From a7273625d7c33af70b6d16db5782c802186b3b99 Mon Sep 17 00:00:00 2001 From: Tom Morris Date: Fri, 2 Aug 2013 19:15:24 -0400 Subject: [PATCH] Add support for Basic Authentication over HTTPS - addresses #217 --- .../refine/importing/ImportingUtilities.java | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/main/src/com/google/refine/importing/ImportingUtilities.java b/main/src/com/google/refine/importing/ImportingUtilities.java index 508a3b5a0..9ed2fcdea 100644 --- a/main/src/com/google/refine/importing/ImportingUtilities.java +++ b/main/src/com/google/refine/importing/ImportingUtilities.java @@ -66,6 +66,8 @@ import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.commons.fileupload.util.Streams; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.DecompressingHttpClient; import org.apache.http.impl.client.DefaultHttpClient; @@ -277,11 +279,26 @@ public class ImportingUtilities { } if ("http".equals(url.getProtocol()) || "https".equals(url.getProtocol())) { + DefaultHttpClient client = new DefaultHttpClient(); DecompressingHttpClient httpclient = - new DecompressingHttpClient(new DefaultHttpClient()); + new DecompressingHttpClient(client); HttpGet httpGet = new HttpGet(url.toURI()); httpGet.setHeader("User-Agent", RefineServlet.getUserAgent()); - + if ("https".equals(url.getProtocol())) { + // HTTPS only - no sending password in the clear over HTTP + String userinfo = url.getUserInfo(); + if (userinfo != null) { + int s = userinfo.indexOf(':'); + if (s > 0) { + String user = userinfo.substring(0, s); + String pw = userinfo.substring(s + 1, userinfo.length()); + client.getCredentialsProvider().setCredentials( + new AuthScope(url.getHost(), 443), + new UsernamePasswordCredentials(user, pw)); + } + } + } + HttpResponse response = httpclient.execute(httpGet); try {