http-client-branch: changed Redirect enums and implemented RFC 7231 auto redirect POST to GETs
--- a/src/java.net.http/share/classes/java/net/http/HttpClient.java Mon Mar 12 17:30:38 2018 +0000
+++ b/src/java.net.http/share/classes/java/net/http/HttpClient.java Mon Mar 12 17:52:50 2018 +0000
@@ -454,6 +454,11 @@
* <p> {@code Redirect} policy is set via the {@linkplain
* HttpClient.Builder#followRedirects(Redirect) Builder.followRedirects}
* method.
+ * <p>
+ * @implNote When automatic redirection occurs, the request method of the
+ * redirected request may be modified depending on the specific {@code 30X}
+ * status code, as specified in RFC 7231. In addition, the 301 and 302 status
+ * codes, cause a POST request to be converted to a GET in the redirected request.
*
* @since 11
*/
@@ -470,15 +475,9 @@
ALWAYS,
/**
- * Redirect to same protocol only. Redirection may occur from HTTP URLs
- * to other HTTP URLs, and from HTTPS URLs to other HTTPS URLs.
+ * Always redirect, except from HTTPS URLs to HTTP URLs.
*/
- SAME_PROTOCOL,
-
- /**
- * Redirect always except from HTTPS URLs to HTTP URLs.
- */
- SECURE
+ NORMAL
}
/**
--- a/src/java.net.http/share/classes/java/net/http/HttpRequest.java Mon Mar 12 17:30:38 2018 +0000
+++ b/src/java.net.http/share/classes/java/net/http/HttpRequest.java Mon Mar 12 17:52:50 2018 +0000
@@ -50,9 +50,9 @@
* is obtained from one of the {@link HttpRequest#newBuilder(URI) newBuilder}
* methods. A request's {@link URI}, headers, and body can be set. Request
* bodies are provided through a {@link BodyPublisher BodyPublisher} supplied
- * to one of the {@link Builder#DELETE(BodyPublisher) DELETE},
- * {@link Builder#POST(BodyPublisher) POST} or
- * {@link Builder#PUT(BodyPublisher) PUT} methods.
+ * to one of the {@link Builder#POST(BodyPublisher) POST},
+ * {@link Builder#PUT(BodyPublisher) PUT} or {@link Builder#method(String,BodyPublisher)
+ * method} methods.
* Once all required parameters have been set in the builder, {@link
* Builder#build() build} will return the {@code HttpRequest}. Builders can be
* copied and modified many times in order to build multiple related requests
@@ -242,15 +242,12 @@
public Builder PUT(BodyPublisher bodyPublisher);
/**
- * Sets the request method of this builder to DELETE and sets its
- * request body publisher to the given value.
- *
- * @param bodyPublisher the body publisher
+ * Sets the request method of this builder to DELETE.
*
* @return this builder
*/
- public Builder DELETE(BodyPublisher bodyPublisher);
+ public Builder DELETE();
/**
* Sets the request method and request body of this builder to the
--- a/src/java.net.http/share/classes/jdk/internal/net/http/HttpRequestBuilderImpl.java Mon Mar 12 17:30:38 2018 +0000
+++ b/src/java.net.http/share/classes/jdk/internal/net/http/HttpRequestBuilderImpl.java Mon Mar 12 17:52:50 2018 +0000
@@ -179,8 +179,8 @@
}
@Override
- public HttpRequest.Builder DELETE(BodyPublisher body) {
- return method0("DELETE", requireNonNull(body));
+ public HttpRequest.Builder DELETE() {
+ return method0("DELETE", null);
}
@Override
@@ -206,7 +206,6 @@
private HttpRequest.Builder method0(String method, BodyPublisher body) {
assert method != null;
- assert !method.equals("GET") ? body != null : true;
assert !method.equals("");
this.method = method;
this.bodyPublisher = body;
--- a/src/java.net.http/share/classes/jdk/internal/net/http/RedirectFilter.java Mon Mar 12 17:30:38 2018 +0000
+++ b/src/java.net.http/share/classes/jdk/internal/net/http/RedirectFilter.java Mon Mar 12 17:52:50 2018 +0000
@@ -66,6 +66,22 @@
return handleResponse(r);
}
+ private String redirectedMethod(int statusCode, String orig) {
+ switch (statusCode) {
+ case 301:
+ case 302:
+ return orig.equals("POST") ? "GET" : orig;
+ case 303:
+ return "GET";
+ case 307:
+ case 308:
+ return orig;
+ default:
+ // unexpected but return orig
+ return orig;
+ }
+ }
+
/**
* Checks to see if a new request is needed and returns it.
