hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vijay <rnvi...@gmail.com>
Subject Re: DIGEST qop=auth Missing Double Quotes
Date Wed, 18 Jan 2006 20:13:35 GMT
Thanks Oleg. I will do this.

Thank You,
Vijay


On 1/18/06, Oleg Kalnichevski <olegk@apache.org> wrote:
>
> Vijay wrote:
> > Hi Oleg,
> >
> > Thanks. We are calling a vendor server, so we don't have Option 2.
> > Option 1 - I will ask them to open a ticket with IIS.
> >
> > I will try to implement Option 3, Custom Auth Scheme.  I initially
> > thought of extending Digest Scheme and just overriding the method
> > where I can set qop quotes. But it is calling some private methods. So
> > I guess I've to simply cut and paste the entire DigestScheme.java code
> > into my custom scheme. Right?
> >
>
> Hi Vijay,
>
> I am afraid so. Feel free, however, to open an enhancement request in
> Bugzilla to make DigestScheme easier to extend and customize.
>
> Oleg
>
>
> > Thanks
> > Vijay
> >
> > On 1/18/06, Oleg Kalnichevski <olegk@apache.org> wrote:
> >
> >>Vijay wrote:
> >>
> >>>I'm using DIGEST authentication mechanism and I'm seeing the following
> >>>issue.  The Authorization header generated doesn't have double quotes
> >>
> >>around
> >>
> >>>auth (qop=auth).
> >>>
> >>
> >>It does not have to. See RFC 2617
> >>
> >><quote>
> >>3.2.1 The WWW-Authenticate Response Header
> >>...
> >>qop-value         = "auth" | "auth-int" | token
> >>...
> >>3.2.2 The Authorization Request Header
> >>...
> >>message-qop      = "qop" "=" qop-value
> >></quote>
> >>
> >>>When I manually change it to qop="auth" and hard code the Authorization
> >>>request header, it works fine.
> >>>
> >>>Please let me know how I can fix it, any work around solutions? The
> Server
> >>>is IIS. Please help!
> >>>
> >>>Wire Log
> >>>
> >>><< "WWW-Authenticate: Digest qop="auth", realm="test.com",
> >>>
> >>
>
> >>nonce="48f059e3db3b986e198122200000c62661a27b6dcc97e444277010e5434d"[\r][\n]"
> >>
> >>>
> >>>>>"Authorization: Digest username="username", realm="test.com",
> >>>
> >>>nonce="48f059e3db3b986e198122200000c62661a27b6dcc97e444277010e5434d",
> >>>uri="/Ping.aspx", response="b59dbaee24548abd6c327e00c671c302",
> *qop=auth*,
> >>>nc=00000001, cnonce="87057e185a75a8cd9e65c24bba3f8e10"[\r][\n]"
> >>>
> >>>
> >>
> >>These are your options:
> >>(1) Report this bug to Microsoft IIS team and get them fix it
> >>(2) Migrate to a compliant HTTP server such as Apache HTTPD
> >>(3) Implement a custom AuthScheme
> >>
> >>Hope this helps
> >>
> >>Oleg
> >>
> >>
> >>>Thanks
> >>>
> >>>Vijay
> >>>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message