From 162f3d6d9958bee8909e6a73aa93f8fb3691fc2e Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Fri, 7 Oct 2011 17:49:42 +0000
Subject: [PATCH] HTTPCLIENT-1131: HttpClient to authenticate preemptively
 using BASIC scheme if a userinfo attribute is specified in the request URI

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1180120 13f79535-47bb-0310-9956-ffa450edef68
---
 RELEASE_NOTES.txt                             |  4 +++
 .../impl/client/DefaultRequestDirector.java   | 10 ++++++
 .../impl/client/TestClientAuthentication.java | 31 +++++++++++++++++++
 3 files changed, 45 insertions(+)

diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 8c4ba4774..dd2fea882 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -1,5 +1,9 @@
 Changes since 4.1.2
 
+* [HTTPCLIENT-1131] HttpClient to authenticate preemptively using BASIC scheme if a userinfo 
+  attribute is specified in the request URI.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
 * [HTTPCLIENT-1116] ResponseCachingPolicy uses integers for sizes
   Contributed by Greg Bowyer <gbowyer at fastmail.co.uk >
 
diff --git a/httpclient/src/main/java/org/apache/http/impl/client/DefaultRequestDirector.java b/httpclient/src/main/java/org/apache/http/impl/client/DefaultRequestDirector.java
index b4652da01..2b99339a2 100644
--- a/httpclient/src/main/java/org/apache/http/impl/client/DefaultRequestDirector.java
+++ b/httpclient/src/main/java/org/apache/http/impl/client/DefaultRequestDirector.java
@@ -47,9 +47,12 @@ import org.apache.http.ProtocolVersion;
 import org.apache.http.annotation.NotThreadSafe;
 import org.apache.http.auth.AuthProtocolState;
 import org.apache.http.auth.AuthScheme;
+import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.AuthState;
+import org.apache.http.auth.UsernamePasswordCredentials;
 import org.apache.http.client.AuthenticationHandler;
 import org.apache.http.client.AuthenticationStrategy;
+import org.apache.http.client.CredentialsProvider;
 import org.apache.http.client.HttpRequestRetryHandler;
 import org.apache.http.client.NonRepeatableRequestException;
 import org.apache.http.client.RedirectException;
@@ -74,6 +77,7 @@ import org.apache.http.conn.routing.HttpRouteDirector;
 import org.apache.http.conn.routing.HttpRoutePlanner;
 import org.apache.http.conn.scheme.Scheme;
 import org.apache.http.entity.BufferedHttpEntity;
+import org.apache.http.impl.auth.BasicScheme;
 import org.apache.http.impl.conn.ConnectionShutdownException;
 import org.apache.http.message.BasicHttpRequest;
 import org.apache.http.params.HttpConnectionParams;
@@ -478,6 +482,12 @@ public class DefaultRequestDirector implements RequestDirector {
                     break;
                 }
 
+                String userinfo = wrapper.getURI().getUserInfo();
+                if (userinfo != null) {
+                    targetAuthState.setAuthScheme(new BasicScheme());
+                    targetAuthState.setCredentials(new UsernamePasswordCredentials(userinfo));
+                }
+
                 // Reset headers on the request wrapper
                 wrapper.resetHeaders();
 
diff --git a/httpclient/src/test/java/org/apache/http/impl/client/TestClientAuthentication.java b/httpclient/src/test/java/org/apache/http/impl/client/TestClientAuthentication.java
index 34c31b031..e758dd83c 100644
--- a/httpclient/src/test/java/org/apache/http/impl/client/TestClientAuthentication.java
+++ b/httpclient/src/test/java/org/apache/http/impl/client/TestClientAuthentication.java
@@ -30,6 +30,7 @@ import java.io.IOException;
 
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpException;
+import org.apache.http.HttpHost;
 import org.apache.http.HttpRequest;
 import org.apache.http.HttpResponse;
 import org.apache.http.HttpStatus;
@@ -396,4 +397,34 @@ public class TestClientAuthentication extends BasicServerTestBase {
         Assert.assertEquals(1, authStrategy.getCount());
     }
 
+    @Test
+    public void testAuthenticationUserinfoInRequestSuccess() throws Exception {
+        this.localServer.register("*", new AuthHandler());
+        this.localServer.start();
+
+        HttpHost target = getServerHttp();
+        HttpGet httpget = new HttpGet("http://test:test@" +  target.toHostString() + "/");
+
+        HttpResponse response = this.httpclient.execute(getServerHttp(), httpget);
+        HttpEntity entity = response.getEntity();
+        Assert.assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
+        Assert.assertNotNull(entity);
+        EntityUtils.consume(entity);
+    }
+
+    @Test
+    public void testAuthenticationUserinfoInRequestFailure() throws Exception {
+        this.localServer.register("*", new AuthHandler());
+        this.localServer.start();
+
+        HttpHost target = getServerHttp();
+        HttpGet httpget = new HttpGet("http://test:all-wrong@" +  target.toHostString() + "/");
+
+        HttpResponse response = this.httpclient.execute(getServerHttp(), httpget);
+        HttpEntity entity = response.getEntity();
+        Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getStatusLine().getStatusCode());
+        Assert.assertNotNull(entity);
+        EntityUtils.consume(entity);
+    }
+
 }