Path: blob/master/test/jdk/sun/net/www/http/HttpURLConnection/NTLMAuthWithSM.java
41154 views
/*1* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import com.sun.net.httpserver.HttpExchange;24import com.sun.net.httpserver.HttpHandler;25import com.sun.net.httpserver.HttpServer;26import java.io.BufferedReader;27import java.io.InputStreamReader;28import java.io.IOException;29import java.io.InputStream;30import java.net.Authenticator;31import java.net.InetAddress;32import java.net.InetSocketAddress;33import java.net.PasswordAuthentication;34import java.net.URL;35import java.net.URLConnection;36import java.util.List;37import sun.net.www.protocol.http.ntlm.NTLMAuthenticationCallback;3839/*40* @test41* @bug 813717442* @modules java.base/sun.net.www.protocol.http.ntlm43* jdk.httpserver44* @summary Checks if NTLM auth works fine if security manager set45* @run main/othervm/java.security.policy=NTLMAuthWithSM.policy NTLMAuthWithSM46*/47public class NTLMAuthWithSM {4849public static void main(String[] args) throws Exception {50// security manager is required51if (System.getSecurityManager() == null) {52throw new RuntimeException("Security manager not specified");53}5455if (System.getProperty("os.name").startsWith("Windows")) {56// disable transparent NTLM authentication on Windows57NTLMAuthenticationCallback.setNTLMAuthenticationCallback(58new NTLMAuthenticationCallbackImpl());59}6061try (LocalHttpServer server = LocalHttpServer.startServer()) {62// set authenticator63Authenticator.setDefault(new AuthenticatorImpl());6465String url = String.format("http://%s/test/",66server.getAuthority());6768// load a document which is protected with NTML authentication69System.out.println("load() called: " + url);70URLConnection conn = new URL(url).openConnection();71try (BufferedReader reader = new BufferedReader(72new InputStreamReader(conn.getInputStream()))) {7374String line = reader.readLine();75if (line == null) {76throw new IOException("Couldn't read a response");77}78do {79System.out.println(line);80} while ((line = reader.readLine()) != null);81}82}8384System.out.println("Test passed");85}8687private static class AuthenticatorImpl extends Authenticator {8889@Override90public PasswordAuthentication getPasswordAuthentication() {91System.out.println("getPasswordAuthentication() called, scheme: "92+ getRequestingScheme());93if (getRequestingScheme().equalsIgnoreCase("ntlm")) {94return new PasswordAuthentication("test", "test".toCharArray());95}96return null;97}98}99100// local http server which pretends to support NTLM auth101static class LocalHttpServer implements HttpHandler, AutoCloseable {102103private final HttpServer server;104105private LocalHttpServer(HttpServer server) {106this.server = server;107}108109static LocalHttpServer startServer() throws IOException {110InetAddress loopback = InetAddress.getLoopbackAddress();111HttpServer httpServer = HttpServer.create(112new InetSocketAddress(loopback, 0), 0);113LocalHttpServer localHttpServer = new LocalHttpServer(httpServer);114localHttpServer.start();115116return localHttpServer;117}118119void start() {120server.createContext("/test", this);121server.start();122System.out.println("HttpServer: started on port " + getPort());123}124125void stop() {126server.stop(0);127System.out.println("HttpServer: stopped");128}129130String getAuthority() {131InetAddress address = server.getAddress().getAddress();132String hostaddr = address.isAnyLocalAddress()133? "localhost" : address.getHostAddress();134if (hostaddr.indexOf(':') > -1) hostaddr = "[" + hostaddr + "]";135return hostaddr + ":" + getPort();136}137138int getPort() {139return server.getAddress().getPort();140}141142@Override143public void handle(HttpExchange t) throws IOException {144System.out.println("HttpServer: handle connection");145146// read a request147try (InputStream is = t.getRequestBody()) {148while (is.read() > 0);149}150151try {152List<String> headers = t.getRequestHeaders()153.get("Authorization");154if (headers != null && !headers.isEmpty()155&& headers.get(0).trim().contains("NTLM")) {156byte[] output = "hello".getBytes();157t.sendResponseHeaders(200, output.length);158t.getResponseBody().write(output);159System.out.println("HttpServer: return 200");160} else {161t.getResponseHeaders().set("WWW-Authenticate", "NTLM");162byte[] output = "forbidden".getBytes();163t.sendResponseHeaders(401, output.length);164t.getResponseBody().write(output);165System.out.println("HttpServer: return 401");166}167} catch (IOException e) {168System.out.println("HttpServer: exception: " + e);169System.out.println("HttpServer: return 500");170t.sendResponseHeaders(500, 0);171} finally {172t.close();173}174}175176@Override177public void close() {178stop();179}180}181182private static class NTLMAuthenticationCallbackImpl183extends NTLMAuthenticationCallback {184185// don't trust any site, so that no transparent NTLM auth happens186@Override187public boolean isTrustedSite(URL url) {188System.out.println(189"NTLMAuthenticationCallbackImpl.isTrustedSite() called: "190+ "return false");191return false;192}193}194}195196197