Jordi Torrente created CXF-4318:
-----------------------------------
Summary: OAuthRequestFilter generates an empty WWW-Authenticate
header
Key: CXF-4318
URL: https://issues.apache.org/jira/browse/CXF-4318
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 2.6
Reporter: Jordi Torrente
When using OAuthRequestFilter to protect a resource if we don't set any member
for its "tokenHandlers" list, a request without an "Authorization" header will
generate a response like:
Response-Code: 401
Content-Type: text/xml
Headers: {WWW-Authenticate=[], Date=[Tue, 15 May 2012 15:27:43 GMT],
Content-Length=[0]}
And when trying to process it at the client layer a
"java.lang.IllegalArgumentException" will be thrown:
URL uri = new URL("http://SomeFilteredResource";);
HttpURLConnection conn = (HttpURLConnection)uri.openConnection();
int code = conn.getResponseCode();
Receives:
java.lang.RuntimeException: java.lang.IllegalArgumentException: invalid start
or end
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1137)
at
sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:2338)
at
java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:388)
I suppose the reason could be the empty "WWW-Authenticate" header's value, so
the method AuthorizationUtils.throwAuthorizationFailure() should be fixed to
avoid this situation
Regards
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
