Bugzilla – Full Text Bug Listing
| Summary: | HttpSpiContextHandler fails to send Www-authenticate header | ||
|---|---|---|---|
| Product: | [RT] Jetty | Reporter: | Henrik Gustafsson <henrik.gustafsson> |
| Component: | server | Assignee: | Greg Wilkins <gregw> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | major | ||
| Priority: | P3 | CC: | jesse.mcconnell, jetty-inbox |
| Version: | unspecified | ||
| Target Milestone: | 7.5.x | ||
| Hardware: | Macintosh | ||
| OS: | Mac OS X - Carbon (unsup.) | ||
| Whiteboard: | |||
We were not copying the headers over. Fixed now in HEAD and will be in 7.6.0 Note that the http-spi is little used and little tested, so we would appreciate any feedback you can give. Keep the issues coming and feel free to write some test harnesses if you want. cheers Thanks a bunch! I'm assuming it will reach the jetty-8 branch too? also need to factor in 359784 or put into a new modules, but just a heads up incase your looking for ws spi support as well, just trying to iron out cq's atm cheers |
Build Identifier: jetty-http-spi-7.5.4.v20111024.jar When using Jetty as my HttpServerProvider and I set an authenticator for the context (ctx.setAuthenticator(new BasicAuthenticator() {...})) to enable Basic HTTP auth Jetty does not emit the Www-authenticate:-header in the 401-response, causing the client not to attempt to authenticate Typical Jetty exchange looks like this: GET /soap/3.1?wsdl HTTP/1.1 Host: localhost:7627 Connection: keep-alive Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.1 Safari/535.11 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: undefined=%2C%2Fcdr; stay_login=1; id=je3LtszL8vomw HTTP/1.1 401 Unauthorized Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=ISO-8859-1 Content-Length: 1281 Server: Jetty(7.5.4.v20111024) <html> ...stuff... </html> When switching to the stock Java HttpServerProvider the expected header is emitted: GET /soap/3.1?wsdl HTTP/1.1 Host: localhost:7627 Connection: keep-alive Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.1 Safari/535.11 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: undefined=%2C%2Fcdr; stay_login=1; id=je3LtszL8vomw HTTP/1.1 401 Unauthorized Content-length: 0 Www-authenticate: Basic realm="SomeService" From what I can tell, in HttpSpiContextHandler.handleAuthentication() jettytHttpExchange.responseHeaders contains the missing header, but it's never sent when it reaches resp.sendError(rc) of the (result instanceof Authenticator.Retry) branch. Reproducible: Always Steps to Reproduce: 1. This: server = new JettyHttpServerProvider().createHttpServer(new InetSocketAddress(host, port), 10); server.start(); final HttpContext httpContext = server.createContext("/fnord"); httpContext.setAuthenticator(new BasicAuthenticator("PSMService") { @Override public boolean checkCredentials(String username, String password) { if (Util.equals(username, "fnord") && Util.equals(password, "fnord")) return true; return false; } }); final Endpoint endpoint = Endpoint.create(…); endpoint.publish(httpContext); 2. Access the context