Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A66CE1098B for ; Fri, 21 Mar 2014 19:45:54 +0000 (UTC) Received: (qmail 68067 invoked by uid 500); 21 Mar 2014 19:45:49 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 67971 invoked by uid 500); 21 Mar 2014 19:45:47 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 67937 invoked by uid 99); 21 Mar 2014 19:45:46 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Mar 2014 19:45:46 +0000 Date: Fri, 21 Mar 2014 19:45:46 +0000 (UTC) From: "bitfire (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (HTTPCLIENT-1489) Multiple, comma-separated challenges in WWW-Authenticate are not recognized MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 bitfire created HTTPCLIENT-1489: ----------------------------------- Summary: Multiple, comma-separated challenges in WWW-Authentic= ate are not recognized Key: HTTPCLIENT-1489 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1489 Project: HttpComponents HttpClient Issue Type: Bug Components: HttpClient Affects Versions: 4.3.3 Reporter: bitfire As per RFC 2616, WWW-Authenticate may contain more than one challenge: =C2=BBUser agents are advised to take special care in parsing the WWW- Auth= enticate field value as it might contain more than one challenge, or if mor= e than one WWW-Authenticate header field is provided, the contents of a cha= llenge itself can contain a comma-separated list of authentication paramete= rs.=C2=AB [https://tools.ietf.org/html/rfc2616#section-14.47] For instance, https://contacts.icloud.com returns such a WWW-Authenticate h= eader: > GET / HTTP/1.1 > Host: contacts.icloud.com > Accept: */* >=20 < HTTP/1.1 401 Unauthorized < ... < WWW-Authenticate: X-MobileMe-AuthToken realm=3D"Newcastle", Basic realm= =3D"Newcastle" The X-MobileMe-AuthToken challenge is recognized by HttpClient, but the Bas= ic challenge is not. HttpClient logs when sending a GET request to https://= contacts.icloud.com: [DEBUG] headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized [DEBUG] headers - http-outgoing-0 << Date: Fri, 21 Mar 2014 19:20:14 GMT [DEBUG] headers - http-outgoing-0 << X-Apple-Request-UUID: d1d0aa7d-d651-4d= a2-be9f-595f1619db85 [DEBUG] headers - http-outgoing-0 << X-Responding-Instance: carddav:1210070= 1:st13p21ic-quav11230703:8001:14B52:125783 [DEBUG] headers - http-outgoing-0 << WWW-Authenticate: X-MobileMe-AuthToken= realm=3D"Newcastle", Basic realm=3D"Newcastle" [DEBUG] headers - http-outgoing-0 << Content-Length: 0 [DEBUG] MainClientExec - Connection can be kept alive indefinitely [DEBUG] HttpAuthenticator - Authentication required [DEBUG] HttpAuthenticator - contacts.icloud.com:443 requested authenticatio= n [INFO] TargetAuthenticationStrategy - GOT Auth header: X-MobileMe-AuthToken= realm=3D"Newcastle", Basic realm=3D"Newcastle" [DEBUG] TargetAuthenticationStrategy - Authentication schemes in the order = of preference: [negotiate, Kerberos, NTLM, Digest, Basic] [DEBUG] TargetAuthenticationStrategy - Challenge for negotiate authenticati= on scheme not available [DEBUG] TargetAuthenticationStrategy - Challenge for Kerberos authenticatio= n scheme not available [DEBUG] TargetAuthenticationStrategy - Challenge for NTLM authentication sc= heme not available [DEBUG] TargetAuthenticationStrategy - Challenge for Digest authentication = scheme not available [DEBUG] TargetAuthenticationStrategy - Challenge for Basic authentication s= cheme not available The Basic auth scheme is NOT recognized! Reason: org.apache.http.impl.client.AuthenticationStrategyImpl:getChallenge= s iterates through the WWW-Authenticate HEADERS but doesn't take account th= at a single header may contain multiple challenges. How to fix: Split and prase the WWW-Authenticate header correctly in org.apache.http.im= pl.client.AuthenticationStrategyImpl:getChallenges=20 -- This message was sent by Atlassian JIRA (v6.2#6252) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org