You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Peter Darton (JIRA)" <ji...@apache.org> on 2005/12/02 11:26:31 UTC
[jira] Created: (JCR-286) Error in jcr-server Webdav HTTP header - DAV Explorer won't log in
Error in jcr-server Webdav HTTP header - DAV Explorer won't log in
------------------------------------------------------------------
Key: JCR-286
URL: http://issues.apache.org/jira/browse/JCR-286
Project: Jackrabbit
Type: Bug
Reporter: Peter Darton
Priority: Minor
At present, DAV Explorer won't log in to the JCR WebDav servlet - it doesn't even ask for a username & password. (Neither the Microsoft WinXP WebDAV & Novell's NetDrive were as fussy and were happy to log in)
Using Ethereal, I compared the traffic for a valid Slide WebDav login compared to a JCR WebDav login.
I've now found and fixed the problem on my local build, and I've now got DAV Explorer to work with JCR Webdav. Here's a description of the bugfix:
In jackrabbit/contrib/jcr-server/server/src/java/org/apache/jackrabbit/server/AbstractWebdavServlet.java, there is a public static final String DEFAULT_AUTHENTICATE_HEADER.
This is currently set to "Basic Realm=Jackrabbit Webdav Server".
This is not a valid string for use in this context as it is in breach of RFC2617 for 2 reasons:
1) "Realm" should be "realm"
2) "Jackrabbit Webdav Server" should be in quotes, i.e. "\"Jackrabbit Webdav Server\""
According to http://www.ietf.org/rfc/rfc2617.txt, a valid challenge would be:
WWW-Authenticate: Basic realm="WallyWorld"
Note that "realm" is not capitalised and "WallyWorld" has been enclosed in quotes (the "WWW-Authenticate: " string is held elsewhere in the Java code and is correct)
In other words, AbstractWebdavServlet.java line 82, which currently reads:
public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic Realm=Jackrabbit Webdav Server";
should be changed to read
public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic realm=\"Jackrabbit Webdav Server\"";
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Closed: (JCR-286) Jcr-Server: Invalid value for HTTP auth header
Posted by "angela (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/JCR-286?page=all ]
angela closed JCR-286:
----------------------
> Jcr-Server: Invalid value for HTTP auth header
> ----------------------------------------------
>
> Key: JCR-286
> URL: http://issues.apache.org/jira/browse/JCR-286
> Project: Jackrabbit
> Type: Bug
> Reporter: Peter Darton
> Assignee: angela
> Priority: Minor
>
> At present, DAV Explorer won't log in to the JCR WebDav servlet - it doesn't even ask for a username & password. (Neither the Microsoft WinXP WebDAV & Novell's NetDrive were as fussy and were happy to log in)
> Using Ethereal, I compared the traffic for a valid Slide WebDav login compared to a JCR WebDav login.
> I've now found and fixed the problem on my local build, and I've now got DAV Explorer to work with JCR Webdav. Here's a description of the bugfix:
> In jackrabbit/contrib/jcr-server/server/src/java/org/apache/jackrabbit/server/AbstractWebdavServlet.java, there is a public static final String DEFAULT_AUTHENTICATE_HEADER.
> This is currently set to "Basic Realm=Jackrabbit Webdav Server".
> This is not a valid string for use in this context as it is in breach of RFC2617 for 2 reasons:
> 1) "Realm" should be "realm"
> 2) "Jackrabbit Webdav Server" should be in quotes, i.e. "\"Jackrabbit Webdav Server\""
> According to http://www.ietf.org/rfc/rfc2617.txt, a valid challenge would be:
> WWW-Authenticate: Basic realm="WallyWorld"
> Note that "realm" is not capitalised and "WallyWorld" has been enclosed in quotes (the "WWW-Authenticate: " string is held elsewhere in the Java code and is correct)
> In other words, AbstractWebdavServlet.java line 82, which currently reads:
> public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic Realm=Jackrabbit Webdav Server";
> should be changed to read
> public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic realm=\"Jackrabbit Webdav Server\"";
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (JCR-286) Jcr-Server: Invalid value for HTTP auth header
Posted by "angela (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/JCR-286?page=all ]
angela updated JCR-286:
-----------------------
Summary: Jcr-Server: Invalid value for HTTP auth header (was: Error in jcr-server Webdav HTTP header - DAV Explorer won't log in)
> Jcr-Server: Invalid value for HTTP auth header
> ----------------------------------------------
>
> Key: JCR-286
> URL: http://issues.apache.org/jira/browse/JCR-286
> Project: Jackrabbit
> Type: Bug
> Reporter: Peter Darton
> Assignee: angela
> Priority: Minor
>
> At present, DAV Explorer won't log in to the JCR WebDav servlet - it doesn't even ask for a username & password. (Neither the Microsoft WinXP WebDAV & Novell's NetDrive were as fussy and were happy to log in)
> Using Ethereal, I compared the traffic for a valid Slide WebDav login compared to a JCR WebDav login.
> I've now found and fixed the problem on my local build, and I've now got DAV Explorer to work with JCR Webdav. Here's a description of the bugfix:
> In jackrabbit/contrib/jcr-server/server/src/java/org/apache/jackrabbit/server/AbstractWebdavServlet.java, there is a public static final String DEFAULT_AUTHENTICATE_HEADER.
