oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominik Schürmann (JIRA) <j...@apache.org>
Subject [jira] [Updated] (OLTU-105) Android 4.1 expects "realm" as first parameter in www-authenticate header
Date Thu, 16 May 2013 12:07:15 GMT

     [ https://issues.apache.org/jira/browse/OLTU-105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dominik Schürmann updated OLTU-105:
-----------------------------------

    Description: 
Using Apache Oltu for a Resource Server will not work correctly with Android 4.1:

Android 4.1 changed java.libcore.net.http.HeaderParser.java and now expects "realm" as the
first parameter in the www-authenticate header. If not it will throw an IOException.
See parseChallenges in https://android.googlesource.com/platform/libcore/+/android-4.1.2_r2/luni/src/main/java/libcore/net/http/HeaderParser.java
More information: http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c


To fix this I changed OAuthUtils in common package:
    /**
     * Construct a WWW-Authenticate header
     */
    public static String encodeOAuthHeader(Map<String, Object> entries) {
        StringBuffer sb = new StringBuffer();
        sb.append(OAuth.OAUTH_HEADER_NAME).append(" ");
        /*
         * Android 4.1 requires realm as first parameter!
         * If not set, it will throw an IOException
         * see java.libcore.net.http.HeaderParser.java in Android 4.1 tree
         * more information:
         * http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c
         */
        if (entries.get("realm") != null) {
            String value = String.valueOf(entries.get("realm"));
            if (!OAuthUtils.isEmpty(value)) {
                sb.append("realm=\"");
                sb.append(value);
                sb.append("\",");
            }
            entries.remove("realm");
        }
        for (Map.Entry<String, Object> entry : entries.entrySet()) {
            String value = entry.getValue() == null? null: String.valueOf(entry.getValue());
            if (!OAuthUtils.isEmpty(entry.getKey()) && !OAuthUtils.isEmpty(value))
{
                sb.append(entry.getKey());
                sb.append("=\"");
                sb.append(value);
                sb.append("\",");
            }
        }

        return sb.substring(0, sb.length() - 1);
    }


And the corresponding test OAuthUtilsTest:
    @Test
    public void testEncodeOAuthHeader() throws Exception {

        Map<String, Object> entries = new HashMap<String, Object>();
        entries.put("realm", "Some Example Realm");
        entries.put("error", "invalid_token");

        String header = OAuthUtils.encodeOAuthHeader(entries);
        assertEquals("Bearer realm=\"Some Example Realm\",error=\"invalid_token\"", header);

    }



  was:
Android 4.1 changed java.libcore.net.http.HeaderParser.java and now expects "realm" as the
first parameter in the www-authenticate header. If not it will throw an IOException.
See parseChallenges in https://android.googlesource.com/platform/libcore/+/android-4.1.2_r2/luni/src/main/java/libcore/net/http/HeaderParser.java
More information: http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c


To fix this I changed OAuthUtils in common package:
    /**
     * Construct a WWW-Authenticate header
     */
    public static String encodeOAuthHeader(Map<String, Object> entries) {
        StringBuffer sb = new StringBuffer();
        sb.append(OAuth.OAUTH_HEADER_NAME).append(" ");
        /*
         * Android 4.1 requires realm as first parameter!
         * If not set, it will throw an IOException
         * see java.libcore.net.http.HeaderParser.java in Android 4.1 tree
         * more information:
         * http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c
         */
        if (entries.get("realm") != null) {
            String value = String.valueOf(entries.get("realm"));
            if (!OAuthUtils.isEmpty(value)) {
                sb.append("realm=\"");
                sb.append(value);
                sb.append("\",");
            }
            entries.remove("realm");
        }
        for (Map.Entry<String, Object> entry : entries.entrySet()) {
            String value = entry.getValue() == null? null: String.valueOf(entry.getValue());
            if (!OAuthUtils.isEmpty(entry.getKey()) && !OAuthUtils.isEmpty(value))
{
                sb.append(entry.getKey());
                sb.append("=\"");
                sb.append(value);
                sb.append("\",");
            }
        }

        return sb.substring(0, sb.length() - 1);
    }


And the corresponding test OAuthUtilsTest:
    @Test
    public void testEncodeOAuthHeader() throws Exception {

        Map<String, Object> entries = new HashMap<String, Object>();
        entries.put("realm", "Some Example Realm");
        entries.put("error", "invalid_token");

        String header = OAuthUtils.encodeOAuthHeader(entries);
        assertEquals("Bearer realm=\"Some Example Realm\",error=\"invalid_token\"", header);

    }



    
> Android 4.1 expects "realm" as first parameter in www-authenticate header
> -------------------------------------------------------------------------
>
>                 Key: OLTU-105
>                 URL: https://issues.apache.org/jira/browse/OLTU-105
>             Project: Apache Oltu
>          Issue Type: Bug
>          Components: oauth2-common
>    Affects Versions: 0.31
>            Reporter: Dominik Schürmann
>              Labels: android
>
> Using Apache Oltu for a Resource Server will not work correctly with Android 4.1:
> Android 4.1 changed java.libcore.net.http.HeaderParser.java and now expects "realm" as
the first parameter in the www-authenticate header. If not it will throw an IOException.
> See parseChallenges in https://android.googlesource.com/platform/libcore/+/android-4.1.2_r2/luni/src/main/java/libcore/net/http/HeaderParser.java
> More information: http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c
> To fix this I changed OAuthUtils in common package:
>     /**
>      * Construct a WWW-Authenticate header
>      */
>     public static String encodeOAuthHeader(Map<String, Object> entries) {
>         StringBuffer sb = new StringBuffer();
>         sb.append(OAuth.OAUTH_HEADER_NAME).append(" ");
>         /*
>          * Android 4.1 requires realm as first parameter!
>          * If not set, it will throw an IOException
>          * see java.libcore.net.http.HeaderParser.java in Android 4.1 tree
>          * more information:
>          * http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c
>          */
>         if (entries.get("realm") != null) {
>             String value = String.valueOf(entries.get("realm"));
>             if (!OAuthUtils.isEmpty(value)) {
>                 sb.append("realm=\"");
>                 sb.append(value);
>                 sb.append("\",");
>             }
>             entries.remove("realm");
>         }
>         for (Map.Entry<String, Object> entry : entries.entrySet()) {
>             String value = entry.getValue() == null? null: String.valueOf(entry.getValue());
>             if (!OAuthUtils.isEmpty(entry.getKey()) && !OAuthUtils.isEmpty(value))
{
>                 sb.append(entry.getKey());
>                 sb.append("=\"");
>                 sb.append(value);
>                 sb.append("\",");
>             }
>         }
>         return sb.substring(0, sb.length() - 1);
>     }
> And the corresponding test OAuthUtilsTest:
>     @Test
>     public void testEncodeOAuthHeader() throws Exception {
>         Map<String, Object> entries = new HashMap<String, Object>();
>         entries.put("realm", "Some Example Realm");
>         entries.put("error", "invalid_token");
>         String header = OAuthUtils.encodeOAuthHeader(entries);
>         assertEquals("Bearer realm=\"Some Example Realm\",error=\"invalid_token\"", header);
>     }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message