You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Dave R (JIRA)" <ji...@apache.org> on 2015/01/25 21:20:34 UTC
[jira] [Issue Comment Deleted] (HTTPCLIENT-1604) HttpClient fails
Basic Authentication when using RFC2617Scheme
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dave R updated HTTPCLIENT-1604:
-------------------------------
Comment: was deleted
(was: Here is a unit test demonstrating the issue :
package org.apache.http.impl.auth;
import org.apache.http.Header;
import org.apache.http.HttpRequest;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
import org.apache.http.message.BufferedHeader;
import org.apache.http.util.CharArrayBuffer;
import org.junit.Assert;
import org.junit.Test;
public class BasicAuthTests {
static class TestAuthScheme extends RFC2617Scheme {
private String schemeName = "test";
@Deprecated
public Header authenticate(
final Credentials credentials,
final HttpRequest request) throws AuthenticationException {
return null;
}
public void setSchemeName(String schemeName) {
this.schemeName = schemeName;
}
public String getSchemeName() {
return schemeName;
}
public boolean isComplete() {
return false;
}
public boolean isConnectionBased() {
return false;
}
}
/**
* fails with
* Malformed challenge: Authentication challenge is empty
*/
@Test
public void testBasicAuthWithBufferedHeader() throws Exception {
final TestAuthScheme authscheme = new TestAuthScheme();
authscheme.setSchemeName("basic");
CharArrayBuffer buffer = new CharArrayBuffer(23);
buffer.append("WWW-Authenticate: Basic");
final Header header = new BufferedHeader(buffer);
/* throws MalformedChallengeException even though basic auth challenge header is valid */
authscheme.processChallenge(header);
Assert.assertEquals("basic", authscheme.getSchemeName());
Assert.assertEquals("BASIC", authscheme.toString());
}
}
)
> HttpClient fails Basic Authentication when using RFC2617Scheme
> --------------------------------------------------------------
>
> Key: HTTPCLIENT-1604
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1604
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.3.6
> Reporter: Dave R
> Attachments: BasicAuthTests.java
>
>
> HttpClient fails to process Basic authentication with
> MalformedChallengeException - "HttpAuthenticator - Malformed challenge: Authentication challenge is empty"
> even though WWW auth header is valid ("WWW-Authenticate: Basic")
> AuthSchemeBase.processChallenge(final Header header)
> parses through the header, gets the value and checks that it matches the expected scheme name. (AuthSchemeBase: lines 100 through 125)
> It then calls parseChallenge(buffer, pos, buffer.length()) (line 127)
> In this scenario, pos is equal to buffer.length() because it was just used as the buffer index to find the beginning and end of the value (AuthSchemeBase: lines 114 to 121)
> parseChallenge() (overridden in RFC2617Scheme) uses pos as the begin index for a new cursor to be used to parse the header again. (RFC2617Scheme: line 108)
> Since pos is pointing to the end of the buffer, it doesn't find any elements and throws MalformedChallengeException("Authentication Challenge is empty")
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org