Rainer Burgstaller created HTTPCLIENT-1566:
----------------------------------------------
Summary: Obvious bug in HTTP Basic Authentication!
Key: HTTPCLIENT-1566
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1566
Project: HttpComponents HttpClient
Issue Type: Bug
Components: Android Port
Affects Versions: 4.3.5
Reporter: Rainer Burgstaller
Priority: Blocker
There is an obvious bug in android httpclient 4.3.5 in
{{BasicSchemeHC4.authenticate()}}
{code:java}
/**
* Produces basic authorization header for the given set of {@link
Credentials}.
*
* @param credentials The set of credentials to be used for authentication
* @param request The request being authenticated
* @throws org.apache.http.auth.InvalidCredentialsException if
authentication
* credentials are not valid or not applicable for this authentication
scheme
* @throws AuthenticationException if authorization string cannot
* be generated due to an authentication failure
*
* @return a basic authorization string
*/
@Override
public Header authenticate(
final Credentials credentials,
final HttpRequest request,
final HttpContext context) throws AuthenticationException {
Args.notNull(credentials, "Credentials");
Args.notNull(request, "HTTP request");
final StringBuilder tmp = new StringBuilder();
tmp.append(credentials.getUserPrincipal().getName());
tmp.append(":");
tmp.append((credentials.getPassword() == null) ? "null" :
credentials.getPassword());
final byte[] base64password = Base64.decode(
EncodingUtils.getBytes(tmp.toString(),
getCredentialsCharset(request)),
Base64.NO_WRAP);
{code}
It is quite obvious that decoding a plaintext string "username:password" as
Base64 will not work. The bug was introduced in revision {{1.616.447}}.
Please fix asap.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
