hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave R (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1604) HttpClient fails Basic Authentication when using RFC2617Scheme
Date Sun, 25 Jan 2015 20:17:34 GMT
Dave R created HTTPCLIENT-1604:

             Summary: HttpClient fails Basic Authentication when using RFC2617Scheme
                 Key: HTTPCLIENT-1604
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1604
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.3.6
            Reporter: Dave R

HttpClient fails to process Basic authentication with 
MalformedChallengeException - "HttpAuthenticator - Malformed challenge: Authentication challenge
is empty"
even though WWW auth header is valid ("WWW-Authenticate: Basic")

AuthSchemeBase.processChallenge(final Header header) 
parses through the header, gets the value and checks that it matches the expected scheme name.
(AuthSchemeBase: lines 100 through 125)

It then calls parseChallenge(buffer, pos, buffer.length()) (line 127)

In this scenario, pos is equal to buffer.length() because it was just used as the buffer index
to find the beginning and end of the value (AuthSchemeBase: lines 114 to 121)

parseChallenge() (overridden in RFC2617Scheme) uses pos as the begin index for a new cursor
to be used to parse the header again. (RFC2617Scheme: line 108)
Since pos is pointing to the end of the buffer, it doesn't find any elements and throws MalformedChallengeException("Authentication
Challenge is empty")

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message