hakanai/AuthenticationLeakBugDemo.java

## AuthenticationLeakBugDemo.java
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.PasswordAuthentication;
import java.net.URL;

public class AuthenticationLeakBugDemo
{
    public static void main(String[] args) throws Exception
    {
        // User 1
        {
            System.out.println("Simulating user 1 coming in with proper authentication.");
            System.out.println("Expecting: 200");
            Authenticator.setDefault(new Authenticator()
            {
                @Override
                protected PasswordAuthentication getPasswordAuthentication()
                {
                    return new PasswordAuthentication("a", "a".toCharArray());
                }
            });
            try
            {
                URL url = new URL("http://httpbin.org/basic-auth/a/a");
                HttpURLConnection connection = (HttpURLConnection) url.openConnection();
                System.out.println("Got: " + connection.getResponseCode());
            }
            finally
            {
                Authenticator.setDefault(null);
            }
        }

        // User 2
        {
            System.out.println("Simulating user 2 coming in with no authentication.");
            System.out.println("Expecting: 401");
            URL url = new URL("http://httpbin.org/basic-auth/a/a");
            HttpURLConnection connection = (HttpURLConnection) url.openConnection();
            System.out.println("Got: " + connection.getResponseCode());
        }
    }
}
	import java.net.Authenticator;
	import java.net.HttpURLConnection;
	import java.net.PasswordAuthentication;
	import java.net.URL;

	public class AuthenticationLeakBugDemo
	{
	public static void main(String[] args) throws Exception
	{
	// User 1
	{
	System.out.println("Simulating user 1 coming in with proper authentication.");
	System.out.println("Expecting: 200");
	Authenticator.setDefault(new Authenticator()
	{
	@Override
	protected PasswordAuthentication getPasswordAuthentication()
	{
	return new PasswordAuthentication("a", "a".toCharArray());
	}
	});
	try
	{
	URL url = new URL("http://httpbin.org/basic-auth/a/a");
	HttpURLConnection connection = (HttpURLConnection) url.openConnection();
	System.out.println("Got: " + connection.getResponseCode());
	}
	finally
	{
	Authenticator.setDefault(null);
	}
	}

	// User 2
	{
	System.out.println("Simulating user 2 coming in with no authentication.");
	System.out.println("Expecting: 401");
	URL url = new URL("http://httpbin.org/basic-auth/a/a");
	HttpURLConnection connection = (HttpURLConnection) url.openConnection();
	System.out.println("Got: " + connection.getResponseCode());
	}
	}
	}