P3
OPERATING SYSTEM
----------------
All
JAVA VERSION
------------
All 5.0, 6 and Java 7 SDKs.
DESCRIPTION
-----------
If we attempt to connect to a URL with no trailing slash (e.g. "http://www.ibm.com") through a proxy which uses DIGEST authentication, the authentication, and the HTTP request, fails. If we add a trailing slash ("http://www.ibm.com/") the request succeeds.
The request succeeds with or without the trailing slash when we use proxies with other authentication methods. The problem only exists with DIGEST authentication.
REPRODUCTION INSTRUCTIONS
-------------------------
1. Set up a HTTP proxy that uses DIGEST authentication.
2. Edit the testcase provided below, adding the relevant details
(proxy URL and username/password).
3. Execute the following Java commands:
javac Main.java
javac MyAuthenticator.java
java Main
Expected Result:
The web page should be displayed
Actual Result:
returning PasswordAuthentication: java.net.PasswordAuthentication@563b563b
returning PasswordAuthentication: java.net.PasswordAuthentication@5b6a5b6a
returning PasswordAuthentication: java.net.PasswordAuthentication@5bb05bb
returning PasswordAuthentication: java.net.PasswordAuthentication@320f320f
returning PasswordAuthentication: java.net.PasswordAuthentication@56ff56ff
returning PasswordAuthentication: java.net.PasswordAuthentication@7bd97bd9
returning PasswordAuthentication: java.net.PasswordAuthentication@23172317
returning PasswordAuthentication: java.net.PasswordAuthentication@47f347f3
returning PasswordAuthentication: java.net.PasswordAuthentication@71227122
returning PasswordAuthentication: java.net.PasswordAuthentication@1acf1acf
returning PasswordAuthentication: java.net.PasswordAuthentication@41534153
returning PasswordAuthentication: java.net.PasswordAuthentication@662d662d
returning PasswordAuthentication: java.net.PasswordAuthentication@4b1a4b1a
returning PasswordAuthentication: java.net.PasswordAuthentication@229b229b
returning PasswordAuthentication: java.net.PasswordAuthentication@480b480b
returning PasswordAuthentication: java.net.PasswordAuthentication@36293629
returning PasswordAuthentication: java.net.PasswordAuthentication@56915691
returning PasswordAuthentication: java.net.PasswordAuthentication@b800b80
returning PasswordAuthentication: java.net.PasswordAuthentication@38d538d5
returning PasswordAuthentication: java.net.PasswordAuthentication@5daf5daf
java.net.ProtocolException: Server redirected too many times (20)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1246)
at Main.main(Main.java:32)
TESTCASE SOURCE
---------------
-----------------------------------------------------------------------
Main.java
-----------------------------------------------------------------------
import java.io.IOException;
import java.io.InputStream;
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.SocketAddress;
import java.net.URL;
public class Main {
public static void main(String[] args) {
System.setProperty("http.auth.digest.validateServer", "true");
System.setProperty("http.auth.digest.validateProxy", "true");
Authenticator.setDefault(new MyAuthenticator());
try {
SocketAddress addr = new InetSocketAddress("[INSERT PROXY URL HERE]", [INSERT PROXY PORT HERE]);
Proxy proxy = new Proxy(Proxy.Type.HTTP, addr);
HttpURLConnection urlConnection = (HttpURLConnection) new
URL("http://www.ibm.com").openConnection(proxy);
InputStream in = urlConnection.getInputStream();
int c;
while ((c = in.read()) != -1) {
System.out.write(c);
}
in.close();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
-----------------------------------------------------------------------
-----------------------------------------------------------------------
MyAuthenticator.java
-----------------------------------------------------------------------
import java.net.Authenticator;
import java.net.PasswordAuthentication;
public class MyAuthenticator extends Authenticator {
String username = "[INSERT USERNAME HERE]";
String pwd = "[INSERT PASSWORD HERE]";
protected PasswordAuthentication getPasswordAuthentication() {
PasswordAuthentication pwdAuth = new PasswordAuthentication(username,
pwd.toCharArray());
System.out.println("returning PasswordAuthentication: "+pwdAuth);
return pwdAuth;
}
}
-----------------------------------------------------------------------
----------------
All
JAVA VERSION
------------
All 5.0, 6 and Java 7 SDKs.
