Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit45ce06c

Browse files
Evan Whelancoffeys
Evan Whelan
authored andcommitted
8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
Reviewed-by: dfuchs, coffeys, vtewari, michaelm
1 parent60cb27d commit45ce06c

File tree

4 files changed

+177
-2
lines changed

4 files changed

+177
-2
lines changed

‎src/java.base/share/classes/sun/net/www/http/HttpClient.java‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -307,7 +307,7 @@ public static HttpClient New(URL url, Proxy p, int to, boolean useCache,
307307
ret =kac.get(url,null);
308308
if (ret !=null &&httpuc !=null &&
309309
httpuc.streaming() &&
310-
httpuc.getRequestMethod() =="POST") {
310+
"POST".equals(httpuc.getRequestMethod())) {
311311
if (!ret.available()) {
312312
ret.inCache =false;
313313
ret.closeServer();

‎src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -329,7 +329,7 @@ static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv,
329329
ret = (HttpsClient)kac.get(url,sf);
330330
if (ret !=null &&httpuc !=null &&
331331
httpuc.streaming() &&
332-
httpuc.getRequestMethod() =="POST") {
332+
"POST".equals(httpuc.getRequestMethod())) {
333333
if (!ret.available())
334334
ret =null;
335335
}
Lines changed: 140 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,140 @@
1+
/*
2+
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
3+
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4+
*
5+
* This code is free software; you can redistribute it and/or modify it
6+
* under the terms of the GNU General Public License version 2 only, as
7+
* published by the Free Software Foundation.
8+
*
9+
* This code is distributed in the hope that it will be useful, but WITHOUT
10+
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11+
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12+
* version 2 for more details (a copy is included in the LICENSE file that
13+
* accompanied this code).
14+
*
15+
* You should have received a copy of the GNU General Public License version
16+
* 2 along with this work; if not, write to the Free Software Foundation,
17+
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18+
*
19+
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20+
* or visit www.oracle.com if you need additional information or have any
21+
* questions.
22+
*/
23+
24+
/* @test
25+
* @summary This test checks that a broken HttpClient is not returned from the KeepAliveCache
26+
* when the intial HttpURLConnection.setRequest method is passed a 'new String("POST")'
27+
* rather than the "POST" String literal
28+
* @bug 8274779
29+
* @library /test/lib
30+
* @modules java.base/sun.net.www.http
31+
* java.base/sun.net.www.protocol.http
32+
* @build java.base/sun.net.www.http.HttpClientAccess
33+
* @run testng/othervm RequestMethodEquality
34+
*/
35+
36+
importcom.sun.net.httpserver.HttpExchange;
37+
importcom.sun.net.httpserver.HttpHandler;
38+
importcom.sun.net.httpserver.HttpServer;
39+
importjdk.test.lib.net.URIBuilder;
40+
importorg.testng.Assert;
41+
importorg.testng.annotations.AfterTest;
42+
importorg.testng.annotations.BeforeTest;
43+
importorg.testng.annotations.Test;
44+
importsun.net.www.http.HttpClient;
45+
importsun.net.www.http.HttpClientAccess;
46+
importsun.net.www.http.KeepAliveCache;
47+
importsun.net.www.protocol.http.HttpURLConnection;
48+
49+
importjava.io.IOException;
50+
importjava.net.InetAddress;
51+
importjava.net.InetSocketAddress;
52+
importjava.net.Proxy;
53+
importjava.net.URL;
54+
55+
publicclassRequestMethodEquality {
56+
privatestaticfinalStringTEST_CONTEXT ="/reqmethodtest";
57+
privateHttpServerserver;
58+
privateCustomHandlerhandler;
59+
privateHttpClientAccesshttpClientAccess;
60+
61+
@BeforeTest
62+
publicvoidsetup()throwsException {
63+
handler =newCustomHandler();
64+
server =createServer(handler);
65+
httpClientAccess =newHttpClientAccess();
66+
}
67+
68+
@AfterTest
69+
publicvoidtearDown()throwsException {
70+
if (server !=null) {
71+
server.stop(0);
72+
}
73+
}
74+
75+
@Test
76+
publicvoidtestHttpClient()throwsException {
77+
HttpURLConnectionconn =null;
78+
try {
79+
URLurl =URIBuilder.newBuilder()
80+
