See #22596: Some hosts redirect to another host for authentication (patch by hhtznr, modified)

taylor.smock · taylor.smock · commit 3fd82ae10ec2 · 2023-12-14T15:31:54.000Z
This lets plugins do authentication with hosts that redirect to another host for authentication. git-svn-id: https://josm.openstreetmap.de/svn/trunk@18913 0c6e7542-c601-0410-84e7-c038aed88b3b
diff --git a/src/org/openstreetmap/josm/tools/HttpClient.java b/src/org/openstreetmap/josm/tools/HttpClient.java
@@ -8,6 +8,7 @@
 import java.io.InputStream;
 import java.net.CookieHandler;
 import java.net.CookieManager;
+import java.net.CookiePolicy;
 import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -83,7 +84,7 @@ public interface HttpClientFactory {
 
     static {
         try {
-            CookieHandler.setDefault(new CookieManager());
+            CookieHandler.setDefault(new CookieManager(null, CookiePolicy.ACCEPT_ALL));
         } catch (SecurityException e) {
             Logging.log(Logging.LEVEL_ERROR, "Unable to set default cookie handler", e);
         }
@@ -132,6 +133,19 @@ public final Response connect() throws IOException {
      * @since 9179
      */
     public final Response connect(ProgressMonitor progressMonitor) throws IOException {
+        return connect(progressMonitor, null, null);
+    }
+
+    /**
+     * Opens the HTTP connection.
+     * @param progressMonitor progress monitor
+     * @param authRedirectLocation The location where we will be redirected for authentication
+     * @param authRequestProperty The authorization header to set when being redirected to the auth location
+     * @return HTTP response
+     * @throws IOException if any I/O error occurs
+     * @since 18913
+     */
+    public final Response connect(ProgressMonitor progressMonitor, String authRedirectLocation, String authRequestProperty) throws IOException {
         if (progressMonitor == null) {
             progressMonitor = NullProgressMonitor.INSTANCE;
         }
@@ -183,8 +197,10 @@ public final Response connect(ProgressMonitor progressMonitor) throws IOExceptio
                     url = new URL(url, redirectLocation);
                     maxRedirects--;
                     logRequest(tr("Download redirected to ''{0}''", redirectLocation));
-                    // Fix JOSM #21935: Avoid leaking `Authorization` header on redirects.
-                    if (!Objects.equals(oldUrl.getHost(), this.url.getHost()) && this.getRequestHeader("Authorization") != null) {
+                    if (authRedirectLocation != null && authRequestProperty != null && redirectLocation.startsWith(authRedirectLocation)) {
+                        setHeader("Authorization", authRequestProperty);
+                    } else if (!Objects.equals(oldUrl.getHost(), this.url.getHost()) && this.getRequestHeader("Authorization") != null) {
+                        // Fix JOSM #21935: Avoid leaking `Authorization` header on redirects.
                         logRequest(tr("Download redirected to different host (''{0}'' -> ''{1}''), removing authorization headers",
                                 oldUrl.getHost(), url.getHost()));
                         this.headers.remove("Authorization");
