You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oltu.apache.org by "Dominik Schürmann (JIRA)" <ji...@apache.org> on 2013/05/16 14:07:15 UTC
[jira] [Updated] (OLTU-105) Android 4.1 expects "realm" as first
parameter in www-authenticate header
[ https://issues.apache.org/jira/browse/OLTU-105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dominik Schürmann updated OLTU-105:
-----------------------------------
Component/s: oauth2-resourceserver
> Android 4.1 expects "realm" as first parameter in www-authenticate header
> -------------------------------------------------------------------------
>
> Key: OLTU-105
> URL: https://issues.apache.org/jira/browse/OLTU-105
> Project: Apache Oltu
> Issue Type: Bug
> Components: oauth2-common, oauth2-resourceserver
> Affects Versions: 0.31
> Reporter: Dominik Schürmann
> Labels: android
>
> Using Apache Oltu for a Resource Server will not work correctly with Android 4.1:
> Android 4.1 changed java.libcore.net.http.HeaderParser.java and now expects "realm" as the first parameter in the www-authenticate header. If not it will throw an IOException.
> See parseChallenges in https://android.googlesource.com/platform/libcore/+/android-4.1.2_r2/luni/src/main/java/libcore/net/http/HeaderParser.java
> More information: http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c
> To fix this I changed OAuthUtils in common package:
> /**
> * Construct a WWW-Authenticate header
> */
> public static String encodeOAuthHeader(Map<String, Object> entries) {
> StringBuffer sb = new StringBuffer();
> sb.append(OAuth.OAUTH_HEADER_NAME).append(" ");
> /*
> * Android 4.1 requires realm as first parameter!
> * If not set, it will throw an IOException
> * see java.libcore.net.http.HeaderParser.java in Android 4.1 tree
> * more information:
> * http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c
> */
> if (entries.get("realm") != null) {
> String value = String.valueOf(entries.get("realm"));
> if (!OAuthUtils.isEmpty(value)) {
> sb.append("realm=\"");
> sb.append(value);
> sb.append("\",");
> }
> entries.remove("realm");
> }
> for (Map.Entry<String, Object> entry : entries.entrySet()) {
> String value = entry.getValue() == null? null: String.valueOf(entry.getValue());
> if (!OAuthUtils.isEmpty(entry.getKey()) && !OAuthUtils.isEmpty(value)) {
> sb.append(entry.getKey());
> sb.append("=\"");
> sb.append(value);
> sb.append("\",");
> }
> }
> return sb.substring(0, sb.length() - 1);
> }
> And the corresponding test OAuthUtilsTest:
> @Test
> public void testEncodeOAuthHeader() throws Exception {
> Map<String, Object> entries = new HashMap<String, Object>();
> entries.put("realm", "Some Example Realm");
> entries.put("error", "invalid_token");
> String header = OAuthUtils.encodeOAuthHeader(entries);
> assertEquals("Bearer realm=\"Some Example Realm\",error=\"invalid_token\"", header);
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira