motiejus
/
jgit
1
Fork 0
Code Releases Activity

Detects background authentication and force use of jgit authentication 

Sun HttpURLConnection is able to handle authentication like SPNEGO without
caller intervention. However, there are some restrictions:
- do not need user direct input (user,password for example)
- it doesn't work when request body is chunked/streamed (because it cannot be
replayed)

Unfortunately there is no real way to leverage HttpURLConnection authentication
work as the authentication header is stripped off the request before returning
to the caller. There's also no way to explicitly disable authentication in
HttpURLConnection (SPNEGO auth will always be attempted if a valid token can be
created by GSSAPI).

This is an issue for jgit since it is expected that the first request will be
used to detect authentication method, and reuse for the subsequent requests.

This patch modifies TransportHTTP to detect authentication done in the background
by HttpURLConnection and sets the jgit authentication method accordingly so it will
always work for future requests (assuming that the authentication method used by
HttpURLConnection is also supported by jgit).

Bug: 428836
Change-Id: I79f3b70ca2b8377e20da8e6a01914e43e96595ce
Signed-off-by: Laurent Goujon <lgoujon@twitter.com>
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
This commit is contained in:
Laurent Goujon 2014-02-24 13:23:00 -08:00 committed by Chris Aniszczyk
parent ff9c194b8a
commit 0e7622a915
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
View File

@ -52,6 +52,7 @@
import static org.eclipse.jgit.util.HttpSupport.HDR_CONTENT_TYPE;
import static org.eclipse.jgit.util.HttpSupport.HDR_PRAGMA;
import static org.eclipse.jgit.util.HttpSupport.HDR_USER_AGENT;
import static org.eclipse.jgit.util.HttpSupport.HDR_WWW_AUTHENTICATE;
import static org.eclipse.jgit.util.HttpSupport.METHOD_GET;
import static org.eclipse.jgit.util.HttpSupport.METHOD_POST;
@ -474,6 +475,13 @@ private HttpConnection connect(final String service)
final int status = HttpSupport.response(conn);
switch (status) {
case HttpConnection.HTTP_OK:
// Check if HttpConnection did some authentication in the
// background (e.g Kerberos/SPNEGO).
// That may not work for streaming requests and jgit
// explicit authentication would be required
if (authMethod == HttpAuthMethod.NONE
&& conn.getHeaderField(HDR_WWW_AUTHENTICATE) != null)
authMethod = HttpAuthMethod.scanResponse(conn);
return conn;
case HttpConnection.HTTP_NOT_FOUND: