hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sander Smith (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1532) Android Basic Authentication - the failure case
Date Wed, 30 Jul 2014 15:13:39 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14079355#comment-14079355
] 

Sander Smith commented on HTTPCLIENT-1532:
------------------------------------------

After conferring with Oleg, we found that the problem is in the Android port in the BasicSchemeHC4
class. When Base64 encoding is being used, we should use Base64.NO_WRAP instead of Base64.DEFAULT.
This will suppress the unnecessary LF that's added onto the Base64 string.

I've modified my version locally, and have verified that this fixes the problem.

> Android Basic Authentication - the failure case
> -----------------------------------------------
>
>                 Key: HTTPCLIENT-1532
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1532
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: Android Port
>    Affects Versions: 4.3.3
>         Environment: HttpClient library on Android
>            Reporter: Sander Smith
>             Fix For: 4.3.5
>
>
> I'm writing an Android app and am using the HttpClient library for Android for all of
the communication to the outside world. I've also taken  the guts of the app and written a
Java main so that I can run from the command line using the regular library.
> Everything runs beautifully except for one thing: I need to do Basic Authentication,
and the two platforms, Android and CLI react differently in the failure case. If Basic Authentication
succeeds (e.g. the correct password is used) things run fine. However, in the case where an
incorrect password is used I get a 401 on CLI (correct), but with the Android library I'm
getting an exception thrown.
> I've debugged enough to watch what goes over the wire. 
> When I run CLI I see this:
>  http-outgoing-4 >> "GET / HTTP/1.1[\r][\n]"
>  http-outgoing-4 >> "User-Agent: xxx"
>  http-outgoing-4 >> "Host: 192.168.1.1[\r][\n]"
>  http-outgoing-4 >> "Connection: Keep-Alive[\r][\n]"
>  http-outgoing-4 >> "Accept-Encoding: gzip,deflate[\r][\n]"
>  http-outgoing-4 >> "Authorization: Basic YWRtaW46YWRtaW4=[\r][\n]"
>  http-outgoing-4 >> "[\r][\n]"
>  http-outgoing-4 << "HTTP/1.0 401 Unauthorized[\r][\n]"
> Running on Android shows this:
>  http-outgoing-4 >> "GET / HTTP/1.1[\r][\n]"
>  http-outgoing-4 >> "User-Agent: xxx"
>  http-outgoing-4 >> "Host: 192.168.1.1[\r][\n]"
>  http-outgoing-4 >> "Connection: Keep-Alive[\r][\n]"
>  http-outgoing-4 >> "Accept-Encoding: gzip,deflate[\r][\n]"
>  http-outgoing-4 >> "Authorization: Basic YWRtaW46YWRtaW4=[\n]"
>  http-outgoing-4 >> "[\r][\n]"
>  http-outgoing-4 >> "[\r][\n]"
>  http-outgoing-4 << "end of stream"
>  http-outgoing-4: Close connection
> It appears that on Android the sequence of carriage returns and line feeds is not being
sent properly, and the server is getting confused.
> It's also worth noting that when the correct password is being sent, the identical information
is sent over the wire, but in both cases, an HTTP 200 is returned.
> So what's going on here? Why is behavior different on 2 different platforms? Is there
a bug in the Android library?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message