> This is currently set to "Basic Realm=Jackrabbit Webdav Server".
> This is not a valid string for use in this context as it is in breach of RFC2617 for 2 reasons:
> 1) "Realm" should be "realm"
> 2) "Jackrabbit Webdav Server" should be in quotes, i.e. "\"Jackrabbit Webdav Server\""
> According to http://www.ietf.org/rfc/rfc2617.txt, a valid challenge would be:
> WWW-Authenticate: Basic realm="WallyWorld"
> Note that "realm" is not capitalised and "WallyWorld" has been enclosed in quotes (the "WWW-Authenticate: " string is held elsewhere in the Java code and is correct)
> In other words, AbstractWebdavServlet.java line 82, which currently reads:
> public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic Realm=Jackrabbit Webdav Server";
> should be changed to read
> public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic realm=\"Jackrabbit Webdav Server\"";
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Assigned: (JCR-286) Error in jcr-server Webdav HTTP header - DAV Explorer won't log in
Posted by "angela (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/JCR-286?page=all ]
angela reassigned JCR-286:
--------------------------
Assign To: angela
> Error in jcr-server Webdav HTTP header - DAV Explorer won't log in
> ------------------------------------------------------------------
>
> Key: JCR-286
> URL: http://issues.apache.org/jira/browse/JCR-286
> Project: Jackrabbit
> Type: Bug
> Reporter: Peter Darton
> Assignee: angela
> Priority: Minor
>
> At present, DAV Explorer won't log in to the JCR WebDav servlet - it doesn't even ask for a username & password. (Neither the Microsoft WinXP WebDAV & Novell's NetDrive were as fussy and were happy to log in)
> Using Ethereal, I compared the traffic for a valid Slide WebDav login compared to a JCR WebDav login.
> I've now found and fixed the problem on my local build, and I've now got DAV Explorer to work with JCR Webdav. Here's a description of the bugfix:
> In jackrabbit/contrib/jcr-server/server/src/java/org/apache/jackrabbit/server/AbstractWebdavServlet.java, there is a public static final String DEFAULT_AUTHENTICATE_HEADER.
> This is currently set to "Basic Realm=Jackrabbit Webdav Server".
> This is not a valid string for use in this context as it is in breach of RFC2617 for 2 reasons:
> 1) "Realm" should be "realm"
> 2) "Jackrabbit Webdav Server" should be in quotes, i.e. "\"Jackrabbit Webdav Server\""
> According to http://www.ietf.org/rfc/rfc2617.txt, a valid challenge would be:
> WWW-Authenticate: Basic realm="WallyWorld"
> Note that "realm" is not capitalised and "WallyWorld" has been enclosed in quotes (the "WWW-Authenticate: " string is held elsewhere in the Java code and is correct)
> In other words, AbstractWebdavServlet.java line 82, which currently reads:
> public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic Realm=Jackrabbit Webdav Server";
> should be changed to read
> public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic realm=\"Jackrabbit Webdav Server\"";
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Resolved: (JCR-286) Jcr-Server: Invalid value for HTTP auth header
Posted by "angela (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/JCR-286?page=all ]
angela resolved JCR-286:
------------------------
Resolution: Fixed
rev: 351682
> Jcr-Server: Invalid value for HTTP auth header
> ----------------------------------------------
>
> Key: JCR-286
> URL: http://issues.apache.org/jira/browse/JCR-286
> Project: Jackrabbit
> Type: Bug
> Reporter: Peter Darton
> Assignee: angela
> Priority: Minor
>
> At present, DAV Explorer won't log in to the JCR WebDav servlet - it doesn't even ask for a username & password. (Neither the Microsoft WinXP WebDAV & Novell's NetDrive were as fussy and were happy to log in)
> Using Ethereal, I compared the traffic for a valid Slide WebDav login compared to a JCR WebDav login.
> I've now found and fixed the problem on my local build, and I've now got DAV Explorer to work with JCR Webdav. Here's a description of the bugfix:
> In jackrabbit/contrib/jcr-server/server/src/java/org/apache/jackrabbit/server/AbstractWebdavServlet.java, there is a public static final String DEFAULT_AUTHENTICATE_HEADER.
> This is currently set to "Basic Realm=Jackrabbit Webdav Server".
> This is not a valid string for use in this context as it is in breach of RFC2617 for 2 reasons:
> 1) "Realm" should be "realm"
> 2) "Jackrabbit Webdav Server" should be in quotes, i.e. "\"Jackrabbit Webdav Server\""
> According to http://www.ietf.org/rfc/rfc2617.txt, a valid challenge would be:
> WWW-Authenticate: Basic realm="WallyWorld"
> Note that "realm" is not capitalised and "WallyWorld" has been enclosed in quotes (the "WWW-Authenticate: " string is held elsewhere in the Java code and is correct)
> In other words, AbstractWebdavServlet.java line 82, which currently reads:
> public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic Realm=Jackrabbit Webdav Server";
> should be changed to read
> public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic realm=\"Jackrabbit Webdav Server\"";
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira