Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 353627

Summary: BasicAuthenticator.validateRequest() assumes HTTP Basic authentication
Product: [RT] Jetty Reporter: Michael Gorovoy <mgorovoy>
Component: serverAssignee: Greg Wilkins <gregw>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: gregw, jetty-inbox, mparaz
Version: 7.4.5   
Target Milestone: 7.5.x   
Hardware: All   
OS: All   
Whiteboard:

Description Michael Gorovoy CLA 2011-08-02 13:47:12 EDT 
Originally reported as http://jira.codehaus.org/browse/JETTY-1407 by Miguel Paraz (mparaz@gmail.com)

org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest() has the lines:

credentials = credentials.substring(credentials.indexOf(' ')+1); 
credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);

This assumes HTTP Basic authentication. 
The code should first check if credentials is equal to "Basic". 
The result is an IllegalArgumentException: Not B64 encoded
Comment 1 Michael Gorovoy CLA 2011-08-02 14:42:34 EDT 
Miguel,

I am able to run SecuredHelloHandler (http://goo.gl/8jlhB) that is an example embedded Jetty application that uses BasicAuthenticator without any problems.

Therefore it is possible that there is an issue with your configuration. If you could please  post either your jetty configuration file(s) or a sample application that exhibits the problem, it would assist us in figuring it out.

-Michael
Comment 2 Greg Wilkins CLA 2011-09-20 03:17:05 EDT 
fixed for 7.5.2
turns out our tests were bad and not sending "Basic " before the B64


thanks
Comment 3 Greg Wilkins CLA 2011-09-20 03:18:00 EDT 
oops forgot to change state.