Quelle  UserAuth.java

/*
 * Copyright (c) 2006, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 * @test
 * @bug 6421122
 * @modules jdk.httpserver
 * @run main/othervm UserAuth
 * @summary Authorization header removed for preemptive authentication by user code
 */

import java.net.*;
import com.sun.net.httpserver.*;
import java.util.*;
import java.io.*;
import java.util.concurrent.Executors;
import java.util.concurrent.ExecutorService;
import static java.net.Proxy.NO_PROXY;

public class UserAuth
{
    com.sun.net.httpserver.HttpServer httpServer;
    ExecutorService executorService;

    public static void main(String[] args) {
        new UserAuth();
    }

    public UserAuth() {
        try {
            startHttpServer();
            doClient();
        } catch (IOException ioe) {
            ioe.printStackTrace();
        }
    }

    void doClient() {
        try {
            InetSocketAddress address = httpServer.getAddress();

            // GET Request
            URL url = new URL("http://" + address.getHostName() + ":" + address.getPort() + "/redirect/");
            HttpURLConnection uc = (HttpURLConnection)url.openConnection(NO_PROXY);
            uc.setRequestProperty("Authorization", "testString:ValueDoesNotMatter");
            int resp = uc.getResponseCode();

            System.out.println("Response Code is " + resp);
            if (resp != 200)
                throw new RuntimeException("Failed: Authorization header was not retained after redirect");

        } catch (IOException e) {
            e.printStackTrace();
        } finally {
            httpServer.stop(1);
            executorService.shutdown();
        }
    }

     /**
     * Http Server
     */
    void startHttpServer() throws IOException {
        InetAddress address = InetAddress.getLocalHost();
        if (!InetAddress.getByName(address.getHostName()).equals(address)) {
            // if this happens then we should possibly change the client
            // side to use the address literal in its URL instead of
            // the host name.
            throw new IOException(address.getHostName()
                                  + " resolves to "
                                  + InetAddress.getByName(address.getHostName())
                                  + " not to "
                                  + address + ": check host configuration.");
        }

        httpServer = com.sun.net.httpserver.HttpServer.create(new InetSocketAddress(address, 0), 0);

        // create HttpServer context
        HttpContext ctx = httpServer.createContext("/redirect/", new RedirectHandler());
        HttpContext ctx1 = httpServer.createContext("/doStuff/", new HasAuthHandler());

        executorService = Executors.newCachedThreadPool();
        httpServer.setExecutor(executorService);
        httpServer.start();
    }

    class RedirectHandler implements HttpHandler {
        public void handle(HttpExchange t) throws IOException {
            InetSocketAddress address = httpServer.getAddress();
            String redirectUrl = "http://" + address.getHostName() + ":" + address.getPort() + "/doStuff/";

            Headers resHeaders = t.getResponseHeaders();
            resHeaders.add("Location", redirectUrl);

            t.sendResponseHeaders(307, -1);
            t.close();
        }
    }

    class HasAuthHandler implements HttpHandler {
        public void handle(HttpExchange t) throws IOException {
            Headers reqHeaders = t.getRequestHeaders();

            List<String> auth = reqHeaders.get("Authorization");

            if (auth == null || !auth.get(0).equals("testString:ValueDoesNotMatter"))
                t.sendResponseHeaders(400, -1);

            t.sendResponseHeaders(200, -1);
            t.close();
        }
    }



}