[jira] Closed: (JCR-286) Jcr-Server: Invalid value for HTTP auth header

Fri, 02 Dec 2005 03:11:44 -0800 

     [ http://issues.apache.org/jira/browse/JCR-286?page=all ]
     
angela closed JCR-286:
----------------------


> Jcr-Server: Invalid value for HTTP auth header
> ----------------------------------------------
>
>          Key: JCR-286
>          URL: http://issues.apache.org/jira/browse/JCR-286
>      Project: Jackrabbit
>         Type: Bug
>     Reporter: Peter Darton
>     Assignee: angela
>     Priority: Minor

>
> At present, DAV Explorer won't log in to the JCR WebDav servlet - it doesn't 
> even ask for a username & password.  (Neither the Microsoft WinXP WebDAV & 
> Novell's NetDrive were as fussy and were happy to log in)
> Using Ethereal, I compared the traffic for a valid Slide WebDav login 
> compared to a JCR WebDav login.
> I've now found and fixed the problem on my local build, and I've now got DAV 
> Explorer to work with JCR Webdav.  Here's a description of the bugfix:
> In 
> jackrabbit/contrib/jcr-server/server/src/java/org/apache/jackrabbit/server/AbstractWebdavServlet.java,
>  there is a public static final String DEFAULT_AUTHENTICATE_HEADER.
> This is currently set to "Basic Realm=Jackrabbit Webdav Server".
> This is not a valid string for use in this context as it is in breach of 
> RFC2617 for 2 reasons:
> 1) "Realm" should be "realm"
> 2) "Jackrabbit Webdav Server" should be in quotes, i.e. "\"Jackrabbit Webdav 
> Server\""
> According to http://www.ietf.org/rfc/rfc2617.txt, a valid challenge would be:
>    WWW-Authenticate: Basic realm="WallyWorld"
> Note that "realm" is not capitalised and "WallyWorld" has been enclosed in 
> quotes (the "WWW-Authenticate: " string is held elsewhere in the Java code 
> and is correct)
> In other words, AbstractWebdavServlet.java line 82, which currently reads:
>     public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic 
> Realm=Jackrabbit Webdav Server";
> should be changed to read
>     public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic 
> realm=\"Jackrabbit Webdav Server\"";

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to