Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 35306104B9 for ; Sat, 22 Mar 2014 14:17:48 +0000 (UTC) Received: (qmail 98272 invoked by uid 500); 22 Mar 2014 14:17:47 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 97883 invoked by uid 500); 22 Mar 2014 14:17:45 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 97844 invoked by uid 99); 22 Mar 2014 14:17:42 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 22 Mar 2014 14:17:42 +0000 Date: Sat, 22 Mar 2014 14:17:42 +0000 (UTC) From: "Oleg Kalnichevski (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HTTPCLIENT-1489) Multiple, comma-separated challenges in WWW-Authenticate are not recognized MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCLIENT-1489?page=3Dcom.atla= ssian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId= =3D13944084#comment-13944084 ]=20 Oleg Kalnichevski commented on HTTPCLIENT-1489: ----------------------------------------------- bq. I don't think it will be that hard because challenge parameters must ha= ve an "=3D" sign Really? Tell it to those people at Microsoft who developed NTLM auth scheme= . If you contribute a better parser I'll happily include it in 4.3. Oleg > Multiple, comma-separated challenges in WWW-Authenticate are not recogniz= ed > -------------------------------------------------------------------------= -- > > Key: HTTPCLIENT-1489 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-148= 9 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient > Affects Versions: 4.3.3 > Reporter: bitfire > Labels: authentication, parsing > Fix For: 4.4 Final > > > As per RFC 2616, WWW-Authenticate may contain more than one challenge: > =C2=BBUser agents are advised to take special care in parsing the WWW- Au= thenticate field value as it might contain more than one challenge, or if m= ore than one WWW-Authenticate header field is provided, the contents of a c= hallenge itself can contain a comma-separated list of authentication parame= ters.=C2=AB [https://tools.ietf.org/html/rfc2616#section-14.47] > For instance, https://contacts.icloud.com returns such a WWW-Authenticate= header: > > GET / HTTP/1.1 > > Host: contacts.icloud.com > > Accept: */* > >=20 > < HTTP/1.1 401 Unauthorized > < ... > < WWW-Authenticate: X-MobileMe-AuthToken realm=3D"Newcastle", Basic realm= =3D"Newcastle" > The X-MobileMe-AuthToken challenge is recognized by HttpClient, but the B= asic challenge is not. HttpClient logs when sending a GET request to https:= //contacts.icloud.com: > [DEBUG] headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized > [DEBUG] headers - http-outgoing-0 << Date: Fri, 21 Mar 2014 19:20:14 GMT > [DEBUG] headers - http-outgoing-0 << X-Apple-Request-UUID: d1d0aa7d-d651-= 4da2-be9f-595f1619db85 > [DEBUG] headers - http-outgoing-0 << X-Responding-Instance: carddav:12100= 701:st13p21ic-quav11230703:8001:14B52:125783 > [DEBUG] headers - http-outgoing-0 << WWW-Authenticate: X-MobileMe-AuthTok= en realm=3D"Newcastle", Basic realm=3D"Newcastle" > [DEBUG] headers - http-outgoing-0 << Content-Length: 0 > [DEBUG] MainClientExec - Connection can be kept alive indefinitely > [DEBUG] HttpAuthenticator - Authentication required > [DEBUG] HttpAuthenticator - contacts.icloud.com:443 requested authenticat= ion > [INFO] TargetAuthenticationStrategy - GOT Auth header: X-MobileMe-AuthTok= en realm=3D"Newcastle", Basic realm=3D"Newcastle" > [DEBUG] TargetAuthenticationStrategy - Authentication schemes in the orde= r of preference: [negotiate, Kerberos, NTLM, Digest, Basic] > [DEBUG] TargetAuthenticationStrategy - Challenge for negotiate authentica= tion scheme not available > [DEBUG] TargetAuthenticationStrategy - Challenge for Kerberos authenticat= ion scheme not available > [DEBUG] TargetAuthenticationStrategy - Challenge for NTLM authentication = scheme not available > [DEBUG] TargetAuthenticationStrategy - Challenge for Digest authenticatio= n scheme not available > [DEBUG] TargetAuthenticationStrategy - Challenge for Basic authentication= scheme not available > The Basic auth challenge is NOT recognized! > Reason: org.apache.http.impl.client.AuthenticationStrategyImpl:getChallen= ges iterates through the WWW-Authenticate HEADERS but doesn't take account = that a single header may contain multiple challenges. > How to fix: > Split and parse the WWW-Authenticate header correctly in org.apache.http.= impl.client.AuthenticationStrategyImpl:getChallenges=20 -- This message was sent by Atlassian JIRA (v6.2#6252) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org