[HTTPCLIENT-1604] HttpClient fails Basic Authentication when using RFC2617Scheme - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.3.6
Fix Version/s: 4.4 Final
Component/s: HttpClient (classic)
Labels:
None

Description

HttpClient fails to process Basic authentication with
MalformedChallengeException - "HttpAuthenticator - Malformed challenge: Authentication challenge is empty"
even though WWW auth header is valid ("WWW-Authenticate: Basic")

AuthSchemeBase.processChallenge(final Header header)
parses through the header, gets the value and checks that it matches the expected scheme name. (AuthSchemeBase: lines 100 through 125)

It then calls parseChallenge(buffer, pos, buffer.length()) (line 127)

In this scenario, pos is equal to buffer.length() because it was just used as the buffer index to find the beginning and end of the value (AuthSchemeBase: lines 114 to 121)

parseChallenge() (overridden in RFC2617Scheme) uses pos as the begin index for a new cursor to be used to parse the header again. (RFC2617Scheme: line 108)
Since pos is pointing to the end of the buffer, it doesn't find any elements and throws MalformedChallengeException("Authentication Challenge is empty")

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

BasicAuthTests.java
25/Jan/15 20:19
2 kB
Dave R

Activity

People

Assignee:: Unassigned

Reporter:: Dave R

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Jan/15 20:16

Updated:: 04/May/17 09:49

Resolved:: 26/Jan/15 10:05