diff options
| author | Laurent Goujon | 2014-02-24 21:23:00 +0000 |
|---|---|---|
| committer | Chris Aniszczyk | 2014-05-21 15:29:57 +0000 |
| commit | 0e7622a9151e2247c95acec366e3f911e80f5764 (patch) | |
| tree | 8cceb10f833bae2bb3863152820738d16d9d7ebf | |
| parent | ff9c194b8a3b8f21b46d77b491f5372365f69b43 (diff) | |
| download | jgit-0e7622a9151e2247c95acec366e3f911e80f5764.tar.gz jgit-0e7622a9151e2247c95acec366e3f911e80f5764.tar.xz jgit-0e7622a9151e2247c95acec366e3f911e80f5764.zip | |
Detects background authentication and force use of jgit authentication
Sun HttpURLConnection is able to handle authentication like SPNEGO without
caller intervention. However, there are some restrictions:
- do not need user direct input (user,password for example)
- it doesn't work when request body is chunked/streamed (because it cannot be
replayed)
Unfortunately there is no real way to leverage HttpURLConnection authentication
work as the authentication header is stripped off the request before returning
to the caller. There's also no way to explicitly disable authentication in
HttpURLConnection (SPNEGO auth will always be attempted if a valid token can be
created by GSSAPI).
This is an issue for jgit since it is expected that the first request will be
used to detect authentication method, and reuse for the subsequent requests.
This patch modifies TransportHTTP to detect authentication done in the background
by HttpURLConnection and sets the jgit authentication method accordingly so it will
always work for future requests (assuming that the authentication method used by
HttpURLConnection is also supported by jgit).
Bug: 428836
Change-Id: I79f3b70ca2b8377e20da8e6a01914e43e96595ce
Signed-off-by: Laurent Goujon <lgoujon@twitter.com>
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
| -rw-r--r-- | org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java index 19b3ab6a78..f4471bf83b 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java @@ -52,6 +52,7 @@ import static org.eclipse.jgit.util.HttpSupport.HDR_CONTENT_ENCODING; import static org.eclipse.jgit.util.HttpSupport.HDR_CONTENT_TYPE; import static org.eclipse.jgit.util.HttpSupport.HDR_PRAGMA; import static org.eclipse.jgit.util.HttpSupport.HDR_USER_AGENT; +import static org.eclipse.jgit.util.HttpSupport.HDR_WWW_AUTHENTICATE; import static org.eclipse.jgit.util.HttpSupport.METHOD_GET; import static org.eclipse.jgit.util.HttpSupport.METHOD_POST; @@ -474,6 +475,13 @@ public class TransportHttp extends HttpTransport implements WalkTransport, final int status = HttpSupport.response(conn); switch (status) { case HttpConnection.HTTP_OK: + // Check if HttpConnection did some authentication in the + // background (e.g Kerberos/SPNEGO). + // That may not work for streaming requests and jgit + // explicit authentication would be required + if (authMethod == HttpAuthMethod.NONE + && conn.getHeaderField(HDR_WWW_AUTHENTICATE) != null) + authMethod = HttpAuthMethod.scanResponse(conn); return conn; case HttpConnection.HTTP_NOT_FOUND: |