Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthenticationProtocolHandler unable to parse Digest WWW Header #1555

Closed
TheJoeIaut opened this issue May 15, 2017 · 10 comments
Closed

AuthenticationProtocolHandler unable to parse Digest WWW Header #1555

TheJoeIaut opened this issue May 15, 2017 · 10 comments
Assignees
@sbordet @lachlan-roberts
Labels
Bug For general bugs on Jetty side

Comments

@TheJoeIaut
Copy link

TheJoeIaut commented May 15, 2017
edited

Hey,

I am having massive problems trying to authenticate against a digest auth endpoint.

For testing purposes i use http://httpbin.org/digest-auth/auth/user/passwd/MD5

That returns a WWW Header of:
Digest algorithm=MD5, qop="auth", opaque="c0c3e9b6dfa9fcbcefe9a64e8a5d1c0e", nonce="e3bcda70806caad3ebdf4e8078cbcf6b", realm="me@kennethreitz.com"

But this results in the exception:

org.eclipse.jetty.client.HttpResponseException: HTTP protocol violation: Authentication challenge without WWW-Authenticate header

The problem IMO is, that the regex parsing the WWW header in AuthenticationProtocolHandler won't match that header.

What can i do and are there any known workarounds?

For completness here is my code:

    HttpClient httpClient = new HttpClient();

 	httpClient.start();

	String realm = "me@kennethreitz.com";
	String user = "user";
	String pass = "passwd";
	URI uri =new URI("http://httpbin.org/digest-auth/auth/user/passwd/MD5");
	AuthenticationStore a = httpClient.getAuthenticationStore();
	a.addAuthentication(
	    new DigestAuthentication(uri, realm, user, pass));


	
	ContentResponse response = httpClient
	        .newRequest(uri)
	        .send();
	        //.get(5, TimeUnit.SECONDS);
	
	System.out.println(response);
@joakime joakime added the Bug For general bugs on Jetty side label May 15, 2017
@joakime
Copy link
Contributor

joakime commented May 15, 2017

What version of Jetty Client?

@TheJoeIaut
Copy link
Author

9.4.5.v20170502

@sbordet
Copy link
Contributor

sbordet commented May 15, 2017

We assume that the server replies with the realm as first auth-param, but RFC 7235 does not specify any order, and does not even require it to be present (https://tools.ietf.org/html/rfc7235#appendix-A).

@TheJoeIaut
Copy link
Author

I don't think thats the only problem:

Tested it also with the correct order: https://regex101.com/r/71olOo/1

@sbordet
Copy link
Contributor

sbordet commented May 15, 2017

Once you remove the double backslashes, works for me.

@digitaldan
Copy link

Any update on this? I am also running into the issue where "realm" is not the first parameter in the authentication response. Is there a workaround?

@sbordet
Copy link
Contributor

sbordet commented Apr 9, 2018

Writing a parser for the Authentication header is quite complicated as the syntax is just plain horrible.
We'll try to raise the priority of this.

lachlan-roberts added a commit to lachlan-roberts/jetty.project that referenced this issue Apr 10, 2018
@lachlan-roberts
Changed regex for AUTHENTICATE_PATTERN so that the realm doesn't need…
bc4ad7c 
… to appear as first parameter. jetty#1555

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
@lachlan-roberts lachlan-roberts mentioned this issue Apr 10, 2018
Merged
@sbordet
Copy link
Contributor

sbordet commented Apr 11, 2018

See also #1730.

@lachlan-roberts lachlan-roberts mentioned this issue Apr 17, 2018
Merged
sbordet added a commit that referenced this issue Apr 17, 2018
@sbordet
Merge pull request #2426 from lachlan-roberts/jetty-9.4.x-1555-Authen…
882deb0 
…ticationProtocolHandler

Issue #1555 WWW-Authenticate realm header ordering
@sbordet
Copy link
Contributor

sbordet commented Apr 17, 2018

We merged #2426 to solve the realm position issue, and we are working on a better parser in #1555.

@sbordet sbordet closed this as completed Apr 17, 2018
@gregw
Copy link
Contributor

gregw commented Apr 17, 2018

Better parser is in #2449. As that is essentially a better fix for this issue, let's leave this open until that is merged.

@gregw gregw reopened this Apr 17, 2018
mebe1012 pushed a commit to mebe1012/openhab-bundles that referenced this issue Sep 15, 2019
Initial version with jetty, yet not usable due to digestAuth bug jett…
2d98a42 
…y/jetty.project#1555 . Current jetty version does not provide this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbordet sbordet

@lachlan-roberts lachlan-roberts

Labels
Bug For general bugs on Jetty side
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@gregw @joakime @sbordet @digitaldan @TheJoeIaut @lachlan-roberts