You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Dave R (JIRA)" <ji...@apache.org> on 2015/01/25 21:17:34 UTC

[jira] [Created] (HTTPCLIENT-1604) HttpClient fails Basic Authentication when using RFC2617Scheme

Dave R created HTTPCLIENT-1604:
----------------------------------

             Summary: HttpClient fails Basic Authentication when using RFC2617Scheme
                 Key: HTTPCLIENT-1604
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1604
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.3.6
            Reporter: Dave R


HttpClient fails to process Basic authentication with 
MalformedChallengeException - "HttpAuthenticator - Malformed challenge: Authentication challenge is empty"
even though WWW auth header is valid ("WWW-Authenticate: Basic")


AuthSchemeBase.processChallenge(final Header header) 
parses through the header, gets the value and checks that it matches the expected scheme name. (AuthSchemeBase: lines 100 through 125)

It then calls parseChallenge(buffer, pos, buffer.length()) (line 127)

In this scenario, pos is equal to buffer.length() because it was just used as the buffer index to find the beginning and end of the value (AuthSchemeBase: lines 114 to 121)

parseChallenge() (overridden in RFC2617Scheme) uses pos as the begin index for a new cursor to be used to parse the header again. (RFC2617Scheme: line 108)
Since pos is pointing to the end of the buffer, it doesn't find any elements and throws MalformedChallengeException("Authentication Challenge is empty")




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org