diff options
| author | Narayan Kamath <narayan@google.com> | 2013-08-20 14:56:57 +0100 |
|---|---|---|
| committer | Narayan Kamath <narayan@google.com> | 2013-08-21 16:56:45 +0100 |
| commit | 123333e7759f91b846c58849469b9d0ab21213f6 (patch) | |
| tree | e3891f3ffb41b9ce2ce1a0e20c9a0f6774e06d0f | |
| parent | 395bb55182abbcb8347ec38e4a314ef86f750680 (diff) | |
| download | okhttp-123333e7759f91b846c58849469b9d0ab21213f6.tar.gz | |
Don't support anything other than Basic auth.
We should disregard authentication schemes other than
"Basic" and let clients handle them themselves.
The java Authenticator API gives us a user name and
password combination, but we can't know how to format
that information for any scheme other than basic.
Historically:
The JB implementation responds to challenges from an
arbitrary scheme "X" by sending a header with scheme
"X" but formatted like the "Basic" scheme.
The current implementation responds to challenges from
an arbitrary scheme "X" by sending a header with scheme
"Basic" and formatter like the "Basic scheme".
Partial fix for test cases in URLConnectionTest:
- testAuthenticateWithCommaSeparatedAuthenticationMethods
- testAuthenticateWithMultipleAuthenticationHeaders
(cherry picked from 1f4d585511555a40e0167bf20b4a6f2bb977120)
bug: 10211309
Change-Id: I110844dd104b7673f987ccb89e7a63db2b4e50a3
| -rw-r--r-- | src/main/java/com/squareup/okhttp/internal/http/HttpAuthenticator.java | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/main/java/com/squareup/okhttp/internal/http/HttpAuthenticator.java b/src/main/java/com/squareup/okhttp/internal/http/HttpAuthenticator.java index 566431e..63f39e4 100644 --- a/src/main/java/com/squareup/okhttp/internal/http/HttpAuthenticator.java +++ b/src/main/java/com/squareup/okhttp/internal/http/HttpAuthenticator.java @@ -39,6 +39,10 @@ public final class HttpAuthenticator { @Override public Credential authenticate( Proxy proxy, URL url, List<Challenge> challenges) throws IOException { for (Challenge challenge : challenges) { + if (!"Basic".equals(challenge.getScheme())) { + continue; + } + PasswordAuthentication auth = Authenticator.requestPasswordAuthentication(url.getHost(), getConnectToInetAddress(proxy, url), url.getPort(), url.getProtocol(), challenge.getRealm(), challenge.getScheme(), url, Authenticator.RequestorType.SERVER); @@ -52,6 +56,10 @@ public final class HttpAuthenticator { @Override public Credential authenticateProxy( Proxy proxy, URL url, List<Challenge> challenges) throws IOException { for (Challenge challenge : challenges) { + if (!"Basic".equals(challenge.getScheme())) { + continue; + } + InetSocketAddress proxyAddress = (InetSocketAddress) proxy.address(); PasswordAuthentication auth = Authenticator.requestPasswordAuthentication( proxyAddress.getHostName(), getConnectToInetAddress(proxy, url), proxyAddress.getPort(), |