Attachment 37220 Details for Bug 64267 – Fix non-preemptive authentication for http sampler

[patch] Fix non-preemptive authentication for http sampler

01.diff (text/plain), 6.92 KB, created by Felix Schumacher on 2020-05-09 09:19:20 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Felix Schumacher

Created: 2020-05-09 09:19:20 UTC

Size: 6.92 KB

patch

obsolete

>diff --git a/bin/jmeter.properties b/bin/jmeter.properties
>diff --git a/src/protocol/http/src/main/java/org/apache/jmeter/protocol/http/sampler/HTTPHC4Impl.java b/src/protocol/http/src/main/java/org/apache/jmeter/protocol/http/sampler/HTTPHC4Impl.java
>index b24cb66bf2..3808bb9e74 100644
>--- a/src/protocol/http/src/main/java/org/apache/jmeter/protocol/http/sampler/HTTPHC4Impl.java
>+++ b/src/protocol/http/src/main/java/org/apache/jmeter/protocol/http/sampler/HTTPHC4Impl.java
>@@ -24,12 +24,14 @@ import java.io.OutputStream;
> import java.io.UnsupportedEncodingException;
> import java.net.InetAddress;
> import java.net.InetSocketAddress;
>+import java.net.MalformedURLException;
> import java.net.URI;
> import java.net.URISyntaxException;
> import java.net.URL;
> import java.net.URLDecoder;
> import java.nio.charset.Charset;
> import java.security.GeneralSecurityException;
>+import java.security.Principal;
> import java.security.PrivilegedActionException;
> import java.security.PrivilegedExceptionAction;
> import java.util.ArrayList;
>@@ -62,6 +64,7 @@ import org.apache.http.auth.AuthScope;
> import org.apache.http.auth.AuthState;
> import org.apache.http.auth.Credentials;
> import org.apache.http.auth.NTCredentials;
>+import org.apache.http.auth.UsernamePasswordCredentials;
> import org.apache.http.client.AuthCache;
> import org.apache.http.client.AuthenticationStrategy;
> import org.apache.http.client.CredentialsProvider;
>@@ -119,6 +122,7 @@ import org.apache.http.impl.client.HttpClients;
> import org.apache.http.impl.client.LaxRedirectStrategy;
> import org.apache.http.impl.client.ProxyAuthenticationStrategy;
> import org.apache.http.impl.client.StandardHttpRequestRetryHandler;
>+import org.apache.http.impl.client.TargetAuthenticationStrategy;
> import org.apache.http.impl.conn.DefaultHttpClientConnectionOperator;
> import org.apache.http.impl.conn.DefaultSchemePortResolver;
> import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
>@@ -205,6 +209,80 @@ public class HTTPHC4Impl extends HTTPHCAbstractImpl {
> 
>     private static final InputStreamFactory BROTLI = BrotliInputStream::new;
> 
>+    private static final class ManagedCredentialsProvider implements CredentialsProvider {
>+        private AuthManager authManager;
>+        private Credentials proxyCredentials;
>+        private AuthScope proxyAuthScope;
>+
>+        public ManagedCredentialsProvider(AuthManager authManager, AuthScope proxyAuthScope, Credentials proxyCredentials) {
>+            this.authManager = authManager;
>+            this.proxyAuthScope = proxyAuthScope;
>+            this.proxyCredentials = proxyCredentials;
>+        }
>+
>+        @Override
>+        public void setCredentials(AuthScope authscope, Credentials credentials) {
>+            log.debug("Store creds {} for {}", credentials, authscope);
>+        }
>+
>+        @Override
>+        public Credentials getCredentials(AuthScope authScope) {
>+            log.info("Get creds for {}", authScope);
>+            if (this.proxyAuthScope != null && authScope.equals(proxyAuthScope)) {
>+                return proxyCredentials;
>+            }
>+            final Authorization authorization = getAuthorizationForAuthScope(authScope);
>+            if (authorization == null) {
>+                return null;
>+            }
>+            return new UsernamePasswordCredentials(authorization.getUser(), authorization.getPass());
>+        }
>+
>+        /**
