| /* |
| * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| /* |
| * @test |
| * @bug 5017051 6360774 |
| * @modules jdk.httpserver |
| * @run main/othervm B5017051 |
| * @summary Tests CR 5017051 & 6360774 |
| */ |
| |
| import java.net.*; |
| import java.util.*; |
| import java.io.*; |
| import com.sun.net.httpserver.*; |
| import java.util.concurrent.Executors; |
| import java.util.concurrent.ExecutorService; |
| |
| /* |
| * Part 1: |
| * First request sent to the http server will not have an "Authorization" header set and |
| * the server will respond with a 401, but not until it has set a cookie in the response |
| * headers. The subsequent request ( comes from HttpURLConnection's authentication retry ) |
| * will have the appropriate Authorization header and the servers context handler will be |
| * invoked. The test passes only if the client (HttpURLConnection) has sent the cookie |
| * in its second request that had been set via the first response from the server. |
| * |
| * Part 2: |
| * Preload the CookieManager with a cookie. Make a http request that requires authentication |
| * The cookie will be sent in the first request (without the Authorization header), the |
| * server will respond with a 401 (from MyBasicAuthFilter) and the client will add the |
| * appropriate Authorization header. This tests ensures that there is only one Cookie header |
| * in the request that actually makes it to the Http servers context handler. |
| */ |
| |
| public class B5017051 |
| { |
| com.sun.net.httpserver.HttpServer httpServer; |
| ExecutorService executorService; |
| |
| public static void main(String[] args) |
| { |
| new B5017051(); |
| } |
| |
| public B5017051() |
| { |
| try { |
| startHttpServer(); |
| doClient(); |
| } catch (IOException ioe) { |
| System.err.println(ioe); |
| } |
| } |
| |
| void doClient() { |
| java.net.Authenticator.setDefault(new MyAuthenticator()); |
| CookieHandler.setDefault(new CookieManager(null, CookiePolicy.ACCEPT_ALL)); |
| |
| try { |
| InetSocketAddress address = httpServer.getAddress(); |
| |
| // Part 1 |
| URL url = new URL("http://" + address.getHostName() + ":" + address.getPort() + "/test/"); |
| HttpURLConnection uc = (HttpURLConnection)url.openConnection(); |
| int resp = uc.getResponseCode(); |
| if (resp != 200) |
| throw new RuntimeException("Failed: Part 1, Response code is not 200"); |
| |
| System.out.println("Response code from Part 1 = 200 OK"); |
| |
| // Part 2 |
| URL url2 = new URL("http://" + address.getHostName() + ":" + address.getPort() + "/test2/"); |
| |
| // can use the global CookieHandler used for the first test as the URL's are different |
| CookieHandler ch = CookieHandler.getDefault(); |
| Map<String,List<String>> header = new HashMap<String,List<String>>(); |
| List<String> values = new LinkedList<String>(); |
| values.add("Test2Cookie=\"TEST2\"; path=\"/test2/\""); |
| header.put("Set-Cookie2", values); |
| |
| // preload the CookieHandler with a cookie for our URL |
| // so that it will be sent during the first request |
| ch.put(url2.toURI(), header); |
| |
| uc = (HttpURLConnection)url2.openConnection(); |
| resp = uc.getResponseCode(); |
| if (resp != 200) |
| throw new RuntimeException("Failed: Part 2, Response code is not 200"); |
| |
| System.out.println("Response code from Part 2 = 200 OK"); |
| |
| |
| } catch (IOException e) { |
| e.printStackTrace(); |
| } catch (URISyntaxException ue) { |
| ue.printStackTrace(); |
| } finally { |
| httpServer.stop(1); |
| executorService.shutdown(); |
| } |
| } |
| |
| /** |
| * Http Server |
| */ |
| public void startHttpServer() throws IOException { |
| httpServer = com.sun.net.httpserver.HttpServer.create(new InetSocketAddress(0), 0); |
| |
| // create HttpServer context for Part 1. |
| HttpContext ctx = httpServer.createContext("/test/", new MyHandler()); |
| ctx.setAuthenticator( new MyBasicAuthenticator("foo")); |
| // CookieFilter needs to be executed before Authenticator. |
| ctx.getFilters().add(0, new CookieFilter()); |
| |
| // create HttpServer context for Part 2. |
| HttpContext ctx2 = httpServer.createContext("/test2/", new MyHandler2()); |
| ctx2.setAuthenticator( new MyBasicAuthenticator("foobar")); |
| |
| executorService = Executors.newCachedThreadPool(); |
| httpServer.setExecutor(executorService); |
| httpServer.start(); |
| } |
| |
| class MyHandler implements HttpHandler { |
| public void handle(HttpExchange t) throws IOException { |
| InputStream is = t.getRequestBody(); |
| Headers reqHeaders = t.getRequestHeaders(); |
| Headers resHeaders = t.getResponseHeaders(); |
| while (is.read () != -1) ; |
| is.close(); |
| |
| if (!reqHeaders.containsKey("Authorization")) |
| t.sendResponseHeaders(400, -1); |
| |
| List<String> cookies = reqHeaders.get("Cookie"); |
| if (cookies != null) { |
| for (String str : cookies) { |
| if (str.equals("Customer=WILE_E_COYOTE")) |
| t.sendResponseHeaders(200, -1); |
| } |
| } |
| t.sendResponseHeaders(400, -1); |
| } |
| } |
| |
| class MyHandler2 implements HttpHandler { |
| public void handle(HttpExchange t) throws IOException { |
| InputStream is = t.getRequestBody(); |
| Headers reqHeaders = t.getRequestHeaders(); |
| Headers resHeaders = t.getResponseHeaders(); |
| while (is.read () != -1) ; |
| is.close(); |
| |
| if (!reqHeaders.containsKey("Authorization")) |
| t.sendResponseHeaders(400, -1); |
| |
| List<String> cookies = reqHeaders.get("Cookie"); |
| |
| // there should only be one Cookie header |
| if (cookies != null && (cookies.size() == 1)) { |
| t.sendResponseHeaders(200, -1); |
| } |
| t.sendResponseHeaders(400, -1); |
| } |
| } |
| |
| class MyAuthenticator extends java.net.Authenticator { |
| public PasswordAuthentication getPasswordAuthentication () { |
| return new PasswordAuthentication("tester", "passwd".toCharArray()); |
| } |
| } |
| |
| class MyBasicAuthenticator extends BasicAuthenticator |
| { |
| public MyBasicAuthenticator(String realm) { |
| super(realm); |
| } |
| |
| public boolean checkCredentials (String username, String password) { |
| return username.equals("tester") && password.equals("passwd"); |
| } |
| } |
| |
| class CookieFilter extends Filter |
| { |
| public void doFilter(HttpExchange t, Chain chain) throws IOException |
| { |
| Headers resHeaders = t.getResponseHeaders(); |
| Headers reqHeaders = t.getRequestHeaders(); |
| |
| if (!reqHeaders.containsKey("Authorization")) |
| resHeaders.set("Set-Cookie2", "Customer=\"WILE_E_COYOTE\"; path=\"/test/\""); |
| |
| chain.doFilter(t); |
| } |
| |
| public void destroy(HttpContext c) { } |
| |
| public void init(HttpContext c) { } |
| |
| public String description() { |
| return new String("Filter for setting a cookie for requests without an \"Authorization\" header."); |
| } |
| } |
| } |