* Null means response is ok to return to user.
@@ -77,10 +93,11 @@
}
if (rcode >= 300 && rcode <= 399) {
URI redir = getRedirectedURI(r.headers());
+ String newMethod = redirectedMethod(rcode, method);
Log.logTrace("response code: {0}, redirected URI: {1}", rcode, redir);
if (canRedirect(redir) && ++exchange.numberOfRedirects < max_redirects) {
- Log.logTrace("redirecting to: {0}", redir);
- return HttpRequestImpl.newInstanceForRedirection(redir, method, request);
+ Log.logTrace("redirect to: {0} with method: {1}", redir, newMethod);
+ return HttpRequestImpl.newInstanceForRedirection(redir, newMethod, request);
} else {
Log.logTrace("not redirecting");
return null;
@@ -110,11 +127,9 @@
return true;
case NEVER:
return false;
- case SECURE:
+ case NORMAL:
return newScheme.equalsIgnoreCase(oldScheme)
|| newScheme.equalsIgnoreCase("https");
- case SAME_PROTOCOL:
- return newScheme.equalsIgnoreCase(oldScheme);
default:
throw new InternalError();
}
--- a/test/jdk/java/net/httpclient/BasicRedirectTest.java Mon Mar 12 17:30:38 2018 +0000
+++ b/test/jdk/java/net/httpclient/BasicRedirectTest.java Mon Mar 12 17:52:50 2018 +0000
@@ -95,17 +95,12 @@
{ httpsURIToLessSecure, Redirect.ALWAYS },
{ https2URIToLessSecure, Redirect.ALWAYS },
- { httpURI, Redirect.SAME_PROTOCOL },
- { httpsURI, Redirect.SAME_PROTOCOL },
- { http2URI, Redirect.SAME_PROTOCOL },
- { https2URI, Redirect.SAME_PROTOCOL },
-
- { httpURI, Redirect.SECURE },
- { httpsURI, Redirect.SECURE },
- { http2URI, Redirect.SECURE },
- { https2URI, Redirect.SECURE },
- { httpURIToMoreSecure, Redirect.SECURE },
- { http2URIToMoreSecure, Redirect.SECURE },
+ { httpURI, Redirect.NORMAL },
+ { httpsURI, Redirect.NORMAL },
+ { http2URI, Redirect.NORMAL },
+ { https2URI, Redirect.NORMAL },
+ { httpURIToMoreSecure, Redirect.NORMAL },
+ { http2URIToMoreSecure, Redirect.NORMAL },
};
}
@@ -177,13 +172,8 @@
{ httpsURIToLessSecure, Redirect.NEVER },
{ https2URIToLessSecure, Redirect.NEVER },
- { httpURIToMoreSecure, Redirect.SAME_PROTOCOL },
- { http2URIToMoreSecure, Redirect.SAME_PROTOCOL },
- { httpsURIToLessSecure, Redirect.SAME_PROTOCOL },
- { https2URIToLessSecure, Redirect.SAME_PROTOCOL },
-
- { httpsURIToLessSecure, Redirect.SECURE },
- { https2URIToLessSecure, Redirect.SECURE },
+ { httpsURIToLessSecure, Redirect.NORMAL },
+ { https2URIToLessSecure, Redirect.NORMAL },
};
}
--- a/test/jdk/java/net/httpclient/DigestEchoClient.java Mon Mar 12 17:30:38 2018 +0000
+++ b/test/jdk/java/net/httpclient/DigestEchoClient.java Mon Mar 12 17:52:50 2018 +0000
@@ -211,10 +211,10 @@
break;
case PROXY305:
builder = builder.proxy(ProxySelector.of(server.getProxyAddress()));
- builder = builder.followRedirects(HttpClient.Redirect.SAME_PROTOCOL);
+ builder = builder.followRedirects(HttpClient.Redirect.NORMAL);
break;
case SERVER307:
- builder = builder.followRedirects(HttpClient.Redirect.SAME_PROTOCOL);
+ builder = builder.followRedirects(HttpClient.Redirect.NORMAL);
break;
default:
break;
--- a/test/jdk/java/net/httpclient/HttpClientBuilderTest.java Mon Mar 12 17:30:38 2018 +0000
+++ b/test/jdk/java/net/httpclient/HttpClientBuilderTest.java Mon Mar 12 17:52:50 2018 +0000
@@ -207,10 +207,8 @@
builder.followRedirects(Redirect.NEVER);
assertTrue(builder.build().followRedirects() == Redirect.NEVER);