.scheme("http")
81+
.host(server.getAddress().getAddress())
82+
.port(server.getAddress().getPort())
83+
.path(TEST_CONTEXT)
84+
.toURL();
85+
86+
conn = (HttpURLConnection)url.openConnection();
87+
conn.setChunkedStreamingMode(8);// ensures the call to HttpURLConnection.streaming() passes
88+
89+
intfirstConnectTimeout =1234;
90+
HttpClientfreshClient =HttpClient.New(url,Proxy.NO_PROXY,firstConnectTimeout,true,conn);
91+
freshClient.closeServer();// ensures that the call to HttpClient.available() fails
92+
93+
httpClientAccess.setInCache(freshClient,true);// allows the assertion in HttpClient.New to pass
94+
95+
// Injecting a mock KeepAliveCache that the HttpClient can use
96+
KeepAliveCachekac =httpClientAccess.getKeepAliveCache();
97+
kac.put(url,null,freshClient);
98+
99+
// The 'new' keyword is important here as the original code
100+
// used '==' rather than String.equals to compare request methods
101+
conn.setRequestMethod(newString("POST"));
102+
103+
// Before the fix, the value returned to 'cachedClient' would have been the (broken) cached
104+
// 'freshClient' as HttpClient.available() could never be checked
105+
intsecondConnectTimeout =4321;
106+
HttpClientcachedClient =HttpClient.New(url,Proxy.NO_PROXY,secondConnectTimeout,true,conn);
107+
cachedClient.closeServer();
108+
109+
intoriginalConnectTimeout =freshClient.getConnectTimeout();
110+
intcachedConnectTimeout =cachedClient.getConnectTimeout();
111+
112+
// If both connectTimeout values are equal, it means the test retrieved the same broken
113+
// HttpClient from the cache and is trying to re-use it.
114+
Assert.assertNotEquals(originalConnectTimeout,cachedConnectTimeout,"Both connectTimeout values are equal.\nThis means the test is reusing a broken HttpClient rather than creating a new one.");
115+
}finally {
116+
if (conn !=null) {
117+
conn.disconnect();
118+
}
119+
}
120+
}
121+
122+
privatestaticHttpServercreateServer(finalHttpHandlerhandler)throwsIOException {
123+
finalInetSocketAddressserverAddress =newInetSocketAddress(InetAddress.getLoopbackAddress(),0);
124+
finalintbacklog = -1;
125+
finalHttpServerserver =HttpServer.create(serverAddress,backlog);
126+
server.createContext(TEST_CONTEXT,handler);
127+
server.start();
128+
System.out.println("Server started on " +server.getAddress());
129+
returnserver;
130+
}
131+
132+
privatestaticclassCustomHandlerimplementsHttpHandler {
133+
@Override
134+
publicvoidhandle(HttpExchangeexchange)throwsIOException {
135+
// We'll always send 200 OK - We don't care about the server logic
136+
exchange.sendResponseHeaders(200,1);
137+
exchange.close();
138+
}
139+
}
140+
}
Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
/*
2+
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
3+
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4+
*
5+
* This code is free software; you can redistribute it and/or modify it
6+
* under the terms of the GNU General Public License version 2 only, as
7+
* published by the Free Software Foundation.
8+
*
9+
* This code is distributed in the hope that it will be useful, but WITHOUT
10+
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11+
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12+
* version 2 for more details (a copy is included in the LICENSE file that
13+
* accompanied this code).
14+
*
15+
* You should have received a copy of the GNU General Public License version
16+
* 2 along with this work; if not, write to the Free Software Foundation,
17+
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18+
*
19+
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20+
* or visit www.oracle.com if you need additional information or have any
21+
* questions.
22+
*/
23+
24+
packagesun.net.www.http;
25+
// We can use this injected accessor class to get the KeepAliveCache from our HttpClient
26+
publicclassHttpClientAccess {
27+
publicKeepAliveCachegetKeepAliveCache () {
28+
// kac is a protected static field in HttpClient
29+
returnHttpClient.kac;
30+
}
31+
32+
publicvoidsetInCache(HttpClientclient,booleaninCache) {
33+
client.inCache =inCache;
34+
}
35+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp