Index: examples/AlternateAuthenticationExample.java =================================================================== RCS file: examples/AlternateAuthenticationExample.java diff -N examples/AlternateAuthenticationExample.java --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ examples/AlternateAuthenticationExample.java 28 Jan 2004 17:45:35 -0000 @@ -0,0 +1,119 @@ +/* + * $Header$ + * $Revision$ + * $Date$ + * ==================================================================== + * + * The Apache Software License, Version 1.1 + * + * Copyright (c) 1999-2003 The Apache Software Foundation. All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, if + * any, must include the following acknowlegement: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowlegement may appear in the software itself, + * if and wherever such third-party acknowlegements normally appear. + * + * 4. The names "The Jakarta Project", "HttpClient", and "Apache Software + * Foundation" must not be used to endorse or promote products derived + * from this software without prior written permission. For written + * permission, please contact apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache" + * nor may "Apache" appear in their names without prior written + * permission of the Apache Group. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + * [Additional notices, if required by prior licensing conditions] + * + */ + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.UsernamePasswordCredentials; +import org.apache.commons.httpclient.auth.AuthPolicy; +import org.apache.commons.httpclient.methods.GetMethod; + +/** + *

A simple example that uses alternate authentication scheme selection + * if several authentication challenges are returned. + *

+ * + *

Per default HttpClient picks the authentication challenge in the following + * order of preference: NTLM, Digest, Basic. In certain cases it may be desirable to + * force the use of a weaker authentication scheme. + *

+ * + * @author Oleg Kalnichevski + */ +public class AlternateAuthenticationExample { + + /** + * Constructor for BasicAuthenticatonExample. + */ + public AlternateAuthenticationExample() { + super(); + } + + public static void main(String[] args) throws Exception { + HttpClient client = new HttpClient(); + client.getState().setCredentials("myrealm", "myhost", + new UsernamePasswordCredentials("username", "password")); + // Suppose the site supports several authetication schemes: NTLM and Basic + // Basic authetication is considered inherently insecure. Hence, NTLM authentication + // is used per default + + // This is to make HttpClient pick the Basic authentication scheme over NTLM & Digest + List authPrefs = new ArrayList(3); + authPrefs.add(AuthPolicy.BASIC); + authPrefs.add(AuthPolicy.NTLM); + authPrefs.add(AuthPolicy.DIGEST); + client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs); + + GetMethod httpget = new GetMethod("http://myhost/protected/auth-required.html"); + + try { + int status = client.executeMethod(httpget); + // print the status and response + System.out.println(httpget.getStatusLine()); + System.out.println(httpget.getResponseBodyAsString()); + } finally { + // release any connection resources used by the method + httpget.releaseConnection(); + } + } +} Index: java/org/apache/commons/httpclient/HttpMethodDirector.java =================================================================== RCS file: /home/cvspublic/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodDirector.java,v retrieving revision 1.14 diff -u -r1.14 HttpMethodDirector.java --- java/org/apache/commons/httpclient/HttpMethodDirector.java 14 Jan 2004 18:59:27 -0000 1.14 +++ java/org/apache/commons/httpclient/HttpMethodDirector.java 28 Jan 2004 17:45:36 -0000 @@ -64,9 +64,8 @@ package org.apache.commons.httpclient; import java.io.IOException; -import java.util.ArrayList; +import java.util.Collection; import java.util.Iterator; -import java.util.List; import java.util.Map; import org.apache.commons.httpclient.auth.AuthChallengeParser; @@ -137,14 +136,6 @@ /** Whether preemtive proxy authentication is attempted */ private boolean proxyAuthPreemptive = false; - //TODO: to be parameterized - private static final List AUTH_PREFERENCES = new ArrayList(3); - static { - AUTH_PREFERENCES.add(AuthPolicy.NTLM); - AUTH_PREFERENCES.add(AuthPolicy.DIGEST); - AUTH_PREFERENCES.add(AuthPolicy.BASIC); - } - public HttpMethodDirector( final HttpConnectionManager connectionManager, final HostConfiguration hostConfiguration, @@ -766,13 +757,20 @@ private AuthScheme processChallenge(final Map challenges) throws MalformedChallengeException, AuthenticationException { + + Collection authPrefs = (Collection) this.params.getParameter( + AuthPolicy.AUTH_SCHEME_PRIORITY); + if (authPrefs == null || authPrefs.isEmpty()) { + authPrefs = AuthPolicy.getDefaultAuthPrefs(); + } + AuthScheme authscheme = null; String challenge = null; if (LOG.isDebugEnabled()) { LOG.debug("Supported authentication schemes in the order of preference: " - + AUTH_PREFERENCES); + + authPrefs); } - Iterator item = AUTH_PREFERENCES.iterator(); + Iterator item = authPrefs.iterator(); while (item.hasNext()) { String id = (String) item.next(); challenge = (String) challenges.get(id.toLowerCase()); Index: java/org/apache/commons/httpclient/auth/AuthPolicy.java =================================================================== RCS file: /home/cvspublic/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthPolicy.java,v retrieving revision 1.1 diff -u -r1.1 AuthPolicy.java --- java/org/apache/commons/httpclient/auth/AuthPolicy.java 10 Dec 2003 21:37:42 -0000 1.1 +++ java/org/apache/commons/httpclient/auth/AuthPolicy.java 28 Jan 2004 17:45:36 -0000 @@ -63,9 +63,9 @@ package org.apache.commons.httpclient.auth; -import java.util.Collections; +import java.util.ArrayList; import java.util.HashMap; -import java.util.Map; +import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -90,9 +90,28 @@ */ public abstract class AuthPolicy { - private static Map SCHEMES = Collections.synchronizedMap(new HashMap()); + private static final HashMap SCHEMES = new HashMap(); + private static final ArrayList SCHEME_LIST = new ArrayList(); /** + * The key used to look up the list of IDs of supported {@link AuthScheme + * authentication schemes} in their order of preference. The scheme IDs are + * stored in a {@link Collection} as {@link java.lang.String}s. + * + *

+ * If several schemes are returned in the WWW-Authenticate + * or Proxy-Authenticate header, this parameter defines which + * {@link AuthScheme authentication schemes} takes precedence over others. + * The first item in the collection represents the most preferred + * {@link AuthScheme authentication scheme}, the last item represents the ID + * of the least preferred one. + *

+ * + * @see org.apache.commons.httpclient.params.DefaultHttpParams + */ + public static final String AUTH_SCHEME_PRIORITY = "http.auth.scheme-priority"; + + /** * The NTLM scheme is a proprietary Microsoft Windows Authentication * protocol (considered to be the most secure among currently supported * authentication schemes). @@ -111,9 +130,9 @@ public static final String BASIC = "Basic"; static { - AuthPolicy.registerAuthScheme(BASIC, BasicScheme.class); + AuthPolicy.registerAuthScheme(NTLM, NTLMScheme.class); AuthPolicy.registerAuthScheme(DIGEST, DigestScheme.class); - AuthPolicy.registerAuthScheme(NTLM, NTLMScheme.class); + AuthPolicy.registerAuthScheme(BASIC, BasicScheme.class); } /** Log object. */ @@ -125,12 +144,18 @@ * This ID is the same one used to retrieve the {@link AuthScheme authentication scheme} * from {@link #getAuthScheme(String)}. * + *

+ * Please note that custom authentication preferences, if used, need to be updated accordingly + * for the new {@link AuthScheme authentication scheme} to take effect. + *

+ * * @param id the identifier for this scheme * @param clazz the class to register * * @see #getAuthScheme(String) + * @see #AUTH_SCHEME_PRIORITY */ - public static void registerAuthScheme(final String id, Class clazz) { + public static synchronized void registerAuthScheme(final String id, Class clazz) { if (id == null) { throw new IllegalArgumentException("Id may not be null"); } @@ -138,6 +163,7 @@ throw new IllegalArgumentException("Authentication scheme class may not be null"); } SCHEMES.put(id.toLowerCase(), clazz); + SCHEME_LIST.add(id.toLowerCase()); } /** @@ -146,11 +172,12 @@ * * @param id the ID of the class to unregister */ - public static void unregisterAuthScheme(final String id) { + public static synchronized void unregisterAuthScheme(final String id) { if (id == null) { throw new IllegalArgumentException("Id may not be null"); } SCHEMES.remove(id.toLowerCase()); + SCHEME_LIST.remove(id.toLowerCase()); } /** @@ -162,7 +189,7 @@ * * @throws IllegalStateException if a scheme with the ID cannot be found */ - public static AuthScheme getAuthScheme(final String id) + public static synchronized AuthScheme getAuthScheme(final String id) throws IllegalStateException { if (id == null) { @@ -181,5 +208,15 @@ } else { throw new IllegalStateException("Unsupported authentication scheme " + id); } + } + + /** + * Returns a list containing all registered {@link AuthScheme authentication + * schemes} in their default order. + * + * @return {@link AuthScheme authentication scheme} + */ + public static synchronized List getDefaultAuthPrefs() { + return (List)SCHEME_LIST.clone(); } }