assertThrows(NPE, () -> builder.followRedirects(null));
- builder.followRedirects(Redirect.SAME_PROTOCOL);
- assertTrue(builder.build().followRedirects() == Redirect.SAME_PROTOCOL);
- builder.followRedirects(Redirect.SECURE);
- assertTrue(builder.build().followRedirects() == Redirect.SECURE);
+ builder.followRedirects(Redirect.NORMAL);
+ assertTrue(builder.build().followRedirects() == Redirect.NORMAL);
}
@Test
--- a/test/jdk/java/net/httpclient/HttpRequestBuilderTest.java Mon Mar 12 17:30:38 2018 +0000
+++ b/test/jdk/java/net/httpclient/HttpRequestBuilderTest.java Mon Mar 12 17:52:50 2018 +0000
@@ -155,8 +155,7 @@
(String[]) new String[] {"foo"},
IllegalArgumentException.class);
- builder = test1("DELETE", builder, builder::DELETE,
- noBody(), null);
+ test0("DELETE", () -> HttpRequest.newBuilder(TEST_URI).DELETE().build(), null);
builder = test1("POST", builder, builder::POST,
noBody(), null);
@@ -167,10 +166,6 @@
builder = test2("method", builder, builder::method, "GET",
noBody(), null);
- builder = test1("DELETE", builder, builder::DELETE,
- (HttpRequest.BodyPublisher)null,
- NullPointerException.class);
-
builder = test1("POST", builder, builder::POST,
(HttpRequest.BodyPublisher)null,
NullPointerException.class);
@@ -231,8 +226,8 @@
() -> HttpRequest.newBuilder(TEST_URI).PUT(ofString("")).GET(),
"GET");
- method("newBuilder(TEST_URI).DELETE(ofString(\"\")).GET().build().method() == GET",
- () -> HttpRequest.newBuilder(TEST_URI).DELETE(ofString("")).GET(),
+ method("newBuilder(TEST_URI).DELETE().GET().build().method() == GET",
+ () -> HttpRequest.newBuilder(TEST_URI).DELETE().GET(),
"GET");
method("newBuilder(TEST_URI).POST(ofString(\"\")).build().method() == POST",
@@ -243,8 +238,8 @@
() -> HttpRequest.newBuilder(TEST_URI).PUT(ofString("")),
"PUT");
- method("newBuilder(TEST_URI).DELETE(ofString(\"\")).build().method() == DELETE",
- () -> HttpRequest.newBuilder(TEST_URI).DELETE(ofString("")),
+ method("newBuilder(TEST_URI).DELETE().build().method() == DELETE",
+ () -> HttpRequest.newBuilder(TEST_URI).DELETE(),
"DELETE");
method("newBuilder(TEST_URI).GET().POST(ofString(\"\")).build().method() == POST",
@@ -255,8 +250,8 @@
() -> HttpRequest.newBuilder(TEST_URI).GET().PUT(ofString("")),
"PUT");
- method("newBuilder(TEST_URI).GET().DELETE(ofString(\"\")).build().method() == DELETE",
- () -> HttpRequest.newBuilder(TEST_URI).GET().DELETE(ofString("")),
+ method("newBuilder(TEST_URI).GET().DELETE().build().method() == DELETE",
+ () -> HttpRequest.newBuilder(TEST_URI).GET().DELETE(),
"DELETE");
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/java/net/httpclient/RedirectMethodChange.java Mon Mar 12 17:52:50 2018 +0000
@@ -0,0 +1,202 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8087112
+ * @modules java.net.http
+ * jdk.httpserver
+ * @run main/othervm RedirectMethodChange
+ */
+
+import com.sun.net.httpserver.HttpContext;
+import com.sun.net.httpserver.HttpExchange;
+import com.sun.net.httpserver.HttpHandler;
+import com.sun.net.httpserver.HttpServer;
+import com.sun.net.httpserver.Headers;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpRequest.BodyPublishers;
+import java.net.http.HttpResponse;
+import java.net.http.HttpResponse.BodyHandlers;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.logging.*;
