author | dfuchs |
Fri, 30 Aug 2019 15:42:27 +0100 | |
branch | JDK-8229867-branch |
changeset 57968 | 8595871a5446 |
parent 57956 | e0b8b019d2f5 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
2 |
* Copyright (c) 1995, 2019, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.net.www.protocol.http; |
|
27 |
||
4157
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
28 |
import java.io.IOException; |
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
29 |
import java.io.ObjectInputStream; |
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
30 |
import java.net.PasswordAuthentication; |
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
31 |
import java.net.URL; |
2 | 32 |
import java.util.HashMap; |
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
33 |
import java.util.Objects; |
57968 | 34 |
import java.util.concurrent.locks.Condition; |
35 |
import java.util.concurrent.locks.ReentrantLock; |
|
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
36 |
import java.util.function.Function; |
2 | 37 |
|
38 |
import sun.net.www.HeaderParser; |
|
39 |
||
40 |
||
41 |
/** |
|
42 |
* AuthenticationInfo: Encapsulate the information needed to |
|
43 |
* authenticate a user to a server. |
|
44 |
* |
|
45 |
* @author Jon Payne |
|
46 |
* @author Herb Jellinek |
|
47 |
* @author Bill Foote |
|
48 |
*/ |
|
49 |
// REMIND: It would be nice if this class understood about partial matching. |
|
50 |
// If you're authorized for foo.com, chances are high you're also |
|
51 |
// authorized for baz.foo.com. |
|
52 |
// NB: When this gets implemented, be careful about the uncaching |
|
53 |
// policy in HttpURLConnection. A failure on baz.foo.com shouldn't |
|
54 |
// uncache foo.com! |
|
55 |
||
4157
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
56 |
public abstract class AuthenticationInfo extends AuthCacheValue implements Cloneable { |
2 | 57 |
|
57956
e0b8b019d2f5
8229997: Apply java.io.Serial annotations in java.base
darcy
parents:
57793
diff
changeset
|
58 |
@java.io.Serial |
19219
0d4231d25a29
8022478: Fix Warnings In sun.net.www.protocol.http Package
dxu
parents:
7668
diff
changeset
|
59 |
static final long serialVersionUID = -2588378268010453259L; |
0d4231d25a29
8022478: Fix Warnings In sun.net.www.protocol.http Package
dxu
parents:
7668
diff
changeset
|
60 |
|
2 | 61 |
// Constants saying what kind of authroization this is. This determines |
62 |
// the namespace in the hash table lookup. |
|
4157
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
63 |
public static final char SERVER_AUTHENTICATION = 's'; |
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
64 |
public static final char PROXY_AUTHENTICATION = 'p'; |
2 | 65 |
|
66 |
/** |
|
67 |
* If true, then simultaneous authentication requests to the same realm/proxy |
|
68 |
* are serialized, in order to avoid a user having to type the same username/passwords |
|
69 |
* repeatedly, via the Authenticator. Default is false, which means that this |
|
70 |
* behavior is switched off. |
|
71 |
*/ |
|
44753 | 72 |
static final boolean serializeAuth; |
2 | 73 |
static { |
74 |
serializeAuth = java.security.AccessController.doPrivileged( |
|
75 |
new sun.security.action.GetBooleanAction( |
|
76 |
"http.auth.serializeRequests")).booleanValue(); |
|
77 |
} |
|
78 |
||
79 |
/* AuthCacheValue: */ |
|
80 |
||
32649
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
25859
diff
changeset
|
81 |
protected transient PasswordAuthentication pw; |
2 | 82 |
|
83 |
public PasswordAuthentication credentials() { |
|
84 |
return pw; |
|
85 |
} |
|
86 |
||
87 |
public AuthCacheValue.Type getAuthType() { |
|
88 |
return type == SERVER_AUTHENTICATION ? |
|
89 |
AuthCacheValue.Type.Server: |
|
90 |
AuthCacheValue.Type.Proxy; |
|
91 |
} |
|
3859
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
92 |
|
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
93 |
AuthScheme getAuthScheme() { |
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
94 |
return authScheme; |
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
95 |
} |
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
96 |
|
2 | 97 |
public String getHost() { |
98 |
return host; |
|
99 |
} |
|
100 |
public int getPort() { |
|
101 |
return port; |
|
102 |
} |
|
103 |
public String getRealm() { |
|
104 |
return realm; |
|
105 |
} |
|
106 |
public String getPath() { |
|
107 |
return path; |
|
108 |
} |
|
109 |
public String getProtocolScheme() { |
|
110 |
return protocol; |
|
111 |
} |
|
44753 | 112 |
/** |
113 |
* Whether we should cache this instance in the AuthCache. |
|
114 |
* This method returns {@code true} by default. |
|
115 |
* Subclasses may override this method to add |
|
116 |
* additional restrictions. |
|
117 |
* @return {@code true} by default. |
|
118 |
*/ |
|
119 |
protected boolean useAuthCache() { |
|
120 |
return true; |
