cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Silvan Hollenstein (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-7170) Support Multiple WWW-Authenticate Headers
Date Thu, 08 Dec 2016 14:49:58 GMT
Silvan Hollenstein created CXF-7170:
---------------------------------------

             Summary: Support Multiple WWW-Authenticate Headers
                 Key: CXF-7170
                 URL: https://issues.apache.org/jira/browse/CXF-7170
             Project: CXF
          Issue Type: Bug
          Components: Transports
    Affects Versions: 3.1.8
            Reporter: Silvan Hollenstein


When the authorization type "Digest" is chosen, and the server responds with a 401 and multiple
WWW-Authenticate headers, this will most probably lead to an error.

Define Digest to be your authentication method:
...
AuthorizationPolicy authPolicy = new AuthorizationPolicy();
authPolicy.setAuthorizationType("Digest");
...

The HTTPConduit will then create a DigestAuthSupplier. In... 

DigestAuthSupplier.getAuthorization(...) {
...
HttpAuthHeader authHeader = new HttpAuthHeader(fullHeader);
 if (authHeader.authTypeIsDigest()) {
...
}
}

the authHeader will have the "Basic", because it is the first in fullHeader. But this does
not match of course with authHeader.authTypeIsDigest(), and then it will return null.

The actual wrong thing is, imo, that the fullHeader is concatenated, instead of choosing the
one auth header that matches the method we have defined.

Furthermore, it would be nice when the suppliers were chosen automatically, based on what
authentication methods the server offers.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message