+import static java.nio.charset.StandardCharsets.US_ASCII;
+
+public class RedirectMethodChange {
+
+ static volatile boolean ok;
+ static final String RESPONSE = "Hello world";
+ static final String POST_BODY = "This is the POST body 123909090909090";
+ static volatile URI TEST_URI, REDIRECT_URI;
+ static volatile HttpClient client;
+
+ public static void main(String[] args) throws Exception {
+ //Logger l = Logger.getLogger("com.sun.net.httpserver");
+ //l.setLevel(Level.ALL);
+ //ConsoleHandler ch = new ConsoleHandler();
+ //ch.setLevel(Level.ALL);
+ //l.addHandler(ch);
+
+ InetSocketAddress addr = new InetSocketAddress(InetAddress.getLoopbackAddress(),0);
+ HttpServer server = HttpServer.create(addr, 10);
+ ExecutorService e = Executors.newCachedThreadPool();
+ Handler h = new Handler();
+ HttpContext serverContext = server.createContext("/test/", h);
+ HttpContext serverContext1 = server.createContext("/redirect/", h);
+ int port = server.getAddress().getPort();
+ System.out.println("Server address = " + server.getAddress());
+
+ server.setExecutor(e);
+ server.start();
+ client = HttpClient.newBuilder()
+ .followRedirects(HttpClient.Redirect.NORMAL)
+ .build();
+
+ try {
+ TEST_URI = new URI("http://localhost:" + Integer.toString(port) + "/test/foo");
+ REDIRECT_URI = new URI("http://localhost:" + Integer.toString(port) + "/redirect/foo");
+ test("GET", 301, "GET");
+ test("GET", 302, "GET");
+ test("GET", 303, "GET");
+ test("GET", 307, "GET");
+ test("GET", 308, "GET");
+ test("POST", 301, "GET");
+ test("POST", 302, "GET");
+ test("POST", 303, "GET");
+ test("POST", 307, "POST");
+ test("POST", 308, "POST");
+ test("PUT", 301, "PUT");
+ test("PUT", 302, "PUT");
+ test("PUT", 303, "GET");
+ test("PUT", 307, "PUT");
+ test("PUT", 308, "PUT");
+ } finally {
+ server.stop(0);
+ e.shutdownNow();
+ }
+ System.out.println("OK");
+ }
+
+ static HttpRequest.BodyPublisher getRequestBodyFor(String method) {
+ switch (method) {
+ case "GET":
+ case "DELETE":
+ case "HEAD":
+ return HttpRequest.BodyPublishers.noBody();
+ case "POST":
+ case "PUT":
+ return HttpRequest.BodyPublishers.ofString(POST_BODY);
+ default:
+ throw new InternalError();
+ }
+ }
+
+ static void test(String method, int redirectCode, String expectedMethod) throws Exception {
+ System.err.printf("Test %s, %d, %s %s\n", method, redirectCode, expectedMethod, TEST_URI.toString());
+ HttpRequest req = HttpRequest.newBuilder(TEST_URI)
+ .method(method, getRequestBodyFor(method))
+ .header("X-Redirect-Code", Integer.toString(redirectCode))
+ .header("X-Expect-Method", expectedMethod)
+ .build();
+ HttpResponse<String> resp = client.send(req, BodyHandlers.ofString());
+
+ if (resp.statusCode() != 200 || !resp.body().equals(RESPONSE)) {
+ String msg = "Failed: " + resp.statusCode();
+ throw new RuntimeException(msg);
+ }
+ }
+
+ /**
+ * request to /test is first test. The following headers are checked:
+ * X-Redirect-Code: nnn <the redirect code to send back>
+ * X-Expect-Method: the method that the client should use for the next request
+ *
+ * Following request should be to /redirect and should use the method indicated
+ * previously. If all ok, return a 200 response. Otherwise 500 error.
