cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-4318) OAuthRequestFilter generates an empty WWW-Authenticate header
Date Tue, 15 May 2012 20:39:09 GMT

     [ https://issues.apache.org/jira/browse/CXF-4318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergey Beryozkin resolved CXF-4318.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.6.1
         Assignee: Sergey Beryozkin

only 401 is returned when no challenges are available, see

http://svn.apache.org/viewvc?rev=1338879&view=rev
                
> OAuthRequestFilter generates an empty WWW-Authenticate header
> -------------------------------------------------------------
>
>                 Key: CXF-4318
>                 URL: https://issues.apache.org/jira/browse/CXF-4318
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 2.6
>            Reporter: Jordi Torrente
>            Assignee: Sergey Beryozkin
>              Labels: oauth2
>             Fix For: 2.6.1
>
>
> When using OAuthRequestFilter to protect a resource if we don't set any member for its
"tokenHandlers" list, a request without an "Authorization" header will generate a response
like:
> Response-Code: 401
> Content-Type: text/xml
> Headers: {WWW-Authenticate=[], Date=[Tue, 15 May 2012 15:27:43 GMT], Content-Length=[0]}
> And when trying to process it at the client layer a "java.lang.IllegalArgumentException"
will be thrown:
> URL uri = new URL("http://SomeFilteredResource");
> HttpURLConnection conn = (HttpURLConnection)uri.openConnection();
> int code = conn.getResponseCode();
> Receives:
> java.lang.RuntimeException: java.lang.IllegalArgumentException: invalid start or end
> 	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1137)
> 	at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:2338)
> 	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:388)
> 	
> I suppose the reason could be the empty "WWW-Authenticate" header's value, so the method
AuthorizationUtils.throwAuthorizationFailure() should be fixed to avoid this situation
> Regards

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message