[FIXED JENKINS-22368] Discovery fails behind proxy

This commit addresses the problem described in [FIXED JENKINS-22368] and may also correct [JENKINS-11753]. Proxy settings in openid4java's HttpClientFactory will now be initialized when calling the constructor of the OpenIdSsoSecurityRealm & GoogleAppSsoSecurityRealm classes in addition to the existing call in the commenceLogin process.
jenkinsci · Mar 26, 2014 · ac607f3 · ac607f3
1 parent 783be00
commit ac607f3
Show file tree

Hide file tree

Showing 3 changed files with 115 additions and 20 deletions.
diff --git a/src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java b/src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java
@@ -37,15 +37,7 @@ public GoogleAppSsoSecurityRealm(String domain) throws IOException, OpenIDExcept
 
     @Override
     protected ConsumerManager createManager() throws ConsumerException {
-        final Hudson instance = Hudson.getInstance();
-        if (instance.proxy != null) {
-            ProxyProperties props = new ProxyProperties();
-            props.setProxyHostName(instance.proxy.name);
-            props.setProxyPort(instance.proxy.port);
-            props.setUserName(instance.proxy.getUserName());
-            props.setProxyHostName(instance.proxy.getPassword());
-            HttpClientFactory.setProxyProperties(props);
-        }
+        addProxyPropertiesToHttpClient();
         ConsumerManager m = new ConsumerManager();
         m.setDiscovery(new Discovery() {
             /**

diff --git a/src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java b/src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
@@ -24,13 +24,15 @@
 package hudson.plugins.openid;
 
 import com.cloudbees.openid4java.team.TeamExtensionFactory;
+
 import hudson.Extension;
 import hudson.model.Descriptor;
 import hudson.model.Failure;
 import hudson.model.Hudson;
 import hudson.model.User;
 import hudson.security.SecurityRealm;
 import hudson.util.FormValidation;
+
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationManager;
@@ -81,6 +83,7 @@ public class OpenIdSsoSecurityRealm extends SecurityRealm {
     @DataBoundConstructor
     public OpenIdSsoSecurityRealm(String endpoint) throws IOException, OpenIDException {
         this.endpoint = endpoint;
+        addProxyPropertiesToHttpClient();
         getDiscoveredEndpoint();
     }
 
@@ -100,17 +103,26 @@ private ConsumerManager getManager() throws ConsumerException {
     }
 
     protected ConsumerManager createManager() throws ConsumerException {
+        addProxyPropertiesToHttpClient();
+        ConsumerManager manager = new ConsumerManager();
+        return manager;
+    }
+
+    protected void addProxyPropertiesToHttpClient() {
         final Hudson instance = Hudson.getInstance();
         if (instance.proxy != null) {
             ProxyProperties props = new ProxyProperties();
             props.setProxyHostName(instance.proxy.name);
             props.setProxyPort(instance.proxy.port);
-            props.setUserName(instance.proxy.getUserName());
-            props.setProxyHostName(instance.proxy.getPassword());
+            // Do not populate userName and password if userName 
+            // has not been specified. 
+            if (instance.proxy.getUserName() != null) {
+                props.setUserName(instance.proxy.getUserName());
+                props.setPassword(instance.proxy.getPassword());
+            }
+
             HttpClientFactory.setProxyProperties(props);
         }
-        ConsumerManager manager = new ConsumerManager();
-        return manager;
     }
 
     private DiscoveryInformation getDiscoveredEndpoint() throws IOException, OpenIDException {

diff --git a/src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java b/src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java
@@ -23,25 +23,45 @@
  */
 package hudson.plugins.openid;
 
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
+import static hudson.plugins.openid.OpenIdTestService.AX_EXTENSION;
+import static hudson.plugins.openid.OpenIdTestService.SREG_EXTENSION;
+import static hudson.plugins.openid.OpenIdTestService.TEAM_EXTENSION;
+import hudson.ProxyConfiguration;
 import hudson.model.User;
+import hudson.plugins.openid.OpenIdTestService.IdProperty;
+
+import java.util.Map;
+import java.util.concurrent.Callable;
+
 import org.acegisecurity.Authentication;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.context.SecurityContextHolder;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import org.openid4java.discovery.DiscoveryException;
+import org.openid4java.util.HttpClientFactory;
 
-import java.util.Map;
-import java.util.concurrent.Callable;
-
-import static hudson.plugins.openid.OpenIdTestService.*;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
 
 /**
  * @author Paul Sandoz
  */
 public class OpenIdSsoSecurityRealmTest extends OpenIdTestCase {
 
+    private static final String FAKE_PROXY_PASSWORD = "mrwayne";
+    private static final String FAKE_PROXY_USER_NAME = "thebutler";
+    private static final int FAKE_PROXY_PORT_ALTERNATIVE = 4321;
+    private static final int FAKE_JENKINS_PROXY_PORT = 1234;
+    private static final String FAKE_PROXY_NAME = "fakeproxy.jenkins-ci.org";
+
+	@Override
+	public void setUp() throws Exception {
+		super.setUp();
+
+		HttpClientFactory.setProxyProperties(null);
+	}
+
     void _testLogin(String userName) throws Exception {
         WebClient wc = new WebClient();
 
@@ -149,4 +169,75 @@ public void testLoginWithWithoutSRegExtensionAndEmailAddress() throws Exception
 
         _testLogin(openid.getUserIdentity());
     }
+
+	public void testProxyInformationAvailableForCreateManager()
+			throws Exception {
+		openid = new OpenIdTestService(getServiceUrl(), getProps(),
+				Sets.newHashSet("foo", "bar"), Lists.newArrayList(
+						SREG_EXTENSION, AX_EXTENSION, TEAM_EXTENSION));
+
+		OpenIdSsoSecurityRealm realm = new OpenIdSsoSecurityRealm(openid.url);
+		hudson.proxy = new ProxyConfiguration(FAKE_PROXY_NAME,
+				FAKE_JENKINS_PROXY_PORT);
+		realm.createManager();
+
+		assertEquals(FAKE_PROXY_NAME, HttpClientFactory.getProxyProperties()
+				.getProxyHostName());
+		assertEquals(FAKE_JENKINS_PROXY_PORT, HttpClientFactory
+				.getProxyProperties().getProxyPort());
+	}
+
+	public void testProxyInformationAvailableForDiscoverNoCredentials()
+			throws Exception {
+		openid = new OpenIdTestService(getServiceUrl(), getProps(),
+				Sets.newHashSet("foo", "bar"), Lists.newArrayList(
+						SREG_EXTENSION, AX_EXTENSION, TEAM_EXTENSION));
+
+		hudson.proxy = new ProxyConfiguration(FAKE_PROXY_NAME,
+				FAKE_JENKINS_PROXY_PORT);
+		try {
+			new OpenIdSsoSecurityRealm(openid.url);
+		} catch (DiscoveryException e) {
+			// This is expected since the proxy is fake. Hence, discovery will
+			// not be possible
+		}
+
+		assertEquals(FAKE_PROXY_NAME, HttpClientFactory.getProxyProperties()
+				.getProxyHostName());
+		assertEquals(FAKE_JENKINS_PROXY_PORT, HttpClientFactory
+				.getProxyProperties().getProxyPort());
+		// The openid4java ProxyProperties class returns a default value of
+		// anonymous if userName
+		// or password is null or empty string
+		assertEquals("anonymous", HttpClientFactory.getProxyProperties()
+				.getUserName());
+		assertEquals("anonymous", HttpClientFactory.getProxyProperties()
+				.getPassword());
+	}
+
+	public void testProxyInformationAvailableForDiscoverWithCredentials()
+			throws Exception {
+		openid = new OpenIdTestService(getServiceUrl(), getProps(),
+				Sets.newHashSet("foo", "bar"), Lists.newArrayList(
+						SREG_EXTENSION, AX_EXTENSION, TEAM_EXTENSION));
+
+		hudson.proxy = new ProxyConfiguration(FAKE_PROXY_NAME,
+				FAKE_PROXY_PORT_ALTERNATIVE, FAKE_PROXY_USER_NAME,
+				FAKE_PROXY_PASSWORD);
+		try {
+			new OpenIdSsoSecurityRealm(openid.url);
+		} catch (DiscoveryException e) {
+			// This is expected since the proxy is fake. Hence, discovery will
+			// not be possible
+		}
+
+		assertEquals(FAKE_PROXY_NAME, HttpClientFactory.getProxyProperties()
+				.getProxyHostName());
+		assertEquals(FAKE_PROXY_PORT_ALTERNATIVE, HttpClientFactory
+				.getProxyProperties().getProxyPort());
+		assertEquals(FAKE_PROXY_USER_NAME, HttpClientFactory
+				.getProxyProperties().getUserName());
+		assertEquals(FAKE_PROXY_PASSWORD, HttpClientFactory
+				.getProxyProperties().getPassword());
+	}
 }