You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2013/10/29 21:15:25 UTC

[jira] [Commented] (CXF-5366) Authorization header is not set correctly in CXF HTTP digest authentication

    [ https://issues.apache.org/jira/browse/CXF-5366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13808390#comment-13808390 ] 

Daniel Kulp commented on CXF-5366:
----------------------------------

Do you have a patch for this?   Or at least a copy of your customized DigestAuthSupplier?  That would be  big help.



> Authorization header is not set correctly in CXF HTTP digest authentication 
> ----------------------------------------------------------------------------
>
>                 Key: CXF-5366
>                 URL: https://issues.apache.org/jira/browse/CXF-5366
>             Project: CXF
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.7.4, 2.7.5, 2.7.6, 2.7.7
>         Environment: Windows 7 64 bit, Java 1.6.0_29, CXF 2.7.4, calling MS Dynamics WS.
>            Reporter: Evgeny Shakin
>
> When performing the digest HTTP authentication the generated Authorization header is missing the "algorithm" element. Also if the algorithm is "MD5-sess" it should appear in the Authorization header as is and not as "MD5". To get around the issue it is possible to use a customized DigestAuthSupplier for the affected CXF versions. The result of WS invocation without "algorithm" in the Authorization header is 400-Bad request.
> The issue relates to versions of CXF 2.7.4 and later, earlier versions work fine.
> Sample request:
> POST /XXXXXXX HTTP/1.1
> Content-Type: text/xml; charset=UTF-8
> Accept: */*
> SOAPAction: "http://schemas.microsoft.com/dynamics/XXXXXXX"
> User-Agent: Apache CXF 2.7.4
> Cache-Control: no-cache
> Pragma: no-cache
> Host: XXXXX
> Connection: keep-alive
> Content-Length: 542
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body>XXXXX</soap:Body></soap:Envelope>
> POST /XXXXX HTTP/1.1
> Content-Type: text/xml; charset=UTF-8
> Accept: */*
> Authorization: Digest response="541f8d073f2be81deae8e2f1065725b2", cnonce="46f26ffb6cf32b66873bf6e5e955bae8", username="XXXXX", nc="00000001", nonce="+Upgraded+v126a0f6047dd70851ab2155a14d09d56aacd7cd4a87d1ce01d77d4709393a1585490f57bdd6026b2c339c1f27bc03f4e47400ad20e8208244", realm="Digest", qop="auth", uri="/XXXXXXX"
> SOAPAction: "http://schemas.microsoft.com/dynamics/XXXXXXX"
> User-Agent: Apache CXF 2.7.4
> Cache-Control: no-cache
> Pragma: no-cache
> Host: localhost:8887
> Connection: keep-alive
> Content-Length: 542
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body>XXXXXX</soap:Body></soap:Envelope>
> Sample response:
> HTTP/1.1 401 Unauthorized
> Content-Length: 0
> Server: Microsoft-HTTPAPI/2.0
> WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="+Upgraded+v126a0f6047dd70851ab2155a14d09d56af26b5ad2f0d3ce0169267269a2cfa168709705665fd13f9adf81235595c672ec1623b17e470ccaef",charset=utf-8,realm="Digest"
> Date: Mon, 28 Oct 2013 15:17:31 GMT
> HTTP/1.1 400 Bad Request
> Content-Length: 0
> Server: Microsoft-HTTPAPI/2.0
> Date: Mon, 28 Oct 2013 15:17:31 GMT



--
This message was sent by Atlassian JIRA
(v6.1#6144)