[jira] [Resolved] (OLTU-105) Android 4.1 expects "realm" as first parameter in www-authenticate header

[Simone Tripodi (JIRA)]

     [ 
https://issues.apache.org/jira/browse/OLTU-105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Simone Tripodi resolved OLTU-105.
---------------------------------

    Resolution: Fixed
      Assignee: Simone Tripodi

patch applied in r1605370, thanks both for your help, much more than 
appreciated (and I owe you a beer)!

> Android 4.1 expects "realm" as first parameter in www-authenticate header
> -------------------------------------------------------------------------
>
>                 Key: OLTU-105
>                 URL: https://issues.apache.org/jira/browse/OLTU-105
>             Project: Apache Oltu
>          Issue Type: Bug
>          Components: oauth2-common, oauth2-resourceserver
>    Affects Versions: oauth2-0.31
>            Reporter: Dominik Schürmann
>            Assignee: Simone Tripodi
>              Labels: android
>         Attachments: OLTU-105-2.patch, OLTU-105.patch
>
>
> Using Apache Oltu for a Resource Server will not work correctly with Android 
> 4.1:
> Android 4.1 changed java.libcore.net.http.HeaderParser.java and now expects 
> "realm" as the first parameter in the www-authenticate header. If not it will 
> throw an IOException.
> See parseChallenges in 
> https://android.googlesource.com/platform/libcore/+/android-4.1.2_r2/luni/src/main/java/libcore/net/http/HeaderParser.java
> More information: 
> http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c
> To fix this I changed OAuthUtils in common package:
>     /**
>      * Construct a WWW-Authenticate header
>      */
>     public static String encodeOAuthHeader(Map<String, Object> entries) {
>         StringBuffer sb = new StringBuffer();
>         sb.append(OAuth.OAUTH_HEADER_NAME).append(" ");
>         /*
>          * Android 4.1 requires realm as first parameter!
>          * If not set, it will throw an IOException
>          * see java.libcore.net.http.HeaderParser.java in Android 4.1 tree
>          * more information:
>          * 
> http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c
>          */
>         if (entries.get("realm") != null) {
>             String value = String.valueOf(entries.get("realm"));
>             if (!OAuthUtils.isEmpty(value)) {
>                 sb.append("realm=\"");
>                 sb.append(value);
>                 sb.append("\",");
>             }
>             entries.remove("realm");
>         }
>         for (Map.Entry<String, Object> entry : entries.entrySet()) {
>             String value = entry.getValue() == null? null: 
> String.valueOf(entry.getValue());
>             if (!OAuthUtils.isEmpty(entry.getKey()) && 
> !OAuthUtils.isEmpty(value)) {
>                 sb.append(entry.getKey());
>                 sb.append("=\"");
>                 sb.append(value);
>                 sb.append("\",");
>             }
>         }
>         return sb.substring(0, sb.length() - 1);
>     }
> And the corresponding test OAuthUtilsTest:
>     @Test
>     public void testEncodeOAuthHeader() throws Exception {
>         Map<String, Object> entries = new HashMap<String, Object>();
>         entries.put("realm", "Some Example Realm");
>         entries.put("error", "invalid_token");
>         String header = OAuthUtils.encodeOAuthHeader(entries);
>         assertEquals("Bearer realm=\"Some Example 
> Realm\",error=\"invalid_token\"", header);
>     }



--
This message was sent by Atlassian JIRA
(v6.2#6252)