|
121 |
} |
|
2 | 122 |
|
123 |
/** |
|
124 |
* requests is used to ensure that interaction with the |
|
125 |
* Authenticator for a particular realm is single threaded. |
|
52499
768b1c612100
8213490: Networking area typos and inconsistencies cleanup
prappo
parents:
47216
diff
changeset
|
126 |
* i.e. if multiple threads need to get credentials from the user |
2 | 127 |
* at the same time, then all but the first will block until |
128 |
* the first completes its authentication. |
|
129 |
*/ |
|
32649
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
25859
diff
changeset
|
130 |
private static HashMap<String,Thread> requests = new HashMap<>(); |
57968 | 131 |
private static final ReentrantLock requestLock = new ReentrantLock(); |
132 |
private static final Condition requestFinished = requestLock.newCondition(); |
|
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
133 |
/* |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
134 |
* check if AuthenticationInfo is available in the cache. |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
135 |
* If not, check if a request for this destination is in progress |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
136 |
* and if so block until the other request is finished authenticating |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
137 |
* and returns the cached authentication value. |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
138 |
* Otherwise, returns the cached authentication value, which may be null. |
2 | 139 |
*/ |
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
140 |
private static AuthenticationInfo requestAuthentication(String key, Function<String, AuthenticationInfo> cache) { |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
141 |
AuthenticationInfo cached = cache.apply(key); |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
142 |
if (cached != null || !serializeAuth) { |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
143 |
// either we already have a value in the cache, and we can |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
144 |
// use that immediately, or the serializeAuth behavior is disabled, |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
145 |
// and we can revert to concurrent requests |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
146 |
return cached; |
2 | 147 |
} |
57968 | 148 |
requestLock.lock(); |
149 |
try { |
|
150 |
// check again after locking, and if available |
|
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
151 |
// just return the cached value. |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
152 |
cached = cache.apply(key); |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
153 |
if (cached != null) return cached; |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
154 |
|
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
155 |
// Otherwise, if no request is in progress, record this |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
156 |
// thread as performing authentication and returns null. |
2 | 157 |
Thread t, c; |
158 |
c = Thread.currentThread(); |
|
4916
de44744708a2
6693244: Java Web Start app fails on 6u10 beta w/ AssertionError in AuthenticationInfo.requestCompleted
chegar
parents:
4157
diff
changeset
|
159 |
if ((t = requests.get(key)) == null) { |
2 | 160 |
requests.put (key, c); |
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
161 |
assert cached == null; |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
162 |
return cached; |
2 | 163 |
} |
164 |
if (t == c) { |
|
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
165 |
assert cached == null; |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
166 |
return cached; |
2 | 167 |
} |
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
168 |
// Otherwise, an other thread is currently performing authentication: |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
169 |
// wait until it finishes. |
2 | 170 |
while (requests.containsKey(key)) { |
57968 | 171 |
requestFinished.awaitUninterruptibly(); |
2 | 172 |
} |
57968 | 173 |
} finally { |
174 |
requestLock.unlock(); |
|
2 | 175 |
} |
176 |
/* entry may be in cache now. */ |
|
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
177 |
return cache.apply(key); |
2 | 178 |
} |
179 |
||
180 |
/* signal completion of an authentication (whether it succeeded or not) |
|
181 |
* so that other threads can continue. |
|
182 |
*/ |
|
32649
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
25859
diff
changeset
|
183 |
private static void requestCompleted (String key) { |
57968 | 184 |
requestLock.lock(); |
185 |
try { |
|
4916
de44744708a2
6693244: Java Web Start app fails on 6u10 beta w/ AssertionError in AuthenticationInfo.requestCompleted
chegar
parents:
4157
diff
changeset
|
186 |
Thread thread = requests.get(key); |
de44744708a2
