8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException
Summary: Change implementation to use iterator instead of plain LinkedList
Reviewed-by: dfuchs, vtewari
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8203882
* @summary (httpclient) Check that HttpClient throws IOException when
* receiving 401/407 with no WWW-Authenticate/Proxy-Authenticate
* header only in the case where an authenticator is configured
* for the client. If no authenticator is configured the client
* should simply let the caller deal with the unauthorized response.
* @modules java.base/sun.net.www.http
* java.net.http/jdk.internal.net.http.common
* java.net.http/jdk.internal.net.http.frame
* java.net.http/jdk.internal.net.http.hpack
* java.logging
* jdk.httpserver
* @library /test/lib http2/server
* @build Http2TestServer
* @build jdk.test.lib.net.SimpleSSLContext
* @run testng/othervm
* -Djdk.httpclient.HttpClient.log=headers
* UnauthorizedTest
*/
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsServer;
import jdk.test.lib.net.SimpleSSLContext;
import org.testng.annotations.AfterTest;
import org.testng.annotations.BeforeTest;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import javax.net.ssl.SSLContext;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Authenticator;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.http.HttpResponse.BodyHandlers;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.atomic.AtomicLong;
import static java.lang.System.out;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertTrue;
public class UnauthorizedTest implements HttpServerAdapters {
SSLContext sslContext;
HttpTestServer httpTestServer; // HTTP/1.1
HttpTestServer httpsTestServer; // HTTPS/1.1
HttpTestServer http2TestServer; // HTTP/2 ( h2c )
HttpTestServer https2TestServer; // HTTP/2 ( h2 )
String httpURI;
String httpsURI;
String http2URI;
String https2URI;
HttpClient authClient;
HttpClient noAuthClient;
static final int ITERATIONS = 3;
/*
* NOT_MODIFIED status code results from a conditional GET where
* the server does not (must not) return a response body because
* the condition specified in the request disallows it
*/
static final int UNAUTHORIZED = 401;
static final int PROXY_UNAUTHORIZED = 407;
static final int HTTP_OK = 200;
static final String MESSAGE = "Unauthorized";
@DataProvider(name = "all")
public Object[][] positive() {
return new Object[][] {
{ httpURI + "/server", UNAUTHORIZED, true, authClient},
{ httpsURI + "/server", UNAUTHORIZED, true, authClient},
{ http2URI + "/server", UNAUTHORIZED, true, authClient},
{ https2URI + "/server", UNAUTHORIZED, true, authClient},
{ httpURI + "/proxy", PROXY_UNAUTHORIZED, true, authClient},
{ httpsURI + "/proxy", PROXY_UNAUTHORIZED, true, authClient},
{ http2URI + "/proxy", PROXY_UNAUTHORIZED, true, authClient},
{ https2URI + "/proxy", PROXY_UNAUTHORIZED, true, authClient},
{ httpURI + "/server", UNAUTHORIZED, false, authClient},
{ httpsURI + "/server", UNAUTHORIZED, false, authClient},
{ http2URI + "/server", UNAUTHORIZED, false, authClient},
{ https2URI + "/server", UNAUTHORIZED, false, authClient},
{ httpURI + "/proxy", PROXY_UNAUTHORIZED, false, authClient},
{ httpsURI + "/proxy", PROXY_UNAUTHORIZED, false, authClient},
{ http2URI + "/proxy", PROXY_UNAUTHORIZED, false, authClient},
{ https2URI + "/proxy", PROXY_UNAUTHORIZED, false, authClient},
{ httpURI + "/server", UNAUTHORIZED, true, noAuthClient},
{ httpsURI + "/server", UNAUTHORIZED, true, noAuthClient},
{ http2URI + "/server", UNAUTHORIZED, true, noAuthClient},
{ https2URI + "/server", UNAUTHORIZED, true, noAuthClient},
{ httpURI + "/proxy", PROXY_UNAUTHORIZED, true, noAuthClient},
{ httpsURI + "/proxy", PROXY_UNAUTHORIZED, true, noAuthClient},
{ http2URI + "/proxy", PROXY_UNAUTHORIZED, true, noAuthClient},
{ https2URI + "/proxy", PROXY_UNAUTHORIZED, true, noAuthClient},
{ httpURI + "/server", UNAUTHORIZED, false, noAuthClient},
{ httpsURI + "/server", UNAUTHORIZED, false, noAuthClient},
{ http2URI + "/server", UNAUTHORIZED, false, noAuthClient},
{ https2URI + "/server", UNAUTHORIZED, false, noAuthClient},
{ httpURI + "/proxy", PROXY_UNAUTHORIZED, false, noAuthClient},
