Print this page
Split |
Close |
Expand all |
Collapse all |
--- old/src/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java
+++ new/src/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java
1 1 /*
2 2 * Copyright 1995-2003 Sun Microsystems, Inc. All Rights Reserved.
3 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 4 *
5 5 * This code is free software; you can redistribute it and/or modify it
6 6 * under the terms of the GNU General Public License version 2 only, as
7 7 * published by the Free Software Foundation. Sun designates this
8 8 * particular file as subject to the "Classpath" exception as provided
9 9 * by Sun in the LICENSE file that accompanied this code.
10 10 *
11 11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 14 * version 2 for more details (a copy is included in the LICENSE file that
15 15 * accompanied this code).
16 16 *
17 17 * You should have received a copy of the GNU General Public License version
18 18 * 2 along with this work; if not, write to the Free Software Foundation,
19 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 20 *
21 21 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
22 22 * CA 95054 USA or visit www.sun.com if you need additional information or
23 23 * have any questions.
24 24 */
25 25
26 26 package sun.net.www.protocol.http;
27 27
28 28 import java.io.IOException;
29 29 import java.io.ObjectInputStream;
30 30 import java.net.PasswordAuthentication;
31 31 import java.net.URL;
32 32 import java.util.HashMap;
33 33
34 34 import sun.net.www.HeaderParser;
35 35
36 36
37 37 /**
38 38 * AuthenticationInfo: Encapsulate the information needed to
39 39 * authenticate a user to a server.
40 40 *
41 41 * @author Jon Payne
42 42 * @author Herb Jellinek
43 43 * @author Bill Foote
44 44 */
45 45 // REMIND: It would be nice if this class understood about partial matching.
46 46 // If you're authorized for foo.com, chances are high you're also
47 47 // authorized for baz.foo.com.
48 48 // NB: When this gets implemented, be careful about the uncaching
49 49 // policy in HttpURLConnection. A failure on baz.foo.com shouldn't
50 50 // uncache foo.com!
51 51
52 52 public abstract class AuthenticationInfo extends AuthCacheValue implements Cloneable {
53 53
54 54 // Constants saying what kind of authroization this is. This determines
55 55 // the namespace in the hash table lookup.
56 56 public static final char SERVER_AUTHENTICATION = 's';
57 57 public static final char PROXY_AUTHENTICATION = 'p';
58 58
59 59 /**
60 60 * If true, then simultaneous authentication requests to the same realm/proxy
61 61 * are serialized, in order to avoid a user having to type the same username/passwords
62 62 * repeatedly, via the Authenticator. Default is false, which means that this
63 63 * behavior is switched off.
64 64 */
65 65 static boolean serializeAuth;
66 66
67 67 static {
68 68 serializeAuth = java.security.AccessController.doPrivileged(
69 69 new sun.security.action.GetBooleanAction(
70 70 "http.auth.serializeRequests")).booleanValue();
71 71 }
72 72
73 73 /* AuthCacheValue: */
74 74
75 75 transient protected PasswordAuthentication pw;
76 76
77 77 public PasswordAuthentication credentials() {
78 78 return pw;
79 79 }
80 80
81 81 public AuthCacheValue.Type getAuthType() {
82 82 return type == SERVER_AUTHENTICATION ?
83 83 AuthCacheValue.Type.Server:
84 84 AuthCacheValue.Type.Proxy;
85 85 }
86 86
87 87 AuthScheme getAuthScheme() {
88 88 return authScheme;
89 89 }
90 90
91 91 public String getHost() {
92 92 return host;
93 93 }
94 94 public int getPort() {
95 95 return port;
96 96 }
97 97 public String getRealm() {
98 98 return realm;
99 99 }
100 100 public String getPath() {
101 101 return path;
102 102 }
103 103 public String getProtocolScheme() {
104 104 return protocol;
105 105 }
106 106
107 107 /**
108 108 * requests is used to ensure that interaction with the
109 109 * Authenticator for a particular realm is single threaded.
110 110 * ie. if multiple threads need to get credentials from the user
111 111 * at the same time, then all but the first will block until
112 112 * the first completes its authentication.
