Details
-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 2.6.6, 3.0.3
-
Fix Version/s: None
-
Component/s: Transports
-
Labels:None
-
Estimated Complexity:Novice
Description
i'm trying to send requests to an external system which requires basic auth via an internal http proxy which uses digest auth
<http-conf:conduit name="*.http-conduit"> <http-conf:client ProxyServer="proxy" ProxyServerPort="3128" /> <http-conf:authorization> <http-sec:UserName>xxx</http-sec:UserName> <http-sec:Password>xxx</http-sec:Password> <http-sec:AuthorizationType>Basic</http-sec:AuthorizationType> </http-conf:authorization> <http-conf:proxyAuthorization> <http-sec:UserName>proxyuser</http-sec:UserName> <http-sec:Password>proxypass</http-sec:Password> <http-sec:AuthorizationType>Digest</http-sec:AuthorizationType> </http-conf:proxyAuthorization> </http-conf:conduit>
the problem is that Proxy-Authentication is always using basic auth
i think i found the problem in
org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthorizationPolicy
String proxyAuthString = *authSupplier*.getAuthorization(proxyAuthorizationPolicy, url, message, null); if (proxyAuthString != null) { headers.setProxyAuthorization(proxyAuthString); }
the field proxyAuthSupplier was lazy initialized as DigestAuthSupplier in prepare method, but it is not used to create the header.