DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22655>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22655 Authentication does not respond to stale nonce ------- Additional Comments From [EMAIL PROTECTED] 2003-08-25 13:05 ------- We're working on a real estate standard called RETS, and in order to interoperate, we must deal with a specific vendor that expires nonce after the first auth attempt. I freely admit that this is very strange behavior, but I can't tell them to change their client, since they are technically in line with the spec (both RETS and HTTP). I'm sure this won't come up much, but I don't see a reason why HttpClient shouldn't support a stale nonce. Here's the diff -u --- /home/scohen/downloads/httpclient-src/commons-httpclient-2.0-rc1/src/java/org/apache/commons/httpclient/HttpMethodBase.java 2003-07-31 22:15:26.000000000 -0400 +++ org/apache/commons/httpclient/HttpMethodBase.java 2003-08-21 13:26:43.000000000 -0400 @@ -1353,30 +1353,37 @@ * connection * @throws HttpException when a recoverable error occurs */ - protected void addAuthorizationRequestHeader(HttpState state, - HttpConnection conn) - throws IOException, HttpException { - LOG.trace("enter HttpMethodBase.addAuthorizationRequestHeader(" - + "HttpState, HttpConnection)"); + protected void addAuthorizationRequestHeader(HttpState state, HttpConnection conn) + throws IOException, HttpException { + LOG.trace("enter HttpMethodBase.addAuthorizationRequestHeader(" + "HttpState, HttpConnection)"); // add authorization header, if needed - if (getRequestHeader(HttpAuthenticator.WWW_AUTH_RESP) == null) { - Header[] challenges = getResponseHeaderGroup().getHeaders( - HttpAuthenticator.WWW_AUTH); - if (challenges.length > 0) { - try { - AuthScheme authscheme = HttpAuthenticator.selectAuthScheme(challenges); + + Header[] challenges = getResponseHeaderGroup().getHeaders(HttpAuthenticator.WWW_AUTH); + if (challenges.length > 0) { + + try { + AuthScheme authscheme = HttpAuthenticator.selectAuthScheme(challenges); + if (getRequestHeader(HttpAuthenticator.WWW_AUTH_RESP) == null + || isNonceStale(authscheme) ) { HttpAuthenticator.authenticate(authscheme, this, conn, state); - } catch (HttpException e) { - // log and move on - if (LOG.isErrorEnabled()) { - LOG.error(e.getMessage(), e); - } + } + } catch (HttpException e) { + // log and move on + if (LOG.isErrorEnabled()) { + LOG.error(e.getMessage(), e); } } } } + + private boolean isNonceStale(AuthScheme authscheme) { + return authscheme.getSchemeName().equalsIgnoreCase("digest") + && "true".equalsIgnoreCase(authscheme.getParameter("stale")); + } + + /** * Adds a <tt>Content-Length</tt> or <tt>Transfer-Encoding: Chunked</tt> * request header, as long as no <tt>Content-Length</tt> request header @@ -2423,6 +2430,11 @@ String realm = buffer.toString(); if (realmsUsed.contains(realm)) { + // check to see if the server has made our nonce stale. + // if it has, re-auth + if ( isNonceStale(authscheme)) { + return false; + } if (LOG.isInfoEnabled()) { LOG.info("Already tried to authenticate to \"" + realm + "\" but still receiving " --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]