You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Dave R (JIRA)" <ji...@apache.org> on 2015/01/25 21:20:35 UTC

[jira] [Comment Edited] (HTTPCLIENT-1604) HttpClient fails Basic Authentication when using RFC2617Scheme

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14291251#comment-14291251 ] 

Dave R edited comment on HTTPCLIENT-1604 at 1/25/15 8:20 PM:
-------------------------------------------------------------

Unit test demonstrating the issue attached.


was (Author: _dave):
Unit test demonstrating the issue

> HttpClient fails Basic Authentication when using RFC2617Scheme
> --------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1604
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1604
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.3.6
>            Reporter: Dave R
>         Attachments: BasicAuthTests.java
>
>
> HttpClient fails to process Basic authentication with 
> MalformedChallengeException - "HttpAuthenticator - Malformed challenge: Authentication challenge is empty"
> even though WWW auth header is valid ("WWW-Authenticate: Basic")
> AuthSchemeBase.processChallenge(final Header header) 
> parses through the header, gets the value and checks that it matches the expected scheme name. (AuthSchemeBase: lines 100 through 125)
> It then calls parseChallenge(buffer, pos, buffer.length()) (line 127)
> In this scenario, pos is equal to buffer.length() because it was just used as the buffer index to find the beginning and end of the value (AuthSchemeBase: lines 114 to 121)
> parseChallenge() (overridden in RFC2617Scheme) uses pos as the begin index for a new cursor to be used to parse the header again. (RFC2617Scheme: line 108)
> Since pos is pointing to the end of the buffer, it doesn't find any elements and throws MalformedChallengeException("Authentication Challenge is empty")



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org