6693244: Java Web Start app fails on 6u10 beta w/ AssertionError in AuthenticationInfo.requestCompleted
chegar
parents:
4157
diff
changeset
|
187 |
if (thread != null && thread == Thread.currentThread()) { |
de44744708a2
6693244: Java Web Start app fails on 6u10 beta w/ AssertionError in AuthenticationInfo.requestCompleted
chegar
parents:
4157
diff
changeset
|
188 |
boolean waspresent = requests.remove(key) != null; |
de44744708a2
6693244: Java Web Start app fails on 6u10 beta w/ AssertionError in AuthenticationInfo.requestCompleted
chegar
parents:
4157
diff
changeset
|
189 |
assert waspresent; |
de44744708a2
6693244: Java Web Start app fails on 6u10 beta w/ AssertionError in AuthenticationInfo.requestCompleted
chegar
parents:
4157
diff
changeset
|
190 |
} |
57968 | 191 |
requestFinished.signalAll(); |
192 |
} finally { |
|
193 |
requestLock.unlock(); |
|
2 | 194 |
} |
195 |
} |
|
196 |
||
197 |
//public String toString () { |
|
3859
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
198 |
//return ("{"+type+":"+authScheme+":"+protocol+":"+host+":"+port+":"+realm+":"+path+"}"); |
2 | 199 |
//} |
200 |
||
201 |
// REMIND: This cache just grows forever. We should put in a bounded |
|
202 |
// cache, or maybe something using WeakRef's. |
|
203 |
||
204 |
/** The type (server/proxy) of authentication this is. Used for key lookup */ |
|
205 |
char type; |
|
206 |
||
3859
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
207 |
/** The authentication scheme (basic/digest). Also used for key lookup */ |
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
208 |
AuthScheme authScheme; |
2 | 209 |
|
210 |
/** The protocol/scheme (i.e. http or https ). Need to keep the caches |
|
211 |
* logically separate for the two protocols. This field is only used |
|
212 |
* when constructed with a URL (the normal case for server authentication) |
|
213 |
* For proxy authentication the protocol is not relevant. |
|
214 |
*/ |
|
215 |
String protocol; |
|
216 |
||
217 |
/** The host we're authenticating against. */ |
|
218 |
String host; |
|
219 |
||
220 |
/** The port on the host we're authenticating against. */ |
|
221 |
int port; |
|
222 |
||
223 |
/** The realm we're authenticating against. */ |
|
224 |
String realm; |
|
225 |
||
226 |
/** The shortest path from the URL we authenticated against. */ |
|
227 |
String path; |
|
228 |
||
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
229 |
/** |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
230 |
* A key identifying the authenticator from which the credentials |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
231 |
* were obtained. |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
232 |
* {@link AuthenticatorKeys#DEFAULT} identifies the {@linkplain |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
233 |
* java.net.Authenticator#setDefault(java.net.Authenticator) default} |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
234 |
* authenticator. |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
235 |
*/ |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
236 |
String authenticatorKey; |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
237 |
|
2 | 238 |
/** Use this constructor only for proxy entries */ |
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
239 |
public AuthenticationInfo(char type, AuthScheme authScheme, String host, |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
240 |
int port, String realm, String authenticatorKey) { |
2 | 241 |
this.type = type; |
3859
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
242 |
this.authScheme = authScheme; |
2 | 243 |
this.protocol = ""; |
244 |
this.host = host.toLowerCase(); |
|
245 |
this.port = port; |
|
246 |
this.realm = realm; |
|
247 |
this.path = null; |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
248 |
this.authenticatorKey = Objects.requireNonNull(authenticatorKey); |
2 | 249 |
} |
250 |
||
251 |
public Object clone() { |
|
252 |
try { |
|
253 |
return super.clone (); |
|
254 |
} catch (CloneNotSupportedException e) { |
|
255 |
// Cannot happen because Cloneable implemented by AuthenticationInfo |
|
256 |
return null; |
|
257 |
} |
|
258 |
} |
|
259 |
||
260 |
/* |
|
261 |
* Constructor used to limit the authorization to the path within |
|
262 |
* the URL. Use this constructor for origin server entries. |
|
263 |
*/ |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
264 |
public AuthenticationInfo(char type, AuthScheme authScheme, URL url, String realm, |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
265 |
String authenticatorKey) { |
2 | 266 |
this.type = type; |
3859
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
267 |
this.authScheme = authScheme; |
2 | 268 |
this.protocol = url.getProtocol().toLowerCase(); |
269 |
this.host = url.getHost().toLowerCase(); |
|
270 |
this.port = url.getPort(); |
|
271 |
if (this.port == -1) { |
|
272 |
this.port = url.getDefaultPort(); |
|
273 |
} |
|
274 |
this.realm = realm; |
|
275 |
||
276 |
String urlPath = url.getPath(); |
|
53018
8bf9268df0e2
8215281: Use String.isEmpty() when applicable in java.base
redestad
parents:
52499
diff
changeset
|
277 |
if (urlPath.isEmpty()) |
2 | 278 |
this.path = urlPath; |
279 |
else { |
|
280 |
this.path = reducePath (urlPath); |
|
281 |
} |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
282 |
this.authenticatorKey = Objects.requireNonNull(authenticatorKey); |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
283 |
} |
2 | 284 |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
285 |
/** |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
286 |
* The {@linkplain java.net.Authenticator#getKey(java.net.Authenticator) key} |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
287 |
* of the authenticator that was used to obtain the credentials. |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
288 |
* @return The authenticator's key. |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
289 |
*/ |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
290 |
public final String getAuthenticatorKey() { |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
291 |
return authenticatorKey; |
2 | 292 |
} |
293 |
||
294 |
/* |
|
295 |
* reduce the path to the root of where we think the |
|
296 |
* authorization begins. This could get shorter as |
|
297 |
* the url is traversed up following a successful challenge. |
|
298 |
*/ |
|
299 |
static String reducePath (String urlPath) { |
|
300 |
int sepIndex = urlPath.lastIndexOf('/'); |
|
301 |
int targetSuffixIndex = urlPath.lastIndexOf('.'); |
|
302 |
if (sepIndex != -1) |
|
303 |
if (sepIndex < targetSuffixIndex) |
|
304 |
return urlPath.substring(0, sepIndex+1); |
|
305 |
else |
|
306 |
return urlPath; |
|
307 |
else |
|
308 |
return urlPath; |
|
309 |
} |
|
310 |
||
311 |
/** |
|
312 |
* Returns info for the URL, for an HTTP server auth. Used when we |
|
313 |
* don't yet know the realm |
|
314 |
* (i.e. when we're preemptively setting the auth). |
|
315 |
*/ |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
316 |
static AuthenticationInfo getServerAuth(URL url, String authenticatorKey) { |
2 | 317 |
int port = url.getPort(); |
318 |
if (port == -1) { |
|
319 |
port = url.getDefaultPort(); |
|
320 |
} |
|
321 |
String key = SERVER_AUTHENTICATION + ":" + url.getProtocol().toLowerCase() |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
322 |
+ ":" + url.getHost().toLowerCase() + ":" + port |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
323 |
+ ";auth=" + authenticatorKey; |
2 | 324 |
return getAuth(key, url); |
325 |
} |
|
326 |
||
327 |
/** |
|
328 |
* Returns info for the URL, for an HTTP server auth. Used when we |
|
329 |
* do know the realm (i.e. when we're responding to a challenge). |
|
330 |
* In this case we do not use the path because the protection space |
|
331 |
* is identified by the host:port:realm only |
|
332 |
*/ |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
333 |
static String getServerAuthKey(URL url, String realm, AuthScheme scheme, |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
334 |
String authenticatorKey) { |
2 | 335 |
int port = url.getPort(); |
336 |
if (port == -1) { |
|
337 |
port = url.getDefaultPort(); |
|
338 |
} |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
339 |
String key = SERVER_AUTHENTICATION + ":" + scheme + ":" |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
340 |
+ url.getProtocol().toLowerCase() |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
341 |
+ ":" + url.getHost().toLowerCase() |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
342 |
+ ":" + port + ":" + realm |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
343 |
+ ";auth=" + authenticatorKey; |
5199
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
344 |
return key; |
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
345 |
} |
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
346 |
|
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
347 |
private static AuthenticationInfo getCachedServerAuth(String key) { |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
348 |
return getAuth(key, null); |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
349 |
} |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
350 |
|
5199
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
351 |
static AuthenticationInfo getServerAuth(String key) { |
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
352 |
if (!serializeAuth) return getCachedServerAuth(key); |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
353 |
return requestAuthentication(key, AuthenticationInfo::getCachedServerAuth); |
2 | 354 |
} |
355 |
||
356 |
||
357 |
/** |
|
