Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 357719 - HTTP authentication fails when server returns multiple WWW-Authenticate headers
Summary: HTTP authentication fails when server returns multiple WWW-Authenticate headers
Status: RESOLVED FIXED
Alias: None
Product: JGit
Classification: Technology
Component: JGit (show other bugs)
Version: unspecified   Edit
Hardware: PC Windows XP
: P3 normal with 1 vote (vote)
Target Milestone: 3.0.2   Edit
Assignee: Project Inbox CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-09-15 00:25 EDT by Tim Pettersen CLA
Modified: 2013-08-26 02:28 EDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Pettersen CLA 2011-09-15 00:25:03 EDT 
Build Identifier: M20090917-0800

The first line of  org.eclipse.jgit.transport.HttpAuthMethod#scanResponse(HttpURLConnection) checks the response returned from the Git server for a "WWW-Authenticate" header. However, if there a multiple WWW-Authenticate headers defined (which is valid, servers may support multiple methods of authentication) it will only check the last one, and declare that no supported auth challenge was found if it doesn't contain Basic or Digest.

Instead, it should iterate through the available WWW-Authenticate headers, checking whether any of them contain a supported authentication method.

Reproducible: Always
Comment 1 Matthias Sohn CLA 2011-09-29 05:05:05 EDT 
this is a problem in JGit
Comment 2 Matthias Sohn CLA 2013-06-20 19:17:00 EDT 
proposed patch by Alex Rukhlin https://git.eclipse.org/r/#/c/13285/
Comment 3 Matthias Sohn CLA 2013-06-23 18:03:22 EDT 
merged as 98dd6e6abdba75d05f03b5b073659efe53182dc6
Comment 4 Matthias Sohn CLA 2013-08-26 02:28:22 EDT 
cherry-picked for 3.0.2