Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6748

the qop,nc,algorithm parameter in http auth header must not be enclosed between doble quotation

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 3.1.5, 3.0.8, 3.2.0
    • None
    • None
    • Unknown

    Description

      Per RFC 2617[1], the Authorization Request Header should be

      credentials      = "Digest" digest-response
         digest-response  = 1#( username | realm | nonce | digest-uri
                         | response | [ algorithm ] | [cnonce] |
                         [opaque] | [message-qop] |
                             [nonce-count]  | [auth-param] )
      
         username         = "username" "=" username-value
         username-value   = quoted-string
         digest-uri       = "uri" "=" digest-uri-value
         digest-uri-value = request-uri   ; As specified by HTTP/1.1
         message-qop      = "qop" "=" qop-value
         cnonce           = "cnonce" "=" cnonce-value
         cnonce-value     = nonce-value
         nonce-count      = "nc" "=" nc-value
         nc-value         = 8LHEX
         response         = "response" "=" request-digest
         request-digest = <"> 32LHEX <">
         LHEX             =  "0" | "1" | "2" | "3" |
                             "4" | "5" | "6" | "7" |
                             "8" | "9" | "a" | "b" |
                             "c" | "d" | "e" | "f"
      

      The httpclient has similar issue[2] which already get fixed
      [1]https://tools.ietf.org/html/rfc2617
      [2]https://github.com/nahi/httpclient/issues/27

      Attachments

        Activity

          People

            ffang Freeman Yue Fang
            ffang Freeman Yue Fang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: