HTTPCLIENT-1338: (regression) Invalidated / stale DIGEST schemes do not get evicted from the auth cache

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1467929 13f79535-47bb-0310-9956-ffa450edef68
2013-04-15 10:25:34 +00:00 · 2013-04-15 10:25:34 +00:00 · 485f06bb27
parent e8c5d1bca4
commit 485f06bb27
4 changed files with 40 additions and 0 deletions
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@ -1,3 +1,12 @@
+Changes since release 4.3 BETA1
+-------------------
+
+* [HTTPCLIENT-1338] (regression) Invalidated / stale DIGEST schemes do not get evicted from
+  the auth cache. 
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+
+
 Release 4.3 BETA1
 -------------------

--- a/httpclient/src/main/java/org/apache/http/impl/auth/DigestScheme.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/DigestScheme.java
@ -474,4 +474,14 @@ public class DigestScheme extends RFC2617Scheme {
        return encode(tmp);
    }

+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("DIGEST [complete=").append(complete)
+                .append(", nonce=").append(lastNonce)
+                .append(", nc=").append(nounceCount)
+                .append("]");
+        return builder.toString();
+    }
+
 }
--- a/httpclient/src/main/java/org/apache/http/impl/auth/HttpAuthenticator.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/HttpAuthenticator.java
@ -75,6 +75,9 @@ public class HttpAuthenticator {
            final HttpContext context) {
        if (authStrategy.isAuthenticationRequested(host, response, context)) {
            this.log.debug("Authentication required");
+            if (authState.getState() == AuthProtocolState.SUCCESS) {
+                authStrategy.authFailed(host, authState.getAuthScheme(), context);
+            }
            return true;
        } else {
            switch (authState.getState()) {
--- a/httpclient/src/test/java/org/apache/http/impl/auth/TestHttpAuthenticator.java
+++ b/httpclient/src/test/java/org/apache/http/impl/auth/TestHttpAuthenticator.java
@ -115,6 +115,24 @@ public class TestHttpAuthenticator {
        Mockito.verify(this.authStrategy).isAuthenticationRequested(this.host, response, this.context);
    }

+    @Test
+    public void testAuthenticationRequestedAfterSuccess() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
+        Mockito.when(this.authStrategy.isAuthenticationRequested(
+                Mockito.any(HttpHost.class),
+                Mockito.any(HttpResponse.class),
+                Mockito.any(HttpContext.class))).thenReturn(Boolean.TRUE);
+
+        this.authState.update(this.authScheme, this.credentials);
+        this.authState.setState(AuthProtocolState.SUCCESS);
+
+        Assert.assertTrue(this.httpAuthenticator.isAuthenticationRequested(
+                this.host, response, this.authStrategy, this.authState, this.context));
+
+        Mockito.verify(this.authStrategy).isAuthenticationRequested(this.host, response, this.context);
+        Mockito.verify(this.authStrategy).authFailed(this.host, this.authScheme, this.context);
+    }
+
    @Test
    public void testAuthenticationNotRequestedUnchallenged() throws Exception {
        final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_OK, "OK");