransparentAuth;
}
a = null;
if (tryTransparentNTLMServer) {
HttpCapture.finest("Trying Transparent NTLM authentication");
} else {
--- 2045,2055 ----
/* tryTransparentNTLMServer will always be true the first
* time around, but verify that the platform supports it
* otherwise don't try. */
if (tryTransparentNTLMServer) {
tryTransparentNTLMServer =
! NTLMAuthenticationProxy.supportsTransparentAuth;
}
a = null;
if (tryTransparentNTLMServer) {
HttpCapture.finest("Trying Transparent NTLM authentication");
} else {
*** 2013,2023 ****
--- 2072,2085 ----
/* set to false so that we do not try again */
tryTransparentNTLMServer = false;
}
break;
case UNKNOWN:
+ if (HttpCapture.isLoggable("FINEST")) {
HttpCapture.finest("Unknown/Unsupported authentication scheme: " + scheme);
+ }
+ /*fall through*/
default:
throw new AssertionError("should not reach here");
}
}
*** 2528,2545 ****
}
/*
* The cookies in the requests message headers may have
* been modified. Use the saved user cookies instead.
*/
! Map userCookiesMap = null;
if (userCookies != null || userCookies2 != null) {
! userCookiesMap = new HashMap();
if (userCookies != null) {
! userCookiesMap.put("Cookie", userCookies);
}
if (userCookies2 != null) {
! userCookiesMap.put("Cookie2", userCookies2);
}
}
return requests.filterAndAddHeaders(EXCLUDE_HEADERS2, userCookiesMap);
}
--- 2590,2607 ----
}
/*
* The cookies in the requests message headers may have
* been modified. Use the saved user cookies instead.
*/
! Map<String, List<String>> userCookiesMap = null;
if (userCookies != null || userCookies2 != null) {
! userCookiesMap = new HashMap<String, List<String>>();
if (userCookies != null) {
! userCookiesMap.put("Cookie", Arrays.asList(userCookies));
}
if (userCookies2 != null) {
! userCookiesMap.put("Cookie2", Arrays.asList(userCookies2));
}
}
return requests.filterAndAddHeaders(EXCLUDE_HEADERS2, userCookiesMap);
}
< prev index next >