113 113 */
114 114 static private HashMap<String,Thread> requests = new HashMap<>();
115 115
116 116 /* check if a request for this destination is in progress
117 117 * return false immediately if not. Otherwise block until
118 118 * request is finished and return true
119 119 */
120 120 static private boolean requestIsInProgress (String key) {
121 121 if (!serializeAuth) {
122 122 /* behavior is disabled. Revert to concurrent requests */
123 123 return false;
124 124 }
125 125 synchronized (requests) {
126 126 Thread t, c;
127 127 c = Thread.currentThread();
128 128 if ((t = requests.get(key)) == null) {
129 129 requests.put (key, c);
130 130 return false;
131 131 }
132 132 if (t == c) {
133 133 return false;
134 134 }
135 135 while (requests.containsKey(key)) {
136 136 try {
137 137 requests.wait ();
138 138 } catch (InterruptedException e) {}
139 139 }
140 140 }
141 141 /* entry may be in cache now. */
142 142 return true;
143 143 }
144 144
145 145 /* signal completion of an authentication (whether it succeeded or not)
146 146 * so that other threads can continue.
147 147 */
148 148 static private void requestCompleted (String key) {
149 149 synchronized (requests) {
150 150 Thread thread = requests.get(key);
151 151 if (thread != null && thread == Thread.currentThread()) {
152 152 boolean waspresent = requests.remove(key) != null;
153 153 assert waspresent;
154 154 }
155 155 requests.notifyAll();
156 156 }
157 157 }
158 158
159 159 //public String toString () {
160 160 //return ("{"+type+":"+authScheme+":"+protocol+":"+host+":"+port+":"+realm+":"+path+"}");
161 161 //}
162 162
163 163 // REMIND: This cache just grows forever. We should put in a bounded
164 164 // cache, or maybe something using WeakRef's.
165 165
166 166 /** The type (server/proxy) of authentication this is. Used for key lookup */
167 167 char type;
168 168
169 169 /** The authentication scheme (basic/digest). Also used for key lookup */
170 170 AuthScheme authScheme;
171 171
172 172 /** The protocol/scheme (i.e. http or https ). Need to keep the caches
173 173 * logically separate for the two protocols. This field is only used
174 174 * when constructed with a URL (the normal case for server authentication)
175 175 * For proxy authentication the protocol is not relevant.
176 176 */
177 177 String protocol;
178 178
179 179 /** The host we're authenticating against. */
180 180 String host;
181 181
182 182 /** The port on the host we're authenticating against. */
183 183 int port;
184 184
185 185 /** The realm we're authenticating against. */
186 186 String realm;
187 187
188 188 /** The shortest path from the URL we authenticated against. */
189 189 String path;
190 190
191 191 /** Use this constructor only for proxy entries */
192 192 public AuthenticationInfo(char type, AuthScheme authScheme, String host, int port, String realm) {
193 193 this.type = type;
194 194 this.authScheme = authScheme;
195 195 this.protocol = "";
196 196 this.host = host.toLowerCase();
197 197 this.port = port;
198 198 this.realm = realm;
199 199 this.path = null;
200 200 }
201 201
202 202 public Object clone() {
203 203 try {
204 204 return super.clone ();
205 205 } catch (CloneNotSupportedException e) {
206 206 // Cannot happen because Cloneable implemented by AuthenticationInfo
207 207 return null;
208 208 }
209 209 }
210 210
211 211 /*
212 212 * Constructor used to limit the authorization to the path within
213 213 * the URL. Use this constructor for origin server entries.
214 214 */
215 215 public AuthenticationInfo(char type, AuthScheme authScheme, URL url, String realm) {
216 216 this.type = type;
217 217 this.authScheme = authScheme;
218 218 this.protocol = url.getProtocol().toLowerCase();
219 219 this.host = url.getHost().toLowerCase();
220 220 this.port = url.getPort();
221 221 if (this.port == -1) {
222 222 this.port = url.getDefaultPort();
223 223 }
224 224 this.realm = realm;
225 225
226 226 String urlPath = url.getPath();
227 227 if (urlPath.length() == 0)
228 228 this.path = urlPath;
229 229 else {
230 230 this.path = reducePath (urlPath);
231 231 }
232 232
233 233 }
234 234
235 235 /*
236 236 * reduce the path to the root of where we think the
237 237 * authorization begins. This could get shorter as
238 238 * the url is traversed up following a successful challenge.
