Skip to content

8292876: Do not include the deprecated userinfo component of the URI in HTTP/2 headers #3794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

8292876: Do not include the deprecated userinfo component of the URI in HTTP/2 headers #3794

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b1116ab
backport b30d922009bab114fb8ac200df42b594a72a2942
GoeLin Aug 3, 2025
f860cac
parts from 8295944: Move the Http2TestServer and related classes into…
GoeLin Aug 3, 2025
2800572
run test as othervm
GoeLin Aug 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions src/java.net.http/share/classes/jdk/internal/net/http/Stream.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -842,9 +842,14 @@ private static HttpHeaders createPseudoHeaders(HttpRequest request) {
hdrs.setHeader(":method", method);
URI uri = request.uri();
hdrs.setHeader(":scheme", uri.getScheme());
// TODO: userinfo deprecated. Needs to be removed
hdrs.setHeader(":authority", uri.getAuthority());
// TODO: ensure header names beginning with : not in user headers
String host = uri.getHost();
int port = uri.getPort();
assert host != null;
if (port != -1) {
hdrs.setHeader(":authority", host + ":" + port);
} else {
hdrs.setHeader(":authority", host);
}
String query = uri.getRawQuery();
String path = uri.getRawPath();
if (path == null || path.isEmpty()) {
Expand Down
116 changes: 116 additions & 0 deletions test/jdk/java/net/httpclient/http2/UserInfoTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
/*
* Copyright (c) 2022, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

import jdk.test.lib.net.SimpleSSLContext;
import jdk.test.lib.net.URIBuilder;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;

import javax.net.ssl.SSLContext;
import java.io.IOException;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import jdk.httpclient.test.lib.http2.Http2TestServer;
import jdk.httpclient.test.lib.http2.Http2TestExchange;
import jdk.httpclient.test.lib.http2.Http2Handler;


import static org.junit.jupiter.api.Assertions.assertEquals;


/**
* @test
* @bug 8292876
* @library /test/lib /test/jdk/java/net/httpclient/lib
* @build jdk.httpclient.test.lib.http2.Http2TestServer jdk.test.lib.net.SimpleSSLContext
* @run junit/othervm UserInfoTest
*/

@TestInstance(TestInstance.Lifecycle.PER_CLASS)
public class UserInfoTest {

Http2TestServer server;
int port;
SSLContext sslContext;

@BeforeAll
void before() throws Exception {
sslContext = new SimpleSSLContext().get();
server = createServer(sslContext);
port = server.getAddress().getPort();
server.start();
}

@AfterAll
void after() throws Exception {
server.close();
}

static class Http2TestHandler implements Http2Handler {
@Override
public void handle(Http2TestExchange e) throws IOException {
String authorityHeader = e.getRequestHeaders().firstValue(":authority").orElse(null);
if (authorityHeader == null || authorityHeader.contains("user@")) {
e.sendResponseHeaders(500, -1);
} else {
e.sendResponseHeaders(200, -1);
}
}
}

private static Http2TestServer createServer(SSLContext sslContext) throws Exception {
Http2TestServer http2TestServer = new Http2TestServer("localhost", true, sslContext);
Http2TestHandler handler = new Http2TestHandler();
http2TestServer.addHandler(handler, "/");
return http2TestServer;
}

@Test
public void testAuthorityHeader() throws Exception {
HttpClient client = HttpClient
.newBuilder()
.proxy(HttpClient.Builder.NO_PROXY)
.sslContext(sslContext)
.build();

URI uri = URIBuilder.newBuilder()
.scheme("https")
.userInfo("user")
.loopback()
.port(port)
.build();

HttpRequest request = HttpRequest
.newBuilder(uri)
.GET()
.build();

HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());

assertEquals(200, response.statusCode(), "Test Failed : " + response.uri().getAuthority());
}
}