Empty HTTP WWW-Authenticate header in response

ZDC Wed, 02 Dec 2009 04:42:22 -0800

Hi,

I implemented a custom Guard that handles multiple authentications, e.g. HTTP 
Simplem, Amazon S3 (my own AmazonS3ServerHelper implementation), etc.


According to HTTP spec., the server responses the "WWW-Authenticate" header(s) 
when credentials are not provided in the request. So my code had lines like:

final List<ChallengeRequest> list = new 
CopyOnWriteArrayList<ChallengeRequest>();
                list.add(new ChallengeRequest(ChallengeScheme.HTTP_BASIC, "HTTP 
Simple Authentication"));
                list.add(new ChallengeRequest(ChallengeScheme.HTTP_AWS_S3, 
"Amazon S3 Authentication"));
                //list.add(new ChallengeRequest(ChallengeScheme.HTTP_AWS, 
"Amazon S3 Authentication"));
                list.add(new ChallengeRequest(ChallengeScheme.HTTP_OAUTH, "HTTP 
OAuth Authentication"));
                response.setChallengeRequests(list);

However, the HTTP response looks like:
HTTP/1.1 401 Unauthorized
 Server: Apache-Coyote/1.1
 Date: ....
 WWW-Authenticate: Basic realm="MRSP Simple Authentication"
 WWW-Authenticate: 
 WWW-Authenticate: OAuth realm="HTTP OAuth Authentication"
 Accept-Ranges: bytes
...

The header value for Amazon S3 was empty.

Does anyone know what and where it's wrong?

BRs,
Yu

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2426314

Empty HTTP WWW-Authenticate header in response

Reply via email to