[1.9.x] implement AsyncHttpClient#941

AsyncHttpClient#941
"Grizzly provider always uses Basic auth when using a proxy"

Author: oleksiys

src/main/java/com/ning/http/client/providers/grizzly/AhcEventFilter.java

@@ -17,6 +17,7 @@
 import com.ning.http.client.AsyncHandler;
 import com.ning.http.client.FluentCaseInsensitiveStringsMap;
 import com.ning.http.client.MaxRedirectException;
+import com.ning.http.client.ProxyServer;
 import com.ning.http.client.Realm;
 import com.ning.http.client.Realm.AuthScheme;
 import com.ning.http.client.Request;
@@ -80,6 +81,7 @@ final class AhcEventFilter extends HttpClientFilter {
         super(maxHerdersSizeProperty);
         this.provider = provider;
         HANDLER_MAP.put(HttpStatus.UNAUTHORIZED_401.getStatusCode(), AuthorizationHandler.INSTANCE);
+        HANDLER_MAP.put(HttpStatus.PROXY_AUTHENTICATION_REQUIRED_407.getStatusCode(), ProxyAuthorizationHandler.INSTANCE);
         HANDLER_MAP.put(HttpStatus.MOVED_PERMANENTLY_301.getStatusCode(), RedirectHandler.INSTANCE);
         HANDLER_MAP.put(HttpStatus.FOUND_302.getStatusCode(), RedirectHandler.INSTANCE);
         HANDLER_MAP.put(HttpStatus.SEE_OTHER_303.getStatusCode(), RedirectHandler.INSTANCE);
@@ -522,16 +524,13 @@ public boolean handleStatus(final HttpResponsePacket responsePacket,
 
                 final Realm newRealm;
                 if (ntlmAuthenticate != null) {
+                    final Connection connection = ctx.getConnection();
                     // NTLM
                     // Connection-based auth
-                    isContinueAuth = ntlmChallenge(ctx.getConnection(),
-                            ntlmAuthenticate, req,
-                            req.getHeaders(), realm);
-                    
-                    newRealm = new Realm.RealmBuilder().clone(realm)//
-                            .setUri(req.getUri())//
-                            .setMethodName(req.getMethod())//
-                            .build();
+                    newRealm = ntlmChallenge(connection,
+                            ntlmAuthenticate,
+                            req, realm, false);
+                    isContinueAuth = !Utils.isNtlmEstablished(connection);
                 } else {
                     // Request-based auth
                     isContinueAuth = false;
@@ -585,66 +584,115 @@ public boolean handleStatus(final HttpResponsePacket responsePacket,
 
             return false;
         }
+    } // END AuthorizationHandler
 
-        private boolean ntlmChallenge(final Connection c,
-                final String wwwAuth, final Request request,
-                final FluentCaseInsensitiveStringsMap headers,
-                final Realm realm)
-                throws NTLMEngineException {
+    private static final class ProxyAuthorizationHandler implements StatusHandler {
 
-            if (wwwAuth.equals("NTLM")) {
-                // server replied bare NTLM => we didn't preemptively sent Type1Msg
-                String challengeHeader = NTLMEngine.INSTANCE.generateType1Msg();
+        static final ProxyAuthorizationHandler INSTANCE = new ProxyAuthorizationHandler();
+        // -------------------------------------- Methods from StatusHandler
 
