diff --git a/httpclient5-cache/src/main/java/org/apache/hc/client5/http/impl/cache/ResponseCachingPolicy.java b/httpclient5-cache/src/main/java/org/apache/hc/client5/http/impl/cache/ResponseCachingPolicy.java index e18aef36e8..9672fe2dcc 100644 --- a/httpclient5-cache/src/main/java/org/apache/hc/client5/http/impl/cache/ResponseCachingPolicy.java +++ b/httpclient5-cache/src/main/java/org/apache/hc/client5/http/impl/cache/ResponseCachingPolicy.java @@ -145,7 +145,7 @@ public boolean isResponseCacheable(final ResponseCacheControl cacheControl, fina if (sharedCache) { if (request.containsHeader(HttpHeaders.AUTHORIZATION) && cacheControl.getSharedMaxAge() == -1 && - !cacheControl.isPublic()) { + !(cacheControl.isPublic() || cacheControl.isMustRevalidate())) { LOG.debug("Request contains private credentials"); return false; } diff --git a/httpclient5-cache/src/test/java/org/apache/hc/client5/http/impl/cache/TestResponseCachingPolicy.java b/httpclient5-cache/src/test/java/org/apache/hc/client5/http/impl/cache/TestResponseCachingPolicy.java index d87debe50c..bdddf7cfeb 100644 --- a/httpclient5-cache/src/test/java/org/apache/hc/client5/http/impl/cache/TestResponseCachingPolicy.java +++ b/httpclient5-cache/src/test/java/org/apache/hc/client5/http/impl/cache/TestResponseCachingPolicy.java @@ -944,4 +944,60 @@ void testImmutableAndFreshResponseIsCacheable() { Assertions.assertTrue(policy.isResponseCacheable(responseCacheControl, request, response)); } + + @Test + void testPublicWithAuthorizationIsCacheable() { + request = new BasicHttpRequest("GET", "/resource"); + request.setHeader(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd2Q="); + response.setHeader("Cache-Control", "public"); + responseCacheControl = ResponseCacheControl.builder() + .setCachePublic(true) + .build(); + + final boolean isCacheable = policy.isResponseCacheable(responseCacheControl, request, response); + Assertions.assertTrue(isCacheable, + "Response with public directive and Authorization header should be cacheable in shared cache."); + } + + @Test + void testSMaxageWithAuthorizationIsCacheable() { + request = new BasicHttpRequest("GET", "/resource"); + request.setHeader(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd2Q="); + response.setHeader("Cache-Control", "s-maxage=60"); + responseCacheControl = ResponseCacheControl.builder() + .setSharedMaxAge(60) + .build(); + + final boolean isCacheable = policy.isResponseCacheable(responseCacheControl, request, response); + Assertions.assertTrue(isCacheable, + "Response with s-maxage and Authorization header should be cacheable in shared cache."); + } + + @Test + void testNoDirectivesWithAuthorizationNotCacheable() { + request = new BasicHttpRequest("GET", "/resource"); + request.setHeader(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd2Q="); + response.setHeader("Cache-Control", ""); + responseCacheControl = ResponseCacheControl.builder() + .build(); + + final boolean isCacheable = policy.isResponseCacheable(responseCacheControl, request, response); + Assertions.assertFalse(isCacheable, + "Response without must-revalidate, public, or s-maxage should not be cacheable with Authorization header."); + } + + @Test + void testMustRevalidateWithAuthorizationIsCacheable() { + request = new BasicHttpRequest("GET", "/resource"); + request.setHeader(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd2Q="); + response.setHeader("Cache-Control", "must-revalidate"); + responseCacheControl = ResponseCacheControl.builder() + .setMustRevalidate(true) + .build(); + + final boolean isCacheable = policy.isResponseCacheable(responseCacheControl, request, response); + Assertions.assertTrue(isCacheable, + "Response with must-revalidate and Authorization header should be cacheable in shared cache."); + } + } \ No newline at end of file