>+         * Find the Authorization for the given AuthScope. We can't ask the AuthManager
>+         * by the URL, as we didn't get the scheme or path of the URL. Therefore we do a
>+         * best guess on the information we have
>+         *
>+         * @param authScope information which destination we want to get credentials for
>+         * @return matching authorization information entry from the AuthManager
>+         */
>+        private Authorization getAuthorizationForAuthScope(AuthScope authScope) {
>+            if (authScope == null) {
>+                return null;
>+            }
>+            for (JMeterProperty authProp : authManager.getAuthObjects()) {
>+                Object authObject = authProp.getObjectValue();
>+                if (authObject instanceof Authorization) {
>+                    Authorization auth = (Authorization) authObject;
>+                    if (!authScope.getRealm().equals(auth.getRealm())) {
>+                        continue;
>+                    }
>+                    try {
>+                        URL authUrl = new URL(auth.getURL());
>+                        if (authUrl.getHost().equals(authScope.getHost()) && getPort(authUrl) == authScope.getPort()) {
>+                            return auth;
>+                        }
>+                    } catch (MalformedURLException e) {
>+                        log.debug("Invalid URL {} in authManager", auth.getURL());
>+                    }
>+                }
>+            }
>+            return null;
>+        }
>+
>+        private int getPort(URL url) {
>+            if (url.getPort() == -1) {
>+                return url.getProtocol().equals("https") ? 443 : 80;
>+            }
>+            return url.getPort();
>+        }
>+
>+        @Override
>+        public void clear() {
>+            log.debug("clear creds");
>+        }
>+    }
>+
>     private static final class PreemptiveAuthRequestInterceptor implements HttpRequestInterceptor {
>         @Override
>         public void process(HttpRequest request, HttpContext context) throws HttpException, IOException {
>@@ -1050,21 +1131,27 @@ public class HTTPHC4Impl extends HTTPHCAbstractImpl {
>             }
> 
>             // Set up proxy details
>+            AuthScope proxyAuthScope = null;
>+            NTCredentials proxyCredentials = null;
>             if (key.hasProxy) {
>                 HttpHost proxy = new HttpHost(key.proxyHost, key.proxyPort, key.proxyScheme);
>                 builder.setProxy(proxy);
> 
>                 CredentialsProvider credsProvider = new BasicCredentialsProvider();
>                 if (!key.proxyUser.isEmpty()) {
>+                    proxyAuthScope = new AuthScope(key.proxyHost, key.proxyPort);
>+                    proxyCredentials = new NTCredentials(key.proxyUser, key.proxyPass, LOCALHOST, PROXY_DOMAIN);
>                     credsProvider.setCredentials(
>-                            new AuthScope(key.proxyHost, key.proxyPort),
>-                            new NTCredentials(key.proxyUser, key.proxyPass, LOCALHOST, PROXY_DOMAIN));
>+                            proxyAuthScope,
>+                            proxyCredentials);
>                 }
>                 builder.setDefaultCredentialsProvider(credsProvider);
>             }
>             builder.disableContentCompression().addInterceptorLast(RESPONSE_CONTENT_ENCODING);
>             if(BASIC_AUTH_PREEMPTIVE) {
>                 builder.addInterceptorFirst(PREEMPTIVE_AUTH_INTERCEPTOR);
>+            } else {
>+                builder.setDefaultCredentialsProvider(new ManagedCredentialsProvider(getAuthManager(), proxyAuthScope, proxyCredentials));
>             }
>             httpClient = builder.build();
>             if (log.isDebugEnabled()) {

Actions: View | Diff

Attachments on bug 64267: 37121 | 37122 | 37123 | 37220 | 37222