239 239 */
240 240 static String reducePath (String urlPath) {
241 241 int sepIndex = urlPath.lastIndexOf('/');
242 242 int targetSuffixIndex = urlPath.lastIndexOf('.');
243 243 if (sepIndex != -1)
244 244 if (sepIndex < targetSuffixIndex)
245 245 return urlPath.substring(0, sepIndex+1);
246 246 else
247 247 return urlPath;
248 248 else
249 249 return urlPath;
250 250 }
251 251
252 252 /**
253 253 * Returns info for the URL, for an HTTP server auth. Used when we
254 254 * don't yet know the realm
255 255 * (i.e. when we're preemptively setting the auth).
256 256 */
257 257 static AuthenticationInfo getServerAuth(URL url) {
258 258 int port = url.getPort();
259 259 if (port == -1) {
260 260 port = url.getDefaultPort();
261 261 }
262 262 String key = SERVER_AUTHENTICATION + ":" + url.getProtocol().toLowerCase()
↓ open down ↓ |
262 lines elided |
↑ open up ↑ |
263 263 + ":" + url.getHost().toLowerCase() + ":" + port;
264 264 return getAuth(key, url);
265 265 }
266 266
267 267 /**
268 268 * Returns info for the URL, for an HTTP server auth. Used when we
269 269 * do know the realm (i.e. when we're responding to a challenge).
270 270 * In this case we do not use the path because the protection space
271 271 * is identified by the host:port:realm only
272 272 */
273 - static AuthenticationInfo getServerAuth(URL url, String realm, AuthScheme scheme) {
273 + static String getServerAuthKey(URL url, String realm, AuthScheme scheme) {
274 274 int port = url.getPort();
275 275 if (port == -1) {
276 276 port = url.getDefaultPort();
277 277 }
278 278 String key = SERVER_AUTHENTICATION + ":" + scheme + ":" + url.getProtocol().toLowerCase()
279 279 + ":" + url.getHost().toLowerCase() + ":" + port + ":" + realm;
280 + return key;
281 + }
282 +
283 + static AuthenticationInfo getServerAuth(String key) {
280 284 AuthenticationInfo cached = getAuth(key, null);
281 285 if ((cached == null) && requestIsInProgress (key)) {
282 286 /* check the cache again, it might contain an entry */
283 287 cached = getAuth(key, null);
284 288 }
285 289 return cached;
286 290 }
287 291
288 292
289 293 /**
290 294 * Return the AuthenticationInfo object from the cache if it's path is
291 295 * a substring of the supplied URLs path.
292 296 */
293 297 static AuthenticationInfo getAuth(String key, URL url) {
294 298 if (url == null) {
295 299 return (AuthenticationInfo)cache.get (key, null);
296 300 } else {
297 301 return (AuthenticationInfo)cache.get (key, url.getPath());
298 302 }
299 303 }
300 304
301 305 /**
302 306 * Returns a firewall authentication, for the given host/port. Used
303 307 * for preemptive header-setting. Note, the protocol field is always
304 308 * blank for proxies.
305 309 */
306 310 static AuthenticationInfo getProxyAuth(String host, int port) {
↓ open down ↓ |
17 lines elided |
↑ open up ↑ |
307 311 String key = PROXY_AUTHENTICATION + "::" + host.toLowerCase() + ":" + port;
308 312 AuthenticationInfo result = (AuthenticationInfo) cache.get(key, null);
309 313 return result;
310 314 }
311 315
312 316 /**
313 317 * Returns a firewall authentication, for the given host/port and realm.
314 318 * Used in response to a challenge. Note, the protocol field is always
315 319 * blank for proxies.