-                addNTLMAuthorizationHeader(headers, challengeHeader, false);
-                return true;
-            } else {
-                // probably receiving Type2Msg, so we issue Type3Msg
-                addType3NTLMAuthorizationHeader(wwwAuth, headers, realm, false);
-                // we mark NTLM as established for the Connection to
-                // avoid preemptive NTLM
-                Utils.setNtlmEstablished(c);
-                
-                return false;
-            }
+        @Override
+        public boolean handlesStatus(int statusCode) {
+            return HttpStatus.PROXY_AUTHENTICATION_REQUIRED_407.statusMatches(statusCode);
         }
-    
-        private void addNTLMAuthorizationHeader(
-                FluentCaseInsensitiveStringsMap headers,
-                String challengeHeader, boolean proxyInd) {
-            headers.add(authorizationHeaderName(proxyInd), "NTLM " + challengeHeader);
-        }
-
-        private void addType3NTLMAuthorizationHeader(String auth,
-                FluentCaseInsensitiveStringsMap headers, Realm realm,
-                boolean proxyInd) throws NTLMEngineException {
-            headers.remove(authorizationHeaderName(proxyInd));
-
-            if (isNonEmpty(auth) && auth.startsWith("NTLM ")) {
-                String serverChallenge = auth.substring("NTLM ".length()).trim();
-                String challengeHeader = NTLMEngine.INSTANCE.generateType3Msg(
-                        realm.getPrincipal(), realm.getPassword(),
-                        realm.getNtlmDomain(), realm.getNtlmHost(), serverChallenge);
-                addNTLMAuthorizationHeader(headers, challengeHeader, proxyInd);
+
+        @SuppressWarnings(value = {"unchecked"})
+        @Override
+        public boolean handleStatus(final HttpResponsePacket responsePacket,
+                final HttpTransactionContext httpTransactionContext,
+                final FilterChainContext ctx) {
+            final List<String> proxyAuthHeaders =
+                    listOf(responsePacket.getHeaders()
+                            .values(Header.ProxyAuthenticate));
+            
+            if (proxyAuthHeaders.isEmpty()) {
+                throw new IllegalStateException("407 response received, but no "
+                        + "Proxy-Authenticate header was present");
             }
-        }
-        
-        private String authorizationHeaderName(boolean proxyInd) {
-            return proxyInd
-                    ? Header.ProxyAuthorization.toString()
-                    : Header.Authorization.toString();
-        }
-        
-        private static List<String> listOf(final Iterable<String> values) {
-            final List<String> list = new ArrayList<String>(2);
-            for (String value : values) {
-                list.add(value);
+            
+            final GrizzlyAsyncHttpProvider provider =
+                    httpTransactionContext.provider;
+                        
+            final ProxyServer proxyServer = httpTransactionContext.getProxyServer();
+            
+            if (proxyServer == null) {
+                httpTransactionContext.invocationStatus = InvocationStatus.STOP;
+                final AsyncHandler ah = httpTransactionContext.getAsyncHandler();
+                
+                if (ah != null) {
+                    try {
+                        ah.onStatusReceived(
+                                httpTransactionContext.responseStatus);
+                    } catch (Exception e) {
+                        httpTransactionContext.abort(e);
+                    }
+                }
+                return true;
             }
 
-            return list;
-        }
-    } // END AuthorizationHandler
+            final Request req = httpTransactionContext.getAhcRequest();
+
+            try {
+                String ntlmAuthenticate = getNTLM(proxyAuthHeaders);
+
+                final Realm newRealm;
+                if (ntlmAuthenticate != null) {
+                    // NTLM
+                    // Connection-based auth
+                    newRealm = ntlmProxyChallenge(ctx.getConnection(),
+                            ntlmAuthenticate,
+                            req, proxyServer);
+                } else {
+                    final String firstAuthHeader = proxyAuthHeaders.get(0);
+                    
+                     // BASIC or DIGEST
+                    newRealm = proxyServer.realmBuilder()
+                            .setUri(req.getUri())//
+                            .setOmitQuery(true)//
+                            .setMethodName(req.getMethod())//
+                            .setUsePreemptiveAuth(true)//
+                            .parseProxyAuthenticateHeader(firstAuthHeader)//
+                            .build();
+                }
 
+                responsePacket.setSkipRemainder(true); // ignore the remainder of the response
+                
+                final Connection c;
+                
+                // @TODO we may want to ditch the keep-alive connection if the response payload is too large
+                if (responsePacket.getProcessingState().isKeepAlive()) {
+                    // if it's HTTP keep-alive connection - reuse the
+                    // same Grizzly Connection
+                    c = ctx.getConnection();
+                    httpTransactionContext.reuseConnection();
+                } else {
+                    // if it's not keep-alive - take new Connection from the pool
+                    final ConnectionManager m = provider.getConnectionManager();
+                    c = m.openSync(req);
+                }
+                
+                final Request nextRequest = new RequestBuilder(req)
+                        .setRealm(newRealm)
+                        .build();
+                
+                final HttpTransactionContext newContext
+                        = httpTransactionContext.cloneAndStartTransactionFor(
+                                c, nextRequest);
+                newContext.invocationStatus = InvocationStatus.STOP;
+                
+                try {
+                    provider.execute(newContext);
+                } catch (IOException ioe) {
+                    newContext.abort(ioe);
+                }
+            } catch (Exception e) {
+                httpTransactionContext.abort(e);
+            }
+            
+            return false;
+        }
+    } // END ProxyAuthorizationHandler
+    
     private static final class RedirectHandler implements StatusHandler {
 
         static final RedirectHandler INSTANCE = new RedirectHandler();
@@ -778,5 +826,88 @@ private static Realm getRealm(final HttpTransactionContext httpTransactionContex
                 ? realm
                 : httpTransactionContext.provider.getClientConfig().getRealm();
     }
+ 
+    private static Realm ntlmChallenge(final Connection c,
+            final String wwwAuth,
+            final Request request,
+            final Realm realm,
+            final boolean proxyInd)
+            throws NTLMEngineException {
+
+        final FluentCaseInsensitiveStringsMap headers = request.getHeaders();
+        if (wwwAuth.equals("NTLM")) {
+            // server replied bare NTLM => we didn't preemptively sent Type1Msg
+            String challengeHeader = NTLMEngine.INSTANCE.generateType1Msg();
+
+            addNTLMAuthorizationHeader(headers, challengeHeader, proxyInd);
+        } else {
+            // probably receiving Type2Msg, so we issue Type3Msg
+            addType3NTLMAuthorizationHeader(wwwAuth, headers, realm, proxyInd);
+            // we mark NTLM as established for the Connection to
+            // avoid preemptive NTLM
+            Utils.setNtlmEstablished(c);
+        }
+        
+        return new Realm.RealmBuilder().clone(realm)//
+                            .setUri(request.getUri())//
+                            .setMethodName(request.getMethod())//
+                            .build();
+    }
+
+    private static Realm ntlmProxyChallenge(final Connection c,
+            final String wwwAuth, final Request request,
+            final ProxyServer proxyServer)
+            throws NTLMEngineException {
+        
+        final FluentCaseInsensitiveStringsMap headers = request.getHeaders();
+        headers.remove(Header.ProxyAuthorization.toString());
+
+        Realm realm = proxyServer.realmBuilder()//
+                .setScheme(AuthScheme.NTLM)//
+                .setUri(request.getUri())//
+                .setMethodName(request.getMethod()).build();
+        
+        addType3NTLMAuthorizationHeader(wwwAuth, headers, realm, true);
+        // we mark NTLM as established for the Connection to
+        // avoid preemptive NTLM
+        Utils.setNtlmEstablished(c);
+
+        return realm;
+    }
+    
+    private static void addNTLMAuthorizationHeader(
+            FluentCaseInsensitiveStringsMap headers,
+            String challengeHeader, boolean proxyInd) {
+        headers.add(authorizationHeaderName(proxyInd), "NTLM " + challengeHeader);
+    }
+
+    private static void addType3NTLMAuthorizationHeader(String auth,
+            FluentCaseInsensitiveStringsMap headers, Realm realm,
+            boolean proxyInd) throws NTLMEngineException {
+        headers.remove(authorizationHeaderName(proxyInd));
+
+        if (isNonEmpty(auth) && auth.startsWith("NTLM ")) {
+            String serverChallenge = auth.substring("NTLM ".length()).trim();
+            String challengeHeader = NTLMEngine.INSTANCE.generateType3Msg(
+                    realm.getPrincipal(), realm.getPassword(),
+                    realm.getNtlmDomain(), realm.getNtlmHost(), serverChallenge);
+            addNTLMAuthorizationHeader(headers, challengeHeader, proxyInd);
+        }
+    }
+
+    private static String authorizationHeaderName(final boolean proxyInd) {
+        return proxyInd
+                ? Header.ProxyAuthorization.toString()
+                : Header.Authorization.toString();
+    }
+
+    private static List<String> listOf(final Iterable<String> values) {
+        final List<String> list = new ArrayList<String>(2);
+        for (String value : values) {
+            list.add(value);
+        }
+
+        return list;
+    }    
 
 } // END AsyncHttpClientEventFilter

src/main/java/com/ning/http/client/providers/grizzly/AsyncHttpClientFilter.java

@@ -28,7 +28,6 @@
 import com.ning.http.util.AsyncHttpProviderUtils;
 import com.ning.http.util.AuthenticatorUtils;
 import com.ning.http.util.MiscUtils;
-import com.ning.http.util.ProxyUtils;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -108,49 +107,56 @@ public NextAction handleEvent(final FilterChainContext ctx, final FilterChainEve
     }
     // ----------------------------------------------------- Private Methods
 