{ httpsURI + "/proxy", PROXY_UNAUTHORIZED, false, noAuthClient},
{ http2URI + "/proxy", PROXY_UNAUTHORIZED, false, noAuthClient},
{ https2URI + "/proxy", PROXY_UNAUTHORIZED, false, noAuthClient},
};
}
static final AtomicLong requestCounter = new AtomicLong();
static final Authenticator authenticator = new Authenticator() {
};
@Test(dataProvider = "all")
void test(String uriString, int code, boolean async, HttpClient client) throws Throwable {
out.printf("%n---- starting (%s, %d, %s, %s) ----%n",
uriString, code, async ? "async" : "sync",
client.authenticator().isPresent() ? "authClient" : "noAuthClient");
URI uri = URI.create(uriString);
HttpRequest.Builder requestBuilder = HttpRequest
.newBuilder(uri)
.GET();
HttpRequest request = requestBuilder.build();
out.println("Initial request: " + request.uri());
boolean shouldThrow = client.authenticator().isPresent();
String header = (code==UNAUTHORIZED)?"WWW-Authenticate":"Proxy-Authenticate";
HttpResponse<String> response = null;
try {
if (async) {
response = client.send(request, BodyHandlers.ofString());
} else {
try {
response = client.sendAsync(request, BodyHandlers.ofString()).get();
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
} catch (IOException ex) {
if (shouldThrow && ex.getMessage().contains(header)) {
System.out.println("Got expected exception: " + ex);
return;
} else throw ex;
}
out.println(" Got response: " + response);
assertEquals(response.statusCode(), code);
assertEquals(response.body(),
(code == UNAUTHORIZED ? "WWW-" : "Proxy-") + MESSAGE);
if (shouldThrow) {
throw new RuntimeException("Expected IOException not thrown.");
}
}
// -- Infrastructure
@BeforeTest
public void setup() throws Exception {
sslContext = new SimpleSSLContext().get();
if (sslContext == null)
throw new AssertionError("Unexpected null sslContext");
InetSocketAddress sa = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
httpTestServer = HttpTestServer.of(HttpServer.create(sa, 0));
httpTestServer.addHandler(new UnauthorizedHandler(), "/http1/");
httpURI = "http://" + httpTestServer.serverAuthority() + "/http1";
HttpsServer httpsServer = HttpsServer.create(sa, 0);
httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext));
httpsTestServer = HttpTestServer.of(httpsServer);
httpsTestServer.addHandler(new UnauthorizedHandler(),"/https1/");
httpsURI = "https://" + httpsTestServer.serverAuthority() + "/https1";
http2TestServer = HttpTestServer.of(new Http2TestServer("localhost", false, 0));
http2TestServer.addHandler(new UnauthorizedHandler(), "/http2/");
http2URI = "http://" + http2TestServer.serverAuthority() + "/http2";
https2TestServer = HttpTestServer.of(new Http2TestServer("localhost", true, sslContext));
https2TestServer.addHandler(new UnauthorizedHandler(), "/https2/");
https2URI = "https://" + https2TestServer.serverAuthority() + "/https2";
authClient = HttpClient.newBuilder()
.proxy(HttpClient.Builder.NO_PROXY)
.sslContext(sslContext)
.authenticator(authenticator)
.build();
noAuthClient = HttpClient.newBuilder()
.proxy(HttpClient.Builder.NO_PROXY)
.sslContext(sslContext)
.build();
httpTestServer.start();
httpsTestServer.start();
http2TestServer.start();
https2TestServer.start();
}
@AfterTest
public void teardown() throws Exception {
httpTestServer.stop();
httpsTestServer.stop();
http2TestServer.stop();
https2TestServer.stop();
}
static class UnauthorizedHandler implements HttpTestHandler {
@Override
public void handle(HttpTestExchange t) throws IOException {
readAllRequestData(t); // shouldn't be any
String method = t.getRequestMethod();
String path = t.getRequestURI().getPath();
HttpTestResponseHeaders rsph = t.getResponseHeaders();
int code;
if (path.contains("server")) {
code = UNAUTHORIZED;
} else {
code = PROXY_UNAUTHORIZED;
}
String message = (code == UNAUTHORIZED ? "WWW-" : "Proxy-") + MESSAGE;
byte[] bytes = message.getBytes(UTF_8);
t.sendResponseHeaders(code, bytes.length);
try (OutputStream os = t.getResponseBody()) {
os.write(bytes);
}
}
}
static void readAllRequestData(HttpTestExchange t) throws IOException {
try (InputStream is = t.getRequestBody()) {
is.readAllBytes();
}
}
}