316 320 */
317 - static AuthenticationInfo getProxyAuth(String host, int port, String realm, AuthScheme scheme) {
321 + static String getProxyAuthKey(String host, int port, String realm, AuthScheme scheme) {
318 322 String key = PROXY_AUTHENTICATION + ":" + scheme + "::" + host.toLowerCase()
319 323 + ":" + port + ":" + realm;
324 + return key;
325 + }
326 +
327 + static AuthenticationInfo getProxyAuth(String key) {
320 328 AuthenticationInfo cached = (AuthenticationInfo) cache.get(key, null);
321 329 if ((cached == null) && requestIsInProgress (key)) {
322 330 /* check the cache again, it might contain an entry */
323 331 cached = (AuthenticationInfo) cache.get(key, null);
324 332 }
325 333 return cached;
326 334 }
327 335
328 336
329 337 /**
330 338 * Add this authentication to the cache
331 339 */
332 340 void addToCache() {
333 - cache.put (cacheKey(true), this);
341 + String key = cacheKey(true);
342 + cache.put(key, this);
334 343 if (supportsPreemptiveAuthorization()) {
335 - cache.put (cacheKey(false), this);
344 + cache.put(cacheKey(false), this);
336 345 }
337 - endAuthRequest();
346 + endAuthRequest(key);
338 347 }
339 348
340 - void endAuthRequest () {
349 + static void endAuthRequest (String key) {
341 350 if (!serializeAuth) {
342 351 return;
343 352 }
344 353 synchronized (requests) {
345 - requestCompleted (cacheKey(true));
354 + requestCompleted(key);
346 355 }
347 356 }
348 357
349 358 /**
350 359 * Remove this authentication from the cache
351 360 */
352 361 void removeFromCache() {
353 362 cache.remove(cacheKey(true), this);
354 363 if (supportsPreemptiveAuthorization()) {
355 364 cache.remove(cacheKey(false), this);
356 365 }
357 366 }
358 367
359 368 /**
360 369 * @return true if this authentication supports preemptive authorization
361 370 */
362 371 public abstract boolean supportsPreemptiveAuthorization();
363 372
364 373 /**
365 374 * @return the name of the HTTP header this authentication wants set.
366 375 * This is used for preemptive authorization.
367 376 */
368 377 public String getHeaderName() {
369 378 if (type == SERVER_AUTHENTICATION) {
370 379 return "Authorization";
371 380 } else {
372 381 return "Proxy-authorization";
373 382 }
374 383 }
375 384
376 385 /**
377 386 * Calculates and returns the authentication header value based
378 387 * on the stored authentication parameters. If the calculation does not depend
379 388 * on the URL or the request method then these parameters are ignored.
380 389 * @param url The URL
381 390 * @param method The request method
382 391 * @return the value of the HTTP header this authentication wants set.
383 392 * Used for preemptive authorization.
384 393 */
385 394 public abstract String getHeaderValue(URL url, String method);
386 395
387 396 /**
388 397 * Set header(s) on the given connection. Subclasses must override
389 398 * This will only be called for
390 399 * definitive (i.e. non-preemptive) authorization.
391 400 * @param conn The connection to apply the header(s) to
392 401 * @param p A source of header values for this connection, if needed.
393 402 * @param raw The raw header field (if needed)
394 403 * @return true if all goes well, false if no headers were set.
395 404 */
396 405 public abstract boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw);
397 406
398 407 /**
399 408 * Check if the header indicates that the current auth. parameters are stale.
400 409 * If so, then replace the relevant field with the new value
401 410 * and return true. Otherwise return false.
402 411 * returning true means the request can be retried with the same userid/password
403 412 * returning false means we have to go back to the user to ask for a new
404 413 * username password.
405 414 */
406 415 public abstract boolean isAuthorizationStale (String header);
407 416
408 417 /**
409 418 * Give a key for hash table lookups.
410 419 * @param includeRealm if you want the realm considered. Preemptively
411 420 * setting an authorization is done before the realm is known.
412 421 */
413 422 String cacheKey(boolean includeRealm) {
414 423 // This must be kept in sync with the getXXXAuth() methods in this
415 424 // class.
416 425 if (includeRealm) {
417 426 return type + ":" + authScheme + ":" + protocol + ":"
418 427 + host + ":" + port + ":" + realm;
419 428 } else {
420 429 return type + ":" + protocol + ":" + host + ":" + port;
421 430 }
422 431 }
423 432
424 433 String s1, s2; /* used for serialization of pw */
425 434
426 435 private void readObject(ObjectInputStream s)
427 436 throws IOException, ClassNotFoundException
428 437 {
429 438 s.defaultReadObject ();
430 439 pw = new PasswordAuthentication (s1, s2.toCharArray());
431 440 s1 = null; s2= null;
432 441 }
433 442
434 443 private synchronized void writeObject(java.io.ObjectOutputStream s)
435 444 throws IOException
436 445 {
437 446 s1 = pw.getUserName();
438 447 s2 = new String (pw.getPassword());
439 448 s.defaultWriteObject ();
440 449 }
441 450 }
↓ open down ↓ |
86 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX