227 lines
8.1 KiB
Java
227 lines
8.1 KiB
Java
/*
|
|
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/*
|
|
* @test
|
|
* @bug 5017051 6360774
|
|
* @modules jdk.httpserver
|
|
* @run main/othervm B5017051
|
|
* @summary Tests CR 5017051 & 6360774
|
|
*/
|
|
|
|
import java.net.*;
|
|
import java.util.*;
|
|
import java.io.*;
|
|
import com.sun.net.httpserver.*;
|
|
import java.util.concurrent.Executors;
|
|
import java.util.concurrent.ExecutorService;
|
|
|
|
/*
|
|
* Part 1:
|
|
* First request sent to the http server will not have an "Authorization" header set and
|
|
* the server will respond with a 401, but not until it has set a cookie in the response
|
|
* headers. The subsequent request ( comes from HttpURLConnection's authentication retry )
|
|
* will have the appropriate Authorization header and the servers context handler will be
|
|
* invoked. The test passes only if the client (HttpURLConnection) has sent the cookie
|
|
* in its second request that had been set via the first response from the server.
|
|
*
|
|
* Part 2:
|
|
* Preload the CookieManager with a cookie. Make a http request that requires authentication
|
|
* The cookie will be sent in the first request (without the Authorization header), the
|
|
* server will respond with a 401 (from MyBasicAuthFilter) and the client will add the
|
|
* appropriate Authorization header. This tests ensures that there is only one Cookie header
|
|
* in the request that actually makes it to the Http servers context handler.
|
|
*/
|
|
|
|
public class B5017051
|
|
{
|
|
com.sun.net.httpserver.HttpServer httpServer;
|
|
ExecutorService executorService;
|
|
|
|
public static void main(String[] args)
|
|
{
|
|
new B5017051();
|
|
}
|
|
|
|
public B5017051()
|
|
{
|
|
try {
|
|
startHttpServer();
|
|
doClient();
|
|
} catch (IOException ioe) {
|
|
System.err.println(ioe);
|
|
}
|
|
}
|
|
|
|
void doClient() {
|
|
java.net.Authenticator.setDefault(new MyAuthenticator());
|
|
CookieHandler.setDefault(new CookieManager(null, CookiePolicy.ACCEPT_ALL));
|
|
|
|
try {
|
|
InetSocketAddress address = httpServer.getAddress();
|
|
|
|
// Part 1
|
|
URL url = new URL("http://" + address.getHostName() + ":" + address.getPort() + "/test/");
|
|
HttpURLConnection uc = (HttpURLConnection)url.openConnection();
|
|
int resp = uc.getResponseCode();
|
|
if (resp != 200)
|
|
throw new RuntimeException("Failed: Part 1, Response code is not 200");
|
|
|
|
System.out.println("Response code from Part 1 = 200 OK");
|
|
|
|
// Part 2
|
|
URL url2 = new URL("http://" + address.getHostName() + ":" + address.getPort() + "/test2/");
|
|
|
|
// can use the global CookieHandler used for the first test as the URL's are different
|
|
CookieHandler ch = CookieHandler.getDefault();
|
|
Map<String,List<String>> header = new HashMap<String,List<String>>();
|
|
List<String> values = new LinkedList<String>();
|
|
values.add("Test2Cookie=\"TEST2\"; path=\"/test2/\"");
|
|
header.put("Set-Cookie2", values);
|
|
|
|
// preload the CookieHandler with a cookie for our URL
|
|
// so that it will be sent during the first request
|
|
ch.put(url2.toURI(), header);
|
|
|
|
uc = (HttpURLConnection)url2.openConnection();
|
|
resp = uc.getResponseCode();
|
|
if (resp != 200)
|
|
throw new RuntimeException("Failed: Part 2, Response code is not 200");
|
|
|
|
System.out.println("Response code from Part 2 = 200 OK");
|
|
|
|
|
|
} catch (IOException e) {
|
|
e.printStackTrace();
|
|
} catch (URISyntaxException ue) {
|
|
ue.printStackTrace();
|
|
} finally {
|
|
httpServer.stop(1);
|
|
executorService.shutdown();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Http Server
|
|
*/
|
|
public void startHttpServer() throws IOException {
|
|
httpServer = com.sun.net.httpserver.HttpServer.create(new InetSocketAddress(0), 0);
|
|
|
|
// create HttpServer context for Part 1.
