From a352b02f9c4a301f278c320f338a507d0dfbbe16 Mon Sep 17 00:00:00 2001 From: artnaseef Date: Mon, 2 Jun 2014 16:44:46 -0700 Subject: [PATCH] Support NTLM protocol with the proxy: fixed the header name for Proxy-Authorization. --- .../netty/NettyAsyncHttpProvider.java | 36 +++++++++++-------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/src/main/java/com/ning/http/client/providers/netty/NettyAsyncHttpProvider.java b/src/main/java/com/ning/http/client/providers/netty/NettyAsyncHttpProvider.java index 813681e4f3..ad1f9ea1de 100644 --- a/src/main/java/com/ning/http/client/providers/netty/NettyAsyncHttpProvider.java +++ b/src/main/java/com/ning/http/client/providers/netty/NettyAsyncHttpProvider.java @@ -1229,7 +1229,7 @@ public void messageReceived(final ChannelHandlerContext ctx, MessageEvent e) thr } private Realm kerberosChallenge(List proxyAuth, Request request, ProxyServer proxyServer, FluentCaseInsensitiveStringsMap headers, Realm realm, - NettyResponseFuture future) throws NTLMEngineException { + NettyResponseFuture future, boolean proxyInd) throws NTLMEngineException { URI uri = request.getURI(); String host = request.getVirtualHost() == null ? AsyncHttpProviderUtils.getHost(uri) : request.getVirtualHost(); @@ -1248,30 +1248,38 @@ private Realm kerberosChallenge(List proxyAuth, Request request, ProxySe return realmBuilder.setUri(uri.getRawPath()).setMethodName(request.getMethod()).setScheme(Realm.AuthScheme.KERBEROS).build(); } catch (Throwable throwable) { if (isNTLM(proxyAuth)) { - return ntlmChallenge(proxyAuth, request, proxyServer, headers, realm, future); + return ntlmChallenge(proxyAuth, request, proxyServer, headers, realm, future, proxyInd); } abort(future, throwable); return null; } } - private void addNTLMAuthorization(FluentCaseInsensitiveStringsMap headers, String challengeHeader) { - headers.add(HttpHeaders.Names.AUTHORIZATION, "NTLM " + challengeHeader); + private void addNTLMAuthorization(FluentCaseInsensitiveStringsMap headers, String challengeHeader, boolean proxyInd) { + if ( proxyInd ) { + headers.add(HttpHeaders.Names.PROXY_AUTHORIZATION, "NTLM " + challengeHeader); + } else { + headers.add(HttpHeaders.Names.AUTHORIZATION, "NTLM " + challengeHeader); + } } - private void addType3NTLMAuthorizationHeader(List auth, FluentCaseInsensitiveStringsMap headers, String username, String password, String domain, String workstation) + private void addType3NTLMAuthorizationHeader(List auth, FluentCaseInsensitiveStringsMap headers, String username, String password, String domain, String workstation, boolean proxyInd) throws NTLMEngineException { - headers.remove(HttpHeaders.Names.AUTHORIZATION); + if ( proxyInd ) { + headers.remove(HttpHeaders.Names.PROXY_AUTHORIZATION); + } else { + headers.remove(HttpHeaders.Names.AUTHORIZATION); + } // Beware of space!, see #462 if (isNonEmpty(auth) && auth.get(0).startsWith("NTLM ")) { String serverChallenge = auth.get(0).trim().substring("NTLM ".length()); String challengeHeader = ntlmEngine.generateType3Msg(username, password, domain, workstation, serverChallenge); - addNTLMAuthorization(headers, challengeHeader); + addNTLMAuthorization(headers, challengeHeader, proxyInd); } } - private Realm ntlmChallenge(List wwwAuth, Request request, ProxyServer proxyServer, FluentCaseInsensitiveStringsMap headers, Realm realm, NettyResponseFuture future) + private Realm ntlmChallenge(List wwwAuth, Request request, ProxyServer proxyServer, FluentCaseInsensitiveStringsMap headers, Realm realm, NettyResponseFuture future, boolean proxyInd) throws NTLMEngineException { boolean useRealm = (proxyServer == null && realm != null); @@ -1286,12 +1294,12 @@ private Realm ntlmChallenge(List wwwAuth, Request request, ProxyServer p String challengeHeader = ntlmEngine.generateType1Msg(ntlmDomain, ntlmHost); URI uri = request.getURI(); - addNTLMAuthorization(headers, challengeHeader); + addNTLMAuthorization(headers, challengeHeader, proxyInd); newRealm = new Realm.RealmBuilder().clone(realm).setScheme(realm.getAuthScheme()).setUri(uri.getRawPath()).setMethodName(request.getMethod()) .setNtlmMessageType2Received(true).build(); future.getAndSetAuth(false); } else { - addType3NTLMAuthorizationHeader(wwwAuth, headers, principal, password, ntlmDomain, ntlmHost); + addType3NTLMAuthorizationHeader(wwwAuth, headers, principal, password, ntlmDomain, ntlmHost, proxyInd); Realm.RealmBuilder realmBuilder; Realm.AuthScheme authScheme; @@ -1312,7 +1320,7 @@ private Realm ntlmProxyChallenge(List wwwAuth, Request request, ProxySer NettyResponseFuture future) throws NTLMEngineException { future.getAndSetAuth(false); - addType3NTLMAuthorizationHeader(wwwAuth, headers, proxyServer.getPrincipal(), proxyServer.getPassword(), proxyServer.getNtlmDomain(), proxyServer.getHost()); + addType3NTLMAuthorizationHeader(wwwAuth, headers, proxyServer.getPrincipal(), proxyServer.getPassword(), proxyServer.getNtlmDomain(), proxyServer.getHost(), true); Realm newRealm; Realm.RealmBuilder realmBuilder = new Realm.RealmBuilder(); @@ -2115,10 +2123,10 @@ public void handle(final ChannelHandlerContext ctx, final MessageEvent e) throws // NTLM if (!wwwAuth.contains("Kerberos") && (isNTLM(wwwAuth) || (wwwAuth.contains("Negotiate")))) { - newRealm = ntlmChallenge(wwwAuth, request, proxyServer, headers, realm, future); + newRealm = ntlmChallenge(wwwAuth, request, proxyServer, headers, realm, future, false); // SPNEGO KERBEROS } else if (wwwAuth.contains("Negotiate")) { - newRealm = kerberosChallenge(wwwAuth, request, proxyServer, headers, realm, future); + newRealm = kerberosChallenge(wwwAuth, request, proxyServer, headers, realm, future, false); if (newRealm == null) return; } else { @@ -2167,7 +2175,7 @@ public Object call() throws Exception { newRealm = ntlmProxyChallenge(proxyAuth, request, proxyServer, headers, realm, future); // SPNEGO KERBEROS } else if (proxyAuth.contains("Negotiate")) { - newRealm = kerberosChallenge(proxyAuth, request, proxyServer, headers, realm, future); + newRealm = kerberosChallenge(proxyAuth, request, proxyServer, headers, realm, future, true); if (newRealm == null) return; } else {