Skip to content

Commit 1ee4155

Browse files
stotystoty
committed
HTTPCLIENT-2402 Handle SecurityManager removal
This is just a first cut that adds tests to demonstrate the problem This is on top of HTTPCLIENT-2358 as the necessary SPNEGO tests are added there.
1 parent e8ed84b commit 1ee4155

9 files changed

Lines changed: 375 additions & 16 deletions

File tree

httpclient5-observation/pom.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,10 @@
136136
<version>3.2.5</version>
137137
<configuration>
138138
<useModulePath>false</useModulePath>
139+
<configuration><jdkToolchain><version>25</version></jdkToolchain>
140+
<redirectTestOutputToFile>true</redirectTestOutputToFile>
141+
</configuration>
142+
139143
</configuration>
140144
</plugin>
141145
<plugin>

httpclient5-testing/pom.xml

Lines changed: 25 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -121,19 +121,31 @@
121121
<build>
122122
<plugins>
123123

124-
<plugin>
125-
<groupId>org.apache.maven.plugins</groupId>
126-
<artifactId>maven-failsafe-plugin</artifactId>
127-
<version>${hc.surefire.version}</version>
128-
<executions>
129-
<execution>
130-
<goals>
131-
<goal>integration-test</goal>
132-
<goal>verify</goal>
133-
</goals>
134-
</execution>
135-
</executions>
136-
</plugin>
124+
<plugin>
125+
<groupId>org.apache.maven.plugins</groupId>
126+
<artifactId>maven-failsafe-plugin</artifactId>
127+
<version>${hc.surefire.version}</version>
128+
<configuration>
129+
<jdkToolchain>
130+
<version>17</version>
131+
</jdkToolchain>
132+
<redirectTestOutputToFile>true</redirectTestOutputToFile>
133+
</configuration>
134+
<executions>
135+
<execution>
136+
<goals>
137+
<goal>integration-test</goal>
138+
<goal>verify</goal>
139+
</goals>
140+
<configuration>
141+
<jdkToolchain>
142+
<version>17</version>
143+
</jdkToolchain>
144+
<redirectTestOutputToFile>true</redirectTestOutputToFile>
145+
</configuration>
146+
</execution>
147+
</executions>
148+
</plugin>
137149

138150
</plugins>
139151
</build>

httpclient5-testing/src/test/java/org/apache/hc/client5/testing/compatibility/ApacheHTTPDSquidCompatibilityIT.java

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@
4242
import org.apache.hc.client5.testing.compatibility.spnego.SpnegoTestUtil;
4343
import org.apache.hc.client5.testing.compatibility.sync.CachingHttpClientCompatibilityTest;
4444
import org.apache.hc.client5.testing.compatibility.sync.HttpClientCompatibilityTest;
45+
import org.apache.hc.client5.testing.compatibility.sync.HttpClientCompatibilityTest2;
4546
import org.apache.hc.client5.testing.compatibility.sync.HttpClientProxyCompatibilityTest;
4647
import org.apache.hc.core5.http.HttpHost;
4748
import org.apache.hc.core5.http.URIScheme;
@@ -153,6 +154,20 @@ public ClassicDirectHttpSpnego() throws Exception {
153154

154155
}
155156

157+
@Nested
158+
@DisplayName("Classic client: HTTP/1.1, plain, SPNEGO, direct connection, doAs")
159+
class ClassicDirectHttpSpnegDoAs extends HttpClientCompatibilityTest2 {
160+
161+
public ClassicDirectHttpSpnegDoAs() throws Exception {
162+
super(targetContainerHost(),
163+
null,
164+
null,
165+
null,
166+
spnegoSubject);
167+
}
168+
169+
}
170+
156171
@Nested
157172
@DisplayName("Classic client: HTTP/1.1, plain, password, connection via proxy")
158173
class ClassicViaProxyHttp extends HttpClientCompatibilityTest {
@@ -257,6 +272,20 @@ public AsyncDirectHttp1Spnego() throws Exception {
257272

258273
}
259274

275+
@Nested
276+
@DisplayName("Async client: HTTP/1.1, plain, SPNEGO, direct connection DOAS")
277+
class AsyncDirectHttp1SpnegoDoAs extends HttpAsyncClientHttp1CompatibilityTest {
278+
279+
public AsyncDirectHttp1SpnegoDoAs() throws Exception {
280+
super(targetContainerHost(),
281+
SpnegoTestUtil.createCredentials(spnegoSubject),
282+
null,
283+
null,
284+
spnegoSubject);
285+
}
286+
287+
}
288+
260289
@Nested
261290
@DisplayName("Async client: HTTP/1.1, plain, password, connection via proxy")
262291
class AsyncViaProxyHttp1 extends HttpAsyncClientHttp1CompatibilityTest {

httpclient5-testing/src/test/java/org/apache/hc/client5/testing/compatibility/async/HttpAsyncClientCompatibilityTest.java

Lines changed: 36 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,13 @@
2727
package org.apache.hc.client5.testing.compatibility.async;
2828

2929
import java.util.Queue;
30+
import java.util.concurrent.Callable;
3031
import java.util.concurrent.ConcurrentLinkedQueue;
3132
import java.util.concurrent.CountDownLatch;
3233
import java.util.concurrent.Future;
3334

35+
import javax.security.auth.Subject;
36+
3437
import org.apache.hc.client5.http.ContextBuilder;
3538
import org.apache.hc.client5.http.async.methods.SimpleHttpRequest;
3639
import org.apache.hc.client5.http.async.methods.SimpleHttpResponse;
@@ -46,6 +49,7 @@
4649
import org.apache.hc.client5.testing.compatibility.spnego.SpnegoAuthenticationStrategy;
4750
import org.apache.hc.client5.testing.compatibility.spnego.SpnegoTestUtil;
4851
import org.apache.hc.client5.testing.extension.async.HttpAsyncClientResource;
52+
import org.apache.hc.client5.testing.util.SecurityUtils;
4953
import org.apache.hc.core5.concurrent.FutureCallback;
5054
import org.apache.hc.core5.http.HttpHost;
5155
import org.apache.hc.core5.http.HttpStatus;
@@ -57,6 +61,7 @@
5761
import org.junit.jupiter.api.Test;
5862
import org.junit.jupiter.api.extension.RegisterExtension;
5963

64+
6065
public abstract class HttpAsyncClientCompatibilityTest {
6166

6267
static final Timeout TIMEOUT = Timeout.ofSeconds(5);
@@ -69,21 +74,32 @@ public abstract class HttpAsyncClientCompatibilityTest {
6974
private final BasicCredentialsProvider credentialsProvider;
7075
protected final Credentials targetCreds;
7176
protected String secretPath = "/private/big-secret.txt";
77+
protected Subject doAs;
7278

7379
public HttpAsyncClientCompatibilityTest(
7480
final HttpVersionPolicy versionPolicy,
7581
final HttpHost target,
7682
final Credentials targetCreds,
7783
final HttpHost proxy,
7884
final Credentials proxyCreds) throws Exception {
85+
this(versionPolicy, target, targetCreds, proxy, proxyCreds, null);
86+
}
87+
88+
public HttpAsyncClientCompatibilityTest(
89+
final HttpVersionPolicy versionPolicy,
90+
final HttpHost target,
91+
final Credentials targetCreds,
92+
final HttpHost proxy,
93+
final Credentials proxyCreds,
94+
final Subject doAs) throws Exception {
95+
this.doAs = doAs;
7996
this.versionPolicy = versionPolicy;
8097
this.target = target;
8198
this.targetCreds = targetCreds;
8299
this.credentialsProvider = new BasicCredentialsProvider();
83100
this.clientResource = new HttpAsyncClientResource(versionPolicy);
84-
if (targetCreds != null) {
85-
//this.setCredentials(new AuthScope(target), targetCreds);
86-
if (targetCreds instanceof GssCredentials) {
101+
if (targetCreds != null || doAs != null) {
102+
if (targetCreds instanceof GssCredentials || doAs != null) {
87103
secretPath = "/private_spnego/big-secret.txt";
88104
this.clientResource.configure(builder -> builder
89105
.setTargetAuthenticationStrategy(new SpnegoAuthenticationStrategy())
@@ -238,6 +254,22 @@ void test_auth_failure_wrong_auth_credentials() throws Exception {
238254

239255
@Test
240256
void test_auth_success() throws Exception {
257+
if (doAs != null) {
258+
SecurityUtils.callAs(doAs, () -> {
259+
final CloseableHttpAsyncClient client = client();
260+
final HttpClientContext context = context();
261+
262+
final SimpleHttpRequest httpGetSecret = SimpleRequestBuilder.get()
263+
.setHttpHost(target)
264+
.setPath(secretPath)
265+
.build();
266+
final Future<SimpleHttpResponse> future = client.execute(httpGetSecret, context, null);
267+
final SimpleHttpResponse response = future.get(TIMEOUT.getDuration(), TIMEOUT.getTimeUnit());
268+
Assertions.assertEquals(HttpStatus.SC_OK, response.getCode());
269+
assertProtocolVersion(context);
270+
return 0;
271+
});
272+
} else {
241273
setCredentials(
242274
new AuthScope(target),
243275
targetCreds);
@@ -253,5 +285,6 @@ void test_auth_success() throws Exception {
253285
Assertions.assertEquals(HttpStatus.SC_OK, response.getCode());
254286
assertProtocolVersion(context);
255287
}
288+
}
256289

257290
}

httpclient5-testing/src/test/java/org/apache/hc/client5/testing/compatibility/async/HttpAsyncClientHttp1CompatibilityTest.java

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,8 @@
2828

2929
import java.util.concurrent.Future;
3030

31+
import javax.security.auth.Subject;
32+
3133
import org.apache.hc.client5.http.async.methods.SimpleHttpRequest;
3234
import org.apache.hc.client5.http.async.methods.SimpleHttpResponse;
3335
import org.apache.hc.client5.http.async.methods.SimpleRequestBuilder;
@@ -54,6 +56,15 @@ public HttpAsyncClientHttp1CompatibilityTest(
5456
super(HttpVersionPolicy.FORCE_HTTP_1, target, targetCreds, proxy, proxyCreds);
5557
}
5658

59+
public HttpAsyncClientHttp1CompatibilityTest(
60+
final HttpHost target,
61+
final Credentials targetCreds,
62+
final HttpHost proxy,
63+
final Credentials proxyCreds,
64+
final Subject doAs) throws Exception {
65+
super(HttpVersionPolicy.FORCE_HTTP_1, target, targetCreds, proxy, proxyCreds, doAs);
66+
}
67+
5768
@Test
5869
void test_auth_success_no_keep_alive() throws Exception {
5970
setCredentials(

0 commit comments

Comments
 (0)