[ This may not be a CXF question. If not, my apologies. ]
I saw some sample code somewhere, that Daniel posted in response to a question
about reading the Authorization header (in the context of HTTP basic
authentication). In that code, he made use of something along the lines of:
List<String> authLines =
headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
to read the header value. In my effort to make WSSE UsernameToken work, I was
trying to follow this same model.[1] However, I find that while a header of:
Authorization: Basic XakgewlkAksadsas==
results in authLines having a single element in it, with value "Basic
XakgewlkAksadsas==" -- as expected -- sending a header of:
Authorization: WSSE profile="UsernameToken"
results in authLines having *two* elements in it:
Element #1: WSSE profile=
Element #2: "UsernameToken"
(the first has the "=" in it; the second has the quotes).
If I look at the "X-WSSE" header, similarly, it seems to have each key and
value split out, with an "=" at the end of each key. So, for example, the part
of the X-WSSE header that looks like:
Nonce="CE1F325AFFE4D8D53FE6FE2F9CD83B92"
comes through as two elements:
Element #1: Nonce=
Element #2: "CE1F325AFFE4D8D53FE6FE2F9CD83B92"
This seems somewhat odd to me. I looked at the docs for getRequestHeader, and
it seems to indicate that you get a key and a value -- with no mention that the
value is split on the-character-after-"=" and also on ",".
Since I'm trying to process this header's contents robustly, I'd like to be
sure that this is the normal behavior, and that it's what I need to
accommodate. :-)
[1] This related to my previous message, about selective authentication, to
which Sergey replied. My plan is to get authentication working the brute-force
way (to get the details working), then refactor the algorithm into a request
handler filter per Sergey's suggestions.
