Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4318

OAuthRequestFilter generates an empty WWW-Authenticate header

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.6
    • 2.6.1
    • JAX-RS Security
    • Unknown

    Description

      When using OAuthRequestFilter to protect a resource if we don't set any member for its "tokenHandlers" list, a request without an "Authorization" header will generate a response like:

      Response-Code: 401
      Content-Type: text/xml
      Headers:

      {WWW-Authenticate=[], Date=[Tue, 15 May 2012 15:27:43 GMT], Content-Length=[0]}

      And when trying to process it at the client layer a "java.lang.IllegalArgumentException" will be thrown:

      URL uri = new URL("http://SomeFilteredResource");
      HttpURLConnection conn = (HttpURLConnection)uri.openConnection();
      int code = conn.getResponseCode();

      Receives:

      java.lang.RuntimeException: java.lang.IllegalArgumentException: invalid start or end
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1137)
      at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:2338)
      at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:388)

      I suppose the reason could be the empty "WWW-Authenticate" header's value, so the method AuthorizationUtils.throwAuthorizationFailure() should be fixed to avoid this situation

      Regards

      Attachments

        Activity

          People

            sergey_beryozkin Sergey Beryozkin
            jordi Jordi Gerona
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: