[jira] [Created] (OLTU-105) Android 4.1 expects "realm" as first parameter in www-authenticate header

Thu, 16 May 2013 05:05:19 -0700 

Dominik Schürmann created OLTU-105:
--------------------------------------

             Summary: Android 4.1 expects "realm" as first parameter in 
www-authenticate header
                 Key: OLTU-105
                 URL: https://issues.apache.org/jira/browse/OLTU-105
             Project: Apache Oltu
          Issue Type: Bug
          Components: oauth2-common
    Affects Versions: 0.31
            Reporter: Dominik Schürmann


Android 4.1 changed java.libcore.net.http.HeaderParser.java and now expects 
"realm" as the first parameter in the www-authenticate header. If not it will 
throw an IOException.
See parseChallenges in 
https://android.googlesource.com/platform/libcore/+/android-4.1.2_r2/luni/src/main/java/libcore/net/http/HeaderParser.java
More information: 
http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c


To fix this I changed OAuthUtils in common package:
    /**
     * Construct a WWW-Authenticate header
     */
    public static String encodeOAuthHeader(Map<String, Object> entries) {
        StringBuffer sb = new StringBuffer();
        sb.append(OAuth.OAUTH_HEADER_NAME).append(" ");
        /*
         * Android 4.1 requires realm as first parameter!
         * If not set, it will throw an IOException
         * see java.libcore.net.http.HeaderParser.java in Android 4.1 tree
         * more information:
         * 
http://stackoverflow.com/questions/11810447/httpurlconnection-worked-fine-in-android-2-x-but-not-in-4-1-no-authentication-c
         */
        if (entries.get("realm") != null) {
            String value = String.valueOf(entries.get("realm"));
            if (!OAuthUtils.isEmpty(value)) {
                sb.append("realm=\"");
                sb.append(value);
                sb.append("\",");
            }
            entries.remove("realm");
        }
        for (Map.Entry<String, Object> entry : entries.entrySet()) {
            String value = entry.getValue() == null? null: 
String.valueOf(entry.getValue());
            if (!OAuthUtils.isEmpty(entry.getKey()) && 
!OAuthUtils.isEmpty(value)) {
                sb.append(entry.getKey());
                sb.append("=\"");
                sb.append(value);
                sb.append("\",");
            }
        }

        return sb.substring(0, sb.length() - 1);
    }


And the corresponding test OAuthUtilsTest:
    @Test
    public void testEncodeOAuthHeader() throws Exception {

        Map<String, Object> entries = new HashMap<String, Object>();
        entries.put("realm", "Some Example Realm");
        entries.put("error", "invalid_token");

        String header = OAuthUtils.encodeOAuthHeader(entries);
        assertEquals("Bearer realm=\"Some Example 
Realm\",error=\"invalid_token\"", header);

    }



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to