JDK-6459815 : Long passwords cause Basic Auth to fail with a java.net.Authenticator
- Type: Bug
- Component: core-libs
- Sub-Component: java.net
- Affected Version: 5.0
- Priority: P3
- Status: Closed
- Resolution: Duplicate
- OS: windows_xp
- CPU: x86
- Submitted: 2006-08-14
- Updated: 2011-02-16
- Resolved: 2010-07-29
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 7 |
|---|
7Resolved  |
Related Reports
|
Duplicate :
|
Description
FULL PRODUCT VERSION :
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
If you implement a custom java.net.Authenticator and the Password in the PasswordAuthenication object causes the whole username:password string to exceed 76 characters, the Base64Encoder adds a "\n" character.
When an HttpURLConnection tries to use the Authenticator, it fails complaining about the "\n" in the Base64 encoded string.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Implement a java.net.Authenticator that returns a long password. By long, I mean that it will blow the 76 character limit of the Base64Encoder. After 76 characters, the Base64Encoder inserts a "\n" character.
Authenticator.setDefault(your authenticator);
Open an HttpURLConnection to a server which requires Basic Auth.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
If I workaround by creating my own Base64 string and remove the "\n" character then the Basic Auth succeeds fine.
ACTUAL -
Error message. You can't set a Basic Auth header with a newline character in it.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.RuntimeException: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic ZGJvZGVuOntsbDEwfWRib2RlbnwxMTU1MDcyNjAzNTQwfDExNTUxMjY5Njk2Njh8dncrSjZZc2Zm
V1BObzdFQnFlZXgyNVE0YThrPQ==
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at TokenClientAuthenticator.main(TokenClientAuthenticator.java:16)
Caused by: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic ZGJvZGVuOntsbDEwfWRib2RlbnwxMTU1MDcyNjAzNTQwfDExNTUxMjY5Njk2Njh