|
|
HttpContext ctx = httpServer.createContext("/test/", new MyHandler());
|
|
ctx.setAuthenticator( new MyBasicAuthenticator("foo"));
|
|
// CookieFilter needs to be executed before Authenticator.
|
|
ctx.getFilters().add(0, new CookieFilter());
|
|
|
|
// create HttpServer context for Part 2.
|
|
HttpContext ctx2 = httpServer.createContext("/test2/", new MyHandler2());
|
|
ctx2.setAuthenticator( new MyBasicAuthenticator("foobar"));
|
|
|
|
executorService = Executors.newCachedThreadPool();
|
|
httpServer.setExecutor(executorService);
|
|
httpServer.start();
|
|
}
|
|
|
|
class MyHandler implements HttpHandler {
|
|
public void handle(HttpExchange t) throws IOException {
|
|
InputStream is = t.getRequestBody();
|
|
Headers reqHeaders = t.getRequestHeaders();
|
|
Headers resHeaders = t.getResponseHeaders();
|
|
while (is.read () != -1) ;
|
|
is.close();
|
|
|
|
if (!reqHeaders.containsKey("Authorization"))
|
|
t.sendResponseHeaders(400, -1);
|
|
|
|
List<String> cookies = reqHeaders.get("Cookie");
|
|
if (cookies != null) {
|
|
for (String str : cookies) {
|
|
if (str.equals("Customer=WILE_E_COYOTE"))
|
|
t.sendResponseHeaders(200, -1);
|
|
}
|
|
}
|
|
t.sendResponseHeaders(400, -1);
|
|
}
|
|
}
|
|
|
|
class MyHandler2 implements HttpHandler {
|
|
public void handle(HttpExchange t) throws IOException {
|
|
InputStream is = t.getRequestBody();
|
|
Headers reqHeaders = t.getRequestHeaders();
|
|
Headers resHeaders = t.getResponseHeaders();
|
|
while (is.read () != -1) ;
|
|
is.close();
|
|
|
|
if (!reqHeaders.containsKey("Authorization"))
|
|
t.sendResponseHeaders(400, -1);
|
|
|
|
List<String> cookies = reqHeaders.get("Cookie");
|
|
|
|
// there should only be one Cookie header
|
|
if (cookies != null && (cookies.size() == 1)) {
|
|
t.sendResponseHeaders(200, -1);
|
|
}
|
|
t.sendResponseHeaders(400, -1);
|
|
}
|
|
}
|
|
|
|
class MyAuthenticator extends java.net.Authenticator {
|
|
public PasswordAuthentication getPasswordAuthentication () {
|
|
return new PasswordAuthentication("tester", "passwd".toCharArray());
|
|
}
|
|
}
|
|
|
|
class MyBasicAuthenticator extends BasicAuthenticator
|
|
{
|
|
public MyBasicAuthenticator(String realm) {
|
|
super(realm);
|
|
}
|
|
|
|
public boolean checkCredentials (String username, String password) {
|
|
return username.equals("tester") && password.equals("passwd");
|
|
}
|
|
}
|
|
|
|
class CookieFilter extends Filter
|
|
{
|
|
public void doFilter(HttpExchange t, Chain chain) throws IOException
|
|
{
|
|
Headers resHeaders = t.getResponseHeaders();
|
|
Headers reqHeaders = t.getRequestHeaders();
|
|
|
|
if (!reqHeaders.containsKey("Authorization"))
|
|
resHeaders.set("Set-Cookie2", "Customer=\"WILE_E_COYOTE\"; path=\"/test/\"");
|
|
|
|
chain.doFilter(t);
|
|
}
|
|
|
|
public void destroy(HttpContext c) { }
|
|
|
|
public void init(HttpContext c) { }
|
|
|
|
public String description() {
|
|
return new String("Filter for setting a cookie for requests without an \"Authorization\" header.");
|
|
}
|
|
}
|
|
}
|