+ */
+ static class Handler implements HttpHandler {
+
+ volatile boolean inTest = false;
+ volatile String expectedMethod;
+
+ boolean readAndCheckBody(HttpExchange e) throws IOException {
+ InputStream is = e.getRequestBody();
+ String method = e.getRequestMethod();
+ String requestBody = new String(is.readAllBytes(), US_ASCII);
+ is.close();
+ if (method.equals("POST") || method.equals("PUT")) {
+ if (!requestBody.equals(POST_BODY)) {
+ e.sendResponseHeaders(503, -1);
+ return false;
+ }
+ }
+ return true;
+ }
+
+ @Override
+ public void handle(HttpExchange he) throws IOException {
+ boolean newtest = he.getRequestURI().getPath().startsWith("/test");
+ if ((newtest && inTest) || (!newtest && !inTest)) {
+ he.sendResponseHeaders(500, -1);
+ }
+ if (newtest) {
+ String method = he.getRequestMethod();
+ Headers hdrs = he.getRequestHeaders();
+ int redirectCode = Integer.parseInt(hdrs.getFirst("X-Redirect-Code"));
+ expectedMethod = hdrs.getFirst("X-Expect-Method");
+ boolean ok = readAndCheckBody(he);
+ if (!ok)
+ return;
+ hdrs = he.getResponseHeaders();
+ hdrs.set("Location", REDIRECT_URI.toString());
+ he.sendResponseHeaders(redirectCode, -1);
+ inTest = true;
+ } else {
+ // should be the redirect
+ if (!he.getRequestURI().getPath().startsWith("/redirect")) {
+ he.sendResponseHeaders(501, -1);
+ } else if (!he.getRequestMethod().equals(expectedMethod)) {
+ System.err.println("Expected: " + expectedMethod + " Got: " + he.getRequestMethod());
+ he.sendResponseHeaders(504, -1);
+ } else {
+ boolean ok = readAndCheckBody(he);
+ if (ok) {
+ he.sendResponseHeaders(200, RESPONSE.length());
+ OutputStream os = he.getResponseBody();
+ os.write(RESPONSE.getBytes(US_ASCII));
+ os.close();
+ }
+ }
+ inTest = false;
+ }
+ }
+ }
+}
--- a/test/jdk/java/net/httpclient/RequestBuilderTest.java Mon Mar 12 17:30:38 2018 +0000
+++ b/test/jdk/java/net/httpclient/RequestBuilderTest.java Mon Mar 12 17:52:50 2018 +0000
@@ -94,7 +94,6 @@
assertThrows(NPE, () -> builder.setHeader("name", null));
assertThrows(NPE, () -> builder.setHeader(null, "value"));
assertThrows(NPE, () -> builder.timeout(null));
- assertThrows(NPE, () -> builder.DELETE(null));
assertThrows(NPE, () -> builder.POST(null));
assertThrows(NPE, () -> builder.PUT(null));
}
@@ -144,7 +143,7 @@
assertEquals(request.method(), "GET");
assertTrue(!request.bodyPublisher().isPresent());
- request = newBuilder(uri).DELETE(BodyPublishers.ofString("")).GET().build();
+ request = newBuilder(uri).DELETE().GET().build();
assertEquals(request.method(), "GET");
assertTrue(!request.bodyPublisher().isPresent());
@@ -156,9 +155,9 @@
assertEquals(request.method(), "PUT");
assertTrue(request.bodyPublisher().isPresent());
- request = newBuilder(uri).DELETE(BodyPublishers.ofString("")).build();
+ request = newBuilder(uri).DELETE().build();
assertEquals(request.method(), "DELETE");
- assertTrue(request.bodyPublisher().isPresent());
+ assertTrue(!request.bodyPublisher().isPresent());
request = newBuilder(uri).GET().POST(BodyPublishers.ofString("")).build();
assertEquals(request.method(), "POST");
@@ -168,9 +167,9 @@
assertEquals(request.method(), "PUT");
assertTrue(request.bodyPublisher().isPresent());
- request = newBuilder(uri).GET().DELETE(BodyPublishers.ofString("")).build();
+ request = newBuilder(uri).GET().DELETE().build();
assertEquals(request.method(), "DELETE");
- assertTrue(request.bodyPublisher().isPresent());
+ assertTrue(!request.bodyPublisher().isPresent());
// CONNECT is disallowed in the implementation, since it is used for
// tunneling, and is handled separately for security checks.
--- a/test/jdk/java/net/httpclient/TimeoutBasic.java Mon Mar 12 17:30:38 2018 +0000
+++ b/test/jdk/java/net/httpclient/TimeoutBasic.java Mon Mar 12 17:52:50 2018 +0000
@@ -98,8 +98,7 @@
}
static HttpRequest.Builder DELETE(HttpRequest.Builder builder) {
- HttpRequest.BodyPublisher noBody = HttpRequest.BodyPublishers.noBody();
- return builder.DELETE(noBody);
+ return builder.DELETE();
}
static HttpRequest.Builder PUT(HttpRequest.Builder builder) {
--- a/test/jdk/java/net/httpclient/examples/JavadocExamples.java Mon Mar 12 17:30:38 2018 +0000
+++ b/test/jdk/java/net/httpclient/examples/JavadocExamples.java Mon Mar 12 17:52:50 2018 +0000
@@ -62,7 +62,7 @@
//Synchronous Example
HttpClient client = HttpClient.newBuilder()
.version(Version.HTTP_1_1)
- .followRedirects(Redirect.SAME_PROTOCOL)
+ .followRedirects(Redirect.NORMAL)
.proxy(ProxySelector.of(new InetSocketAddress("proxy.example.com", 80)))
.authenticator(Authenticator.getDefault())
.build();