1 /*
2 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /**
25 * @test
26 * @bug 4678055
27 * @library ../../../sun/net/www/httptest/
28 * @build HttpCallback HttpServer ClosedChannelList HttpTransaction
29 * @run main B4678055
30 * @summary Basic Authentication fails with multiple realms
31 */
32
33 import java.io.*;
34 import java.net.*;
35
36 public class B4678055 implements HttpCallback {
37
38 static int count = 0;
39 static String authstring;
40
41 void errorReply (HttpTransaction req, String reply) throws IOException {
42 req.addResponseHeader ("Connection", "close");
43 req.addResponseHeader ("WWW-Authenticate", reply);
44 req.sendResponse (401, "Unauthorized");
45 req.orderlyClose();
46 }
47
48 void okReply (HttpTransaction req) throws IOException {
49 req.setResponseEntityBody ("Hello .");
50 req.sendResponse (200, "Ok");
51 req.orderlyClose();
52 }
53
54 public void request (HttpTransaction req) {
55 try {
56 authstring = req.getRequestHeader ("Authorization");
57 System.out.println (authstring);
58 switch (count) {
59 case 0:
60 errorReply (req, "Basic realm=\"wallyworld\"");
61 break;
62 case 1:
63 /* client stores a username/pw for wallyworld
64 */
65 okReply (req);
66 break;
67 case 2:
68 /* emulates a server that has configured a second
69 * realm, but by misconfiguration uses the same
70 * realm string as the previous one.
71 *
72 * An alternative (more likely) scenario that shows this behavior is
73 * the case where the password in the original realm has changed
74 */
75 errorReply (req, "Basic realm=\"wallyworld\"");
76 break;
77 case 3:
78 /* The client replies with the username/password
79 * from the first realm, which is wrong (unexpectedly)
80 */
81 errorReply (req, "Basic realm=\"wallyworld\"");
82 break;
83 case 4:
84 /* The client re-prompts for a password and
85 * we now reply with an OK. The client with the bug
86 * will throw NPE at this point.
87 */
88 case 5:
89 /* Repeat the OK, to make sure the same new auth string is sent */
90 okReply (req);
91 break;
92 }
93 count ++;
94 } catch (IOException e) {
95 e.printStackTrace();
96 }
97 }
98
99 static void read (InputStream is) throws IOException {
100 int c;
101 System.out.println ("reading");
102 while ((c=is.read()) != -1) {
103 System.out.write (c);
104 }
105 System.out.println ("");
106 System.out.println ("finished reading");
107 }
108
109 static boolean checkFinalAuth () {
110 return authstring.equals ("Basic dXNlcjpwYXNzMg==");
111 }
112
113 static void client (String u) throws Exception {
114 URL url = new URL (u);
115 System.out.println ("client opening connection to: " + u);
116 URLConnection urlc = url.openConnection ();
117 InputStream is = urlc.getInputStream ();
118 read (is);
119 is.close();
120 }
121
122 static HttpServer server;
123
124 public static void main (String[] args) throws Exception {
125 MyAuthenticator auth = new MyAuthenticator ();
126 Authenticator.setDefault (auth);
127 try {
128 server = new HttpServer (new B4678055(), 1, 10, 0);
129 System.out.println ("Server: listening on port: " + server.getLocalPort());
130 client ("http://localhost:"+server.getLocalPort()+"/d1/foo.html");
131 client ("http://localhost:"+server.getLocalPort()+"/d2/foo.html");
132 client ("http://localhost:"+server.getLocalPort()+"/d2/foo.html");
133 } catch (Exception e) {
134 if (server != null) {
135 server.terminate();
136 }
137 throw e;
138 }
139 int f = auth.getCount();
140 if (f != 2) {
141 except ("Authenticator was called "+f+" times. Should be 2");
142 }
143 /* this checks the authorization string corresponding to second password "pass2"*/
144 if (!checkFinalAuth()) {
145 except ("Wrong authorization string received from client");
146 }
147 server.terminate();
148 }
149
150 public static void except (String s) {
151 server.terminate();
152 throw new RuntimeException (s);
153 }
154
155 static class MyAuthenticator extends Authenticator {
156 MyAuthenticator () {
157 super ();
158 }
159
160 int count = 0;
161
162 public PasswordAuthentication getPasswordAuthentication () {
163 PasswordAuthentication pw;
164 if (count == 0) {
165 pw = new PasswordAuthentication ("user", "pass1".toCharArray());
166 } else {
167 pw = new PasswordAuthentication ("user", "pass2".toCharArray());
168 }
169 count ++;
170 return pw;
171 }
172
173 public int getCount () {
174 return (count);
175 }
176 }
177 }