Uploaded image for project: 'Apache Oltu'
  1. Apache Oltu
  2. OLTU-105

Android 4.1 expects "realm" as first parameter in www-authenticate header

    XMLWordPrintableJSON

    Details

      Description

      Using Apache Oltu for a Resource Server will not work correctly with Android 4.1:

      Android 4.1 changed java.libcore.net.http.HeaderParser.java and now expects "realm" as the first parameter in the www-authenticate header. If not it will throw an IOException.
      See parseChallenges in https://android.googlesource.com/platform/libcore/+/android-4.1.2_r2/luni/src/main/java/libcore/net/http/HeaderParser.java
      More information: http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c

      To fix this I changed OAuthUtils in common package:
      /**

      • Construct a WWW-Authenticate header
        */
        public static String encodeOAuthHeader(Map<String, Object> entries) {
        StringBuffer sb = new StringBuffer();
        sb.append(OAuth.OAUTH_HEADER_NAME).append(" ");
        /*
      • Android 4.1 requires realm as first parameter!
      • If not set, it will throw an IOException
      • see java.libcore.net.http.HeaderParser.java in Android 4.1 tree
      • more information:
      • http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c
        */
        if (entries.get("realm") != null)
        Unknown macro: { String value = String.valueOf(entries.get("realm")); if (!OAuthUtils.isEmpty(value)) { sb.append("realm=\""); sb.append(value); sb.append("\","); } entries.remove("realm"); }

        for (Map.Entry<String, Object> entry : entries.entrySet())

        Unknown macro: { String value = entry.getValue() == null? null}

      return sb.substring(0, sb.length() - 1);
      }

      And the corresponding test OAuthUtilsTest:
      @Test
      public void testEncodeOAuthHeader() throws Exception

      { Map<String, Object> entries = new HashMap<String, Object>(); entries.put("realm", "Some Example Realm"); entries.put("error", "invalid_token"); String header = OAuthUtils.encodeOAuthHeader(entries); assertEquals("Bearer realm=\"Some Example Realm\",error=\"invalid_token\"", header); }

        Attachments

        1. OLTU-105-2.patch
          2 kB
          Charles Simpson
        2. OLTU-105.patch
          2 kB
          Dominik Schürmann

          Activity

            People

            • Assignee:
              simone.tripodi Simone Tripodi
              Reporter:
              dschuermann Dominik Schürmann
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: