hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis Ju (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1628) Auth cache can fail when domain name contains uppercase characters
Date Wed, 11 Mar 2015 18:57:38 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14357396#comment-14357396
] 

Dennis Ju commented on HTTPCLIENT-1628:
---------------------------------------

Yes, I'm quite sure of the issue. If you look again at the constructor, there's both a hostname
and lcHostname attribute, and the hostname is what's used when comparing for a match.

AuthScope.match() will compare the case sensitive hostname, and will return -1 (unless the
host is specified to be ANY_HOST). 

See: http://hc.apache.org/httpcomponents-client-4.4.x/httpclient/xref/org/apache/http/auth/AuthScope.html#256

This test case is probably in the wrong class as it doesn't just affect BasicCredentialsProvider,
but I wasn't quite sure where to put it:

https://gist.github.com/dejuknow/87e546942068105434b1/revisions

> Auth cache can fail when domain name contains uppercase characters
> ------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1628
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1628
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.4 Final
>            Reporter: Dennis Ju
>            Priority: Minor
>
> Following the example for using preemptive authentication given in the documentation
[here|http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html] will
fail to authenticate if you use uppercase characters in the domain name like loCalHoST or
aPache.org.
> This is a new issue with 4.4 because of the new constructor AuthScope(final HttpHost
origin, final String realm, final String schemeName). This constructor differs from the original
constructor AuthScope(final String host, final int port, final String realm, final String
schemeName) where the hostname is converted to lowercase. The example uses the latter constructor
when it creates the AuthScope, so the hostname is lowercase. When a request is executed, BasicCredentialsProvider.matchCredentials(...)
will try to compare this lowercase hostname with a newly created AuthScope that doesn't convert
to lowercase, so it always returns false.
> The easy fix would be to convert the hostname to lowercase for the first constructor.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message