cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luis Rodriguez Berzosa (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-5292) Digest authentication against intermediate HTTP proxy fails when endpoint server does not use digest authentication as well
Date Fri, 20 Sep 2013 11:16:52 GMT

     [ https://issues.apache.org/jira/browse/CXF-5292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Luis Rodriguez Berzosa updated CXF-5292:
----------------------------------------

    Attachment: StackTrace.log
    
> Digest authentication against intermediate HTTP proxy fails when endpoint server does
not use digest authentication as well
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-5292
>                 URL: https://issues.apache.org/jira/browse/CXF-5292
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 2.7.6
>            Reporter: Luis Rodriguez Berzosa
>            Priority: Minor
>              Labels: authentication, digest, proxy, transport
>         Attachments: StackTrace.log
>
>
> When using no endpoint authentication but digest authentication in intermediate HTTP
proxy, the HTTPConduit throws an exception (attached).
> After some debugging, it seems to be a bug in the following code in the org.apache.cxf.transport.http.HTTPConduit
class:
>     /**
>      * This call places HTTP Header strings into the headers that are relevant
>      * to the Authorization policies that are set on this conduit by
>      * configuration.
>      * <p> 
>      * An AuthorizationPolicy may also be set on the message. If so, those
>      * policies are merged. A user name or password set on the messsage 
>      * overrides settings in the AuthorizationPolicy is retrieved from the
>      * configuration.
>      * <p>
>      * The precedence is as follows:
>      * 1. AuthorizationPolicy that is set on the Message, if exists.
>      * 2. Authorization from AuthSupplier, if exists.
>      * 3. AuthorizationPolicy set/configured for conduit.
>      * 
>      * REVISIT: Since the AuthorizationPolicy is set on the message by class, then
>      * how does one override the ProxyAuthorizationPolicy which is the same 
>      * type?
>      * 
>      * @param message
>      * @param headers
>      */
>     private void setHeadersByAuthorizationPolicy(
>             Message message,
>             URL url
>     ) {
>         Headers headers = new Headers(message);
>         AuthorizationPolicy effectiveAuthPolicy = getEffectiveAuthPolicy(message);
>         String authString = authSupplier.getAuthorization(effectiveAuthPolicy, url, message,
null);
>         if (authString != null) {
>             headers.setAuthorization(authString);
>         }
>         
>         String proxyAuthString = authSupplier.getAuthorization(proxyAuthorizationPolicy,

>                                                                url, message, null);
>         if (proxyAuthString != null) {
>             headers.setProxyAuthorization(proxyAuthString);
>         }
>     }
> I think that the correct code should be:
> String proxyAuthString = proxyAuthSupplier.getAuthorization(proxyAuthorizationPolicy,
url, message, null);
> With basic authentication for HTTP proxy, it works (luckily) as the authSupplier registered
by default is the DefaultBasicAuthSupplier.
> If the final endpoint is configured to use Digest authentication, it also works due to
the fact that both proxy and endpoint authentication scheme is "artificially shared".
> Anyway, I do not understand what the 
> * REVISIT: Since the AuthorizationPolicy is set on the message by class, then
> * how does one override the ProxyAuthorizationPolicy which is the same 
> * type?
> in the method javadoc means...

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message