358 |
* Return the AuthenticationInfo object from the cache if it's path is |
|
359 |
* a substring of the supplied URLs path. |
|
360 |
*/ |
|
361 |
static AuthenticationInfo getAuth(String key, URL url) { |
|
362 |
if (url == null) { |
|
363 |
return (AuthenticationInfo)cache.get (key, null); |
|
364 |
} else { |
|
365 |
return (AuthenticationInfo)cache.get (key, url.getPath()); |
|
366 |
} |
|
367 |
} |
|
368 |
||
369 |
/** |
|
370 |
* Returns a firewall authentication, for the given host/port. Used |
|
371 |
* for preemptive header-setting. Note, the protocol field is always |
|
372 |
* blank for proxies. |
|
373 |
*/ |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
374 |
static AuthenticationInfo getProxyAuth(String host, int port, |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
375 |
String authenticatorKey) { |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
376 |
String key = PROXY_AUTHENTICATION + "::" + host.toLowerCase() + ":" + port |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
377 |
+ ";auth=" + authenticatorKey; |
2 | 378 |
AuthenticationInfo result = (AuthenticationInfo) cache.get(key, null); |
379 |
return result; |
|
380 |
} |
|
381 |
||
382 |
/** |
|
383 |
* Returns a firewall authentication, for the given host/port and realm. |
|
384 |
* Used in response to a challenge. Note, the protocol field is always |
|
385 |
* blank for proxies. |
|
386 |
*/ |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
387 |
static String getProxyAuthKey(String host, int port, String realm, |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
388 |
AuthScheme scheme, String authenticatorKey) { |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
389 |
String key = PROXY_AUTHENTICATION + ":" + scheme |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
390 |
+ "::" + host.toLowerCase() |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
391 |
+ ":" + port + ":" + realm |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
392 |
+ ";auth=" + authenticatorKey; |
5199
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
393 |
return key; |
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
394 |
} |
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
395 |
|
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
396 |
private static AuthenticationInfo getCachedProxyAuth(String key) { |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
397 |
return (AuthenticationInfo) cache.get(key, null); |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
398 |
} |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
399 |
|
5199
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
400 |
static AuthenticationInfo getProxyAuth(String key) { |
57793
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
401 |
if (!serializeAuth) return getCachedProxyAuth(key); |
d372747e8f08
8191169: java/net/Authenticator/B4769350.java failed intermittently
dfuchs
parents:
53018
diff
changeset
|
402 |
return requestAuthentication(key, AuthenticationInfo::getCachedProxyAuth); |
2 | 403 |
} |
404 |
||
405 |
||
406 |
/** |
|
407 |
* Add this authentication to the cache |
|
408 |
*/ |
|
409 |
void addToCache() { |
|
5199
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
410 |
String key = cacheKey(true); |
44753 | 411 |
if (useAuthCache()) { |
412 |
cache.put(key, this); |
|
413 |
if (supportsPreemptiveAuthorization()) { |
|
414 |
cache.put(cacheKey(false), this); |
|
415 |
} |
|
2 | 416 |
} |
5199
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
417 |
endAuthRequest(key); |
2 | 418 |
} |
419 |
||
5199
98b1778f0fd1
6648001: Cancelling HTTP authentication causes subsequent deadlocks
chegar
parents:
4916
diff
changeset
|
420 |
static void endAuthRequest (String key) { |
2 | 421 |
if (!serializeAuth) { |
422 |
return; |
|
423 |
} |
|
57968 | 424 |
requestCompleted(key); |
2 | 425 |
} |
426 |
||
427 |
/** |
|
428 |
* Remove this authentication from the cache |
|
429 |
*/ |
|
430 |
void removeFromCache() { |
|
431 |
cache.remove(cacheKey(true), this); |
|
432 |
if (supportsPreemptiveAuthorization()) { |
|
433 |
cache.remove(cacheKey(false), this); |
|
434 |
} |
|
435 |
} |
|
436 |
||
437 |
/** |
|
438 |
* @return true if this authentication supports preemptive authorization |
|
439 |
*/ |
|
4157
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
440 |
public abstract boolean supportsPreemptiveAuthorization(); |
2 | 441 |
|
442 |
/** |
|
443 |
* @return the name of the HTTP header this authentication wants set. |
|
444 |
* This is used for preemptive authorization. |
|
445 |
*/ |
|
4157
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
446 |
public String getHeaderName() { |
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
447 |
if (type == SERVER_AUTHENTICATION) { |
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
448 |
