[
https://issues.apache.org/jira/browse/HTTPCLIENT-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCLIENT-1604.
-------------------------------------------
Resolution: Fixed
Fix Version/s: 4.4 Final
Fixed in SVN trunk. Please review / re-test.
Oleg
> HttpClient fails Basic Authentication when using RFC2617Scheme
> --------------------------------------------------------------
>
> Key: HTTPCLIENT-1604
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1604
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.3.6
> Reporter: Dave R
> Fix For: 4.4 Final
>
> Attachments: BasicAuthTests.java
>
>
> HttpClient fails to process Basic authentication with
> MalformedChallengeException - "HttpAuthenticator - Malformed challenge:
> Authentication challenge is empty"
> even though WWW auth header is valid ("WWW-Authenticate: Basic")
> AuthSchemeBase.processChallenge(final Header header)
> parses through the header, gets the value and checks that it matches the
> expected scheme name. (AuthSchemeBase: lines 100 through 125)
> It then calls parseChallenge(buffer, pos, buffer.length()) (line 127)
> In this scenario, pos is equal to buffer.length() because it was just used as
> the buffer index to find the beginning and end of the value (AuthSchemeBase:
> lines 114 to 121)
> parseChallenge() (overridden in RFC2617Scheme) uses pos as the begin index
> for a new cursor to be used to parse the header again. (RFC2617Scheme: line
> 108)
> Since pos is pointing to the end of the buffer, it doesn't find any elements
> and throws MalformedChallengeException("Authentication Challenge is empty")
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