DESCRIPTION
-----------
If we attempt to connect to a URL with no trailing slash (e.g. "http://www.ibm.com") through a proxy which uses DIGEST authentication, the authentication, and the HTTP request, fails. If we add a trailing slash ("http://www.ibm.com/") the request succeeds.
The request succeeds with or without the trailing slash when we use proxies with other authentication methods. The problem only exists with DIGEST authentication.
REPRODUCTION INSTRUCTIONS
-------------------------
1. Set up a HTTP proxy that uses DIGEST authentication.
2. Edit the testcase provided below, adding the relevant details
(proxy URL and username/password).
3. Execute the following Java commands:
javac Main.java
javac MyAuthenticator.java
java Main
Expected Result:
The web page should be displayed
Actual Result:
returning PasswordAuthentication: java.net.PasswordAuthentication@563b563b
returning PasswordAuthentication: java.net.PasswordAuthentication@5b6a5b6a
returning PasswordAuthentication: java.net.PasswordAuthentication@5bb05bb
returning PasswordAuthentication: java.net.PasswordAuthentication@320f320f
returning PasswordAuthentication: java.net.PasswordAuthentication@56ff56ff
returning PasswordAuthentication: java.net.PasswordAuthentication@7bd97bd9
returning PasswordAuthentication: java.net.PasswordAuthentication@23172317
returning PasswordAuthentication: java.net.PasswordAuthentication@47f347f3
returning PasswordAuthentication: java.net.PasswordAuthentication@71227122
returning PasswordAuthentication: java.net.PasswordAuthentication@1acf1acf
returning PasswordAuthentication: java.net.PasswordAuthentication@41534153
returning PasswordAuthentication: java.net.PasswordAuthentication@662d662d
returning PasswordAuthentication: java.net.PasswordAuthentication@4b1a4b1a
returning PasswordAuthentication: java.net.PasswordAuthentication@229b229b
returning PasswordAuthentication: java.net.PasswordAuthentication@480b480b
returning PasswordAuthentication: java.net.PasswordAuthentication@36293629
returning PasswordAuthentication: java.net.PasswordAuthentication@56915691
returning PasswordAuthentication: java.net.PasswordAuthentication@b800b80
returning PasswordAuthentication: java.net.PasswordAuthentication@38d538d5
returning PasswordAuthentication: java.net.PasswordAuthentication@5daf5daf
java.net.ProtocolException: Server redirected too many times (20)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1246)
at Main.main(Main.java:32)
TESTCASE SOURCE
---------------
-----------------------------------------------------------------------
Main.java
-----------------------------------------------------------------------
import java.io.IOException;
import java.io.InputStream;
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.SocketAddress;
import java.net.URL;
public class Main {
public static void main(String[] args) {
System.setProperty("http.auth.digest.validateServer", "true");
System.setProperty("http.auth.digest.validateProxy", "true");
Authenticator.setDefault(new MyAuthenticator());
try {
SocketAddress addr = new InetSocketAddress("[INSERT PROXY URL HERE]", [INSERT PROXY PORT HERE]);
Proxy proxy = new Proxy(Proxy.Type.HTTP, addr);
HttpURLConnection urlConnection = (HttpURLConnection) new
URL("http://www.ibm.com").openConnection(proxy);
InputStream in = urlConnection.getInputStream();
int c;
while ((c = in.read()) != -1) {
System.out.write(c);
}
in.close();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
-----------------------------------------------------------------------
-----------------------------------------------------------------------
MyAuthenticator.java
-----------------------------------------------------------------------
import java.net.Authenticator;
import java.net.PasswordAuthentication;
public class MyAuthenticator extends Authenticator {
String username = "[INSERT USERNAME HERE]";
String pwd = "[INSERT PASSWORD HERE]";
protected PasswordAuthentication getPasswordAuthentication() {
PasswordAuthentication pwdAuth = new PasswordAuthentication(username,
pwd.toCharArray());
System.out.println("returning PasswordAuthentication: "+pwdAuth);
return pwdAuth;
}
}
-----------------------------------------------------------------------