HTTPCLIENT-1383: HttpClient enters an infinite loop during NTLM authentication if the opposite endpoint keeps responding with a type 2 NTLM response after type 3 MTLM message has already been sent by the client
git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1500275 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
86e8b3d840
commit
6b0fdc74cc
|
@ -2,6 +2,11 @@
|
|||
Changes since release 4.3 BETA2
|
||||
-------------------
|
||||
|
||||
* [HTTPCLIENT-1383] HttpClient enters an infinite loop during NTLM authentication if the opposite
|
||||
endpoint keeps responding with a type 2 NTLM response after type 3 MTLM message has already been
|
||||
sent by the client.
|
||||
Contributed by Oleg Kalnichevski <olegk at apache.org>
|
||||
|
||||
* [HTTPCLIENT-1372] Refactor HttpMultipart, and add RFC6532 mode, so that headers in post
|
||||
are no longer constrained to ASCII values.
|
||||
Contributed by Karl Wright <kwright at apache.org>
|
||||
|
|
|
@ -99,17 +99,17 @@ public class NTLMScheme extends AuthSchemeBase {
|
|||
protected void parseChallenge(
|
||||
final CharArrayBuffer buffer,
|
||||
final int beginIndex, final int endIndex) throws MalformedChallengeException {
|
||||
final String challenge = buffer.substringTrimmed(beginIndex, endIndex);
|
||||
if (challenge.length() == 0) {
|
||||
this.challenge = buffer.substringTrimmed(beginIndex, endIndex);
|
||||
if (this.challenge.length() == 0) {
|
||||
if (this.state == State.UNINITIATED) {
|
||||
this.state = State.CHALLENGE_RECEIVED;
|
||||
} else {
|
||||
this.state = State.FAILED;
|
||||
}
|
||||
this.challenge = null;
|
||||
} else {
|
||||
if (this.state == State.MSG_TYPE1_GENERATED) {
|
||||
this.state = State.MSG_TYPE2_RECEVIED;
|
||||
this.challenge = challenge;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,147 @@
|
|||
/*
|
||||
* ====================================================================
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
* ====================================================================
|
||||
*
|
||||
* This software consists of voluntary contributions made by many
|
||||
* individuals on behalf of the Apache Software Foundation. For more
|
||||
* information on the Apache Software Foundation, please see
|
||||
* <http://www.apache.org/>.
|
||||
*
|
||||
*/
|
||||
package org.apache.http.impl.client.integration;
|
||||
|
||||
import org.apache.http.HttpException;
|
||||
import org.apache.http.HttpHeaders;
|
||||
import org.apache.http.HttpHost;
|
||||
import org.apache.http.HttpRequest;
|
||||
import org.apache.http.HttpResponse;
|
||||
import org.apache.http.HttpStatus;
|
||||
import org.apache.http.HttpVersion;
|
||||
import org.apache.http.auth.AuthScope;
|
||||
import org.apache.http.auth.NTCredentials;
|
||||
import org.apache.http.client.methods.HttpGet;
|
||||
import org.apache.http.client.protocol.HttpClientContext;
|
||||
import org.apache.http.impl.client.BasicCredentialsProvider;
|
||||
import org.apache.http.impl.client.HttpClients;
|
||||
import org.apache.http.localserver.LocalTestServer;
|
||||
import org.apache.http.message.BasicStatusLine;
|
||||
import org.apache.http.protocol.HttpContext;
|
||||
import org.apache.http.protocol.HttpRequestHandler;
|
||||
import org.apache.http.util.EntityUtils;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* Unit tests for some of the NTLM auth functionality..
|
||||
*/
|
||||
public class TestClientAuthenticationFakeNTLM extends IntegrationTestBase {
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
this.localServer = new LocalTestServer(null, null);
|
||||
}
|
||||
|
||||
static class NtlmResponseHandler implements HttpRequestHandler {
|
||||
|
||||
public void handle(
|
||||
final HttpRequest request,
|
||||
final HttpResponse response,
|
||||
final HttpContext context) throws HttpException, IOException {
|
||||
response.setStatusLine(new BasicStatusLine(
|
||||
HttpVersion.HTTP_1_1,
|
||||
HttpStatus.SC_UNAUTHORIZED,
|
||||
"Authentication Required"));
|
||||
response.setHeader("Connection", "Keep-Alive");
|
||||
response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNTLMAuthenticationFailure() throws Exception {
|
||||
this.localServer.register("*", new NtlmResponseHandler());
|
||||
this.localServer.start();
|
||||
|
||||
final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
|
||||
credsProvider.setCredentials(AuthScope.ANY,
|
||||
new NTCredentials("test", "test", "", ""));
|
||||
|
||||
this.httpclient = HttpClients.custom()
|
||||
.setDefaultCredentialsProvider(credsProvider)
|
||||
.build();
|
||||
|
||||
final HttpContext context = HttpClientContext.create();
|
||||
|
||||
final HttpHost targethost = getServerHttp();
|
||||
final HttpGet httpget = new HttpGet("/");
|
||||
|
||||
final HttpResponse response = this.httpclient.execute(targethost, httpget, context);
|
||||
EntityUtils.consume(response.getEntity());
|
||||
Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
|
||||
response.getStatusLine().getStatusCode());
|
||||
}
|
||||
|
||||
static class NtlmType2ResponseHandler implements HttpRequestHandler {
|
||||
|
||||
public void handle(
|
||||
final HttpRequest request,
|
||||
final HttpResponse response,
|
||||
final HttpContext context) throws HttpException, IOException {
|
||||
response.setStatusLine(new BasicStatusLine(
|
||||
HttpVersion.HTTP_1_1,
|
||||
HttpStatus.SC_UNAUTHORIZED,
|
||||
"Authentication Required"));
|
||||
response.setHeader("Connection", "Keep-Alive");
|
||||
if (!request.containsHeader(HttpHeaders.AUTHORIZATION)) {
|
||||
response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
|
||||
} else {
|
||||
response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM TlRMTVNTUAACAA" +
|
||||
"AADAAMADgAAAAzwoICLgEjRWfCicKrw43DrwAAAAAAAAAAAAAAAAAAAAAGAHAX" +
|
||||
"AAAAD1MAZQByAHYAZQByAA==");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNTLMType2() throws Exception {
|
||||
this.localServer.register("*", new NtlmType2ResponseHandler());
|
||||
this.localServer.start();
|
||||
|
||||
final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
|
||||
credsProvider.setCredentials(AuthScope.ANY,
|
||||
new NTCredentials("test", "test", "", ""));
|
||||
|
||||
this.httpclient = HttpClients.custom()
|
||||
.setDefaultCredentialsProvider(credsProvider)
|
||||
.build();
|
||||
|
||||
final HttpContext context = HttpClientContext.create();
|
||||
|
||||
final HttpHost targethost = getServerHttp();
|
||||
final HttpGet httpget = new HttpGet("/");
|
||||
|
||||
final HttpResponse response = this.httpclient.execute(targethost, httpget, context);
|
||||
EntityUtils.consume(response.getEntity());
|
||||
Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
|
||||
response.getStatusLine().getStatusCode());
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue