hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave R (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1604) HttpClient fails Basic Authentication when using RFC2617Scheme
Date Sun, 25 Jan 2015 20:18:34 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14291250#comment-14291250
] 

Dave R commented on HTTPCLIENT-1604:
------------------------------------

Here is a unit test demonstrating the issue :

package org.apache.http.impl.auth;

import org.apache.http.Header;
import org.apache.http.HttpRequest;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
import org.apache.http.message.BufferedHeader;
import org.apache.http.util.CharArrayBuffer;
import org.junit.Assert;
import org.junit.Test;

public class BasicAuthTests {

    static class TestAuthScheme extends RFC2617Scheme {

        private String schemeName = "test";

        @Deprecated
        public Header authenticate(
                final Credentials credentials,
                final HttpRequest request) throws AuthenticationException {
            return null;
        }

        public void setSchemeName(String schemeName) {
            this.schemeName = schemeName;
        }

        public String getSchemeName() {
            return schemeName;
        }

        public boolean isComplete() {
            return false;
        }

        public boolean isConnectionBased() {
            return false;
        }

    }

    /**
     * fails with
     * Malformed challenge: Authentication challenge is empty
     */
    @Test
    public void testBasicAuthWithBufferedHeader() throws Exception {
        final TestAuthScheme authscheme = new TestAuthScheme();
        authscheme.setSchemeName("basic");

        CharArrayBuffer buffer = new CharArrayBuffer(23);
        buffer.append("WWW-Authenticate: Basic");
        final Header header = new BufferedHeader(buffer);

        /* throws MalformedChallengeException even though basic auth challenge header is valid
*/
        authscheme.processChallenge(header);

        Assert.assertEquals("basic", authscheme.getSchemeName());
        Assert.assertEquals("BASIC", authscheme.toString());
    }
}


> HttpClient fails Basic Authentication when using RFC2617Scheme
> --------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1604
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1604
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.3.6
>            Reporter: Dave R
>
> HttpClient fails to process Basic authentication with 
> MalformedChallengeException - "HttpAuthenticator - Malformed challenge: Authentication
challenge is empty"
> even though WWW auth header is valid ("WWW-Authenticate: Basic")
> AuthSchemeBase.processChallenge(final Header header) 
> parses through the header, gets the value and checks that it matches the expected scheme
name. (AuthSchemeBase: lines 100 through 125)
> It then calls parseChallenge(buffer, pos, buffer.length()) (line 127)
> In this scenario, pos is equal to buffer.length() because it was just used as the buffer
index to find the beginning and end of the value (AuthSchemeBase: lines 114 to 121)
> parseChallenge() (overridden in RFC2617Scheme) uses pos as the begin index for a new
cursor to be used to parse the header again. (RFC2617Scheme: line 108)
> Since pos is pointing to the end of the buffer, it doesn't find any elements and throws
MalformedChallengeException("Authentication Challenge is empty")



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message