src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/AuthenticationFilter.java
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/AuthenticationFilter.java Wed Jan 31 15:52:35 2018 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/AuthenticationFilter.java Wed Jan 31 16:18:41 2018 +0000
@@ -34,8 +34,11 @@
import java.net.URL;
import java.util.Base64;
import java.util.LinkedList;
+import java.util.List;
import java.util.Objects;
import java.util.WeakHashMap;
+
+import jdk.incubator.http.internal.common.Log;
import jdk.incubator.http.internal.common.Utils;
import static java.net.Authenticator.RequestorType.PROXY;
import static java.net.Authenticator.RequestorType.SERVER;
@@ -56,6 +59,10 @@
static final int UNAUTHORIZED = 401;
static final int PROXY_UNAUTHORIZED = 407;
+ private static final List<String> BASIC_DUMMY =
+ List.of("Basic " + Base64.getEncoder()
+ .encodeToString("o:o".getBytes(ISO_8859_1)));
+
// A public no-arg constructor is required by FilterFactory
public AuthenticationFilter() {}
@@ -157,6 +164,21 @@
sb.append(pw.getUserName()).append(':').append(pw.getPassword());
String s = encoder.encodeToString(sb.toString().getBytes(ISO_8859_1));
String value = "Basic " + s;
+ if (proxy) {
+ if (r.isConnect()) {
+ if (!Utils.PROXY_TUNNEL_FILTER
+ .test(hdrname, List.of(value))) {
+ Log.logError("{0} disabled", hdrname);
+ return;
+ }
+ } else if (r.proxy() != null) {
+ if (!Utils.PROXY_FILTER
+ .test(hdrname, List.of(value))) {
+ Log.logError("{0} disabled", hdrname);
+ return;
+ }
+ }
+ }
r.setSystemHeader(hdrname, value);
}
@@ -232,6 +254,22 @@
return null; // error gets returned to app
}
+ if (proxy) {
+ if (r.isConnectResponse) {
+ if (!Utils.PROXY_TUNNEL_FILTER
+ .test("Proxy-Authorization", BASIC_DUMMY)) {
+ Log.logError("{0} disabled", "Proxy-Authorization");
+ return null;
+ }
+ } else if (req.proxy() != null) {
+ if (!Utils.PROXY_FILTER
+ .test("Proxy-Authorization", BASIC_DUMMY)) {
+ Log.logError("{0} disabled", "Proxy-Authorization");
+ return null;
+ }
+ }
+ }
+
AuthInfo au = proxy ? exchange.proxyauth : exchange.serverauth;
if (au == null) {
// if no authenticator, let the user deal with 407/401