return "Authorization"; |
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
449 |
} else { |
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
450 |
return "Proxy-authorization"; |
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
451 |
} |
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
452 |
} |
2 | 453 |
|
454 |
/** |
|
455 |
* Calculates and returns the authentication header value based |
|
456 |
* on the stored authentication parameters. If the calculation does not depend |
|
457 |
* on the URL or the request method then these parameters are ignored. |
|
458 |
* @param url The URL |
|
459 |
* @param method The request method |
|
460 |
* @return the value of the HTTP header this authentication wants set. |
|
461 |
* Used for preemptive authorization. |
|
462 |
*/ |
|
4157
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
463 |
public abstract String getHeaderValue(URL url, String method); |
2 | 464 |
|
465 |
/** |
|
466 |
* Set header(s) on the given connection. Subclasses must override |
|
467 |
* This will only be called for |
|
468 |
* definitive (i.e. non-preemptive) authorization. |
|
469 |
* @param conn The connection to apply the header(s) to |
|
470 |
* @param p A source of header values for this connection, if needed. |
|
471 |
* @param raw The raw header field (if needed) |
|
472 |
* @return true if all goes well, false if no headers were set. |
|
473 |
*/ |
|
4157
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
474 |
public abstract boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw); |
2 | 475 |
|
476 |
/** |
|
477 |
* Check if the header indicates that the current auth. parameters are stale. |
|
478 |
* If so, then replace the relevant field with the new value |
|
479 |
* and return true. Otherwise return false. |
|
480 |
* returning true means the request can be retried with the same userid/password |
|
481 |
* returning false means we have to go back to the user to ask for a new |
|
482 |
* username password. |
|
483 |
*/ |
|
4157
558590fb3b49
6893238: Move NTLM and SPNEGO implementations into separate packages
chegar
parents:
3952
diff
changeset
|
484 |
public abstract boolean isAuthorizationStale (String header); |
2 | 485 |
|
486 |
/** |
|
487 |
* Give a key for hash table lookups. |
|
488 |
* @param includeRealm if you want the realm considered. Preemptively |
|
489 |
* setting an authorization is done before the realm is known. |
|
490 |
*/ |
|
491 |
String cacheKey(boolean includeRealm) { |
|
492 |
// This must be kept in sync with the getXXXAuth() methods in this |
|
493 |
// class. |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
494 |
String authenticatorKey = getAuthenticatorKey(); |
2 | 495 |
if (includeRealm) { |
3859
8b82336dedb3
6882594: Remove static dependancy on NTLM authentication
chegar
parents:
2
diff
changeset
|
496 |
return type + ":" + authScheme + ":" + protocol + ":" |
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
497 |
+ host + ":" + port + ":" + realm |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
498 |
+ ";auth=" + authenticatorKey; |
2 | 499 |
} else { |
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
500 |
return type + ":" + protocol + ":" + host + ":" + port |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
501 |
+ ";auth=" + authenticatorKey; |
2 | 502 |
} |
503 |
} |
|
504 |
||
505 |
String s1, s2; /* used for serialization of pw */ |
|
506 |
||
57956
e0b8b019d2f5
8229997: Apply java.io.Serial annotations in java.base
darcy
parents:
57793
diff
changeset
|
507 |
@java.io.Serial |
57968 | 508 |
// should be safe to keep synchronized here |
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
509 |
private synchronized void readObject(ObjectInputStream s) |
2 | 510 |
throws IOException, ClassNotFoundException |
511 |
{ |
|
512 |
s.defaultReadObject (); |
|
513 |
pw = new PasswordAuthentication (s1, s2.toCharArray()); |
|
514 |
s1 = null; s2= null; |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
515 |
if (authenticatorKey == null) { |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
516 |
authenticatorKey = AuthenticatorKeys.DEFAULT; |
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
517 |
} |
2 | 518 |
} |
519 |
||
57956
e0b8b019d2f5
8229997: Apply java.io.Serial annotations in java.base
darcy
parents:
57793
diff
changeset
|
520 |
@java.io.Serial |
57968 | 521 |
// should be safe to keep synchronized here |
2 | 522 |
private synchronized void writeObject(java.io.ObjectOutputStream s) |
523 |
throws IOException |
|
524 |
{ |
|
42351
85ed90be0ae1
8169495: Add a method to set an Authenticator on a HttpURLConnection.
dfuchs
parents:
32649
diff
changeset
|
525 |
Objects.requireNonNull(authenticatorKey); |
2 | 526 |
s1 = pw.getUserName(); |
527 |
s2 = new String (pw.getPassword()); |
|
528 |
s.defaultWriteObject (); |
|
529 |
} |
|
530 |
} |