Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 353627 - BasicAuthenticator.validateRequest() assumes HTTP Basic authentication
Summary: BasicAuthenticator.validateRequest() assumes HTTP Basic authentication
Status: RESOLVED FIXED
Alias: None
Product: Jetty
Classification: RT
Component: server (show other bugs)
Version: 7.4.5   Edit
Hardware: All All
: P3 normal (vote)
Target Milestone: 7.5.x   Edit
Assignee: Greg Wilkins CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-02 13:47 EDT by Michael Gorovoy CLA
Modified: 2011-09-20 03:18 EDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Gorovoy CLA 2011-08-02 13:47:12 EDT 
Originally reported as http://jira.codehaus.org/browse/JETTY-1407 by Miguel Paraz (mparaz@gmail.com)

org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest() has the lines:

credentials = credentials.substring(credentials.indexOf(' ')+1); 
credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);

This assumes HTTP Basic authentication. 
The code should first check if credentials is equal to "Basic". 
The result is an IllegalArgumentException: Not B64 encoded
Comment 1 Michael Gorovoy CLA 2011-08-02 14:42:34 EDT 
Miguel,

I am able to run SecuredHelloHandler (http://goo.gl/8jlhB) that is an example embedded Jetty application that uses BasicAuthenticator without any problems.

Therefore it is possible that there is an issue with your configuration. If you could please  post either your jetty configuration file(s) or a sample application that exhibits the problem, it would assist us in figuring it out.

-Michael
Comment 2 Greg Wilkins CLA 2011-09-20 03:17:05 EDT 
fixed for 7.5.2
turns out our tests were bad and not sending "Basic " before the B64


thanks
Comment 3 Greg Wilkins CLA 2011-09-20 03:18:00 EDT 
oops forgot to change state.