-    private boolean sendAsGrizzlyRequest(final HttpTransactionContext httpTxCtx, final FilterChainContext ctx) throws IOException {
+    private boolean sendAsGrizzlyRequest(final HttpTransactionContext httpTxCtx,
+            final FilterChainContext ctx) throws IOException {
+        
         final Connection connection = ctx.getConnection();
 
         final boolean isUsedConnection = Boolean.TRUE.equals(USED_CONNECTION.get(connection));
         if (!isUsedConnection) {
             USED_CONNECTION.set(connection, Boolean.TRUE);
         }
-
 
         final Request ahcRequest = httpTxCtx.getAhcRequest();
-        if (isUpgradeRequest(httpTxCtx.getAsyncHandler()) && isWSRequest(httpTxCtx.requestUri)) {
+        if (isUpgradeRequest(httpTxCtx.getAsyncHandler()) &&
+                isWSRequest(httpTxCtx.requestUri)) {
             httpTxCtx.isWSRequest = true;
             convertToUpgradeRequest(httpTxCtx);
         }
         final Request req = httpTxCtx.getAhcRequest();
         final Method method = Method.valueOf(ahcRequest.getMethod());
         final Uri uri = req.getUri();
         boolean secure = "https".equals(uri.getScheme());
-        final ProxyServer proxy = ProxyUtils.getProxyServer(config, ahcRequest);
+        final ProxyServer proxy = httpTxCtx.getProxyServer();
         final boolean useProxy = proxy != null;
-        final boolean isEstablishingConnectTunnel = useProxy && (secure || httpTxCtx.isWSRequest) && !httpTxCtx.isTunnelEstablished(connection);
+        final boolean isEstablishingConnectTunnel = useProxy &&
+                (secure || httpTxCtx.isWSRequest) &&
+                !httpTxCtx.isTunnelEstablished(connection);
+        
         if (isEstablishingConnectTunnel) {
             // once the tunnel is established, sendAsGrizzlyRequest will
             // be called again and we'll finally send the request over the tunnel
             return establishConnectTunnel(proxy, httpTxCtx, uri, ctx);
         }        
-        final HttpRequestPacket.Builder builder = HttpRequestPacket.builder().protocol(Protocol.HTTP_1_1).method(method);
+        final HttpRequestPacket.Builder builder = HttpRequestPacket.builder()
+                .protocol(Protocol.HTTP_1_1)
+                .method(method);
 
         if (useProxy && !((secure || httpTxCtx.isWSRequest) &&
                 config.isUseRelativeURIsWithConnectProxies())) {
             builder.uri(uri.toUrl());
         } else {
-            builder.uri(AsyncHttpProviderUtils.getNonEmptyPath(uri));
-            builder.query(uri.getQuery());
+            builder.uri(AsyncHttpProviderUtils.getNonEmptyPath(uri))
+                   .query(uri.getQuery());
         }
 
         HttpRequestPacket requestPacket;
         final PayloadGenerator payloadGenerator = isPayloadAllowed(method) ? PayloadGenFactory.getPayloadGenerator(ahcRequest) : null;
         if (payloadGenerator != null) {
             final long contentLength = ahcRequest.getContentLength();
             if (contentLength >= 0) {
-                builder.contentLength(contentLength);
-                builder.chunked(false);
+                builder.contentLength(contentLength)
+                       .chunked(false);
             } else {
                 builder.chunked(true);
             }
@@ -320,7 +326,10 @@ private void addProxyHeaders(
                 isUsedConnection, isConnect);
     }
 
-    private void setProxyAuthorizationHeader(final Request req, final HttpRequestPacket requestPacket, final ProxyServer proxy, final Realm realm, final boolean isUsedConnection, final boolean isConnect) throws IOException {
+    private void setProxyAuthorizationHeader(final Request req,
+            final HttpRequestPacket requestPacket, final ProxyServer proxy,
+            final Realm realm, final boolean isUsedConnection,
+            final boolean isConnect) throws IOException {
         final String reqAuth = AuthenticatorUtils.perRequestProxyAuthorizationHeader(
                 req, realm, proxy, isConnect);