From a572756592c969affd0ce87885724e74839176fb Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Fri, 25 Feb 2011 11:19:23 +0000
Subject: [PATCH] HTTPCLIENT-1061: Proxy-Authorization header gets sent to the
 target host when tunneling requests through a proxy that requires
 authentication

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1074473 13f79535-47bb-0310-9956-ffa450edef68
---
 RELEASE_NOTES.txt                                      |  4 ++++
 .../client/protocol/RequestProxyAuthentication.java    | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 38eca1dd1d..de0a9a4de2 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -1,5 +1,9 @@
 Changes since 4.1
 
+* [HTTPCLIENT-1061] Fixed critical bug causing Proxy-Authorization header to be sent to the target
+  host when tunneling requests through a proxy server that requires authentication.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
 * [HTTPCLIENT-1056] Fixed bug causing the RequestAuthCache protocol interceptor to generate
   an invalid AuthScope instance when looking up user credentials for preemptive authentication. 
   Contributed by Oleg Kalnichevski <olegk at apache.org>
diff --git a/httpclient/src/main/java/org/apache/http/client/protocol/RequestProxyAuthentication.java b/httpclient/src/main/java/org/apache/http/client/protocol/RequestProxyAuthentication.java
index 1105e37fb2..659faf50bc 100644
--- a/httpclient/src/main/java/org/apache/http/client/protocol/RequestProxyAuthentication.java
+++ b/httpclient/src/main/java/org/apache/http/client/protocol/RequestProxyAuthentication.java
@@ -43,6 +43,9 @@
 import org.apache.http.auth.AuthenticationException;
 import org.apache.http.auth.ContextAwareAuthScheme;
 import org.apache.http.auth.Credentials;
+import org.apache.http.conn.HttpRoutedConnection;
+import org.apache.http.conn.routing.HttpRoute;
+import org.apache.http.protocol.ExecutionContext;
 import org.apache.http.protocol.HttpContext;
 
 /**
@@ -74,6 +77,13 @@ public void process(final HttpRequest request, final HttpContext context)
             return;
         }
 
+        HttpRoutedConnection conn = (HttpRoutedConnection) context.getAttribute(
+                ExecutionContext.HTTP_CONNECTION);
+        HttpRoute route = conn.getRoute();
+        if (route.isTunnelled()) {
+            return;
+        }
+
         // Obtain authentication state
         AuthState authState = (AuthState) context.getAttribute(
                 ClientContext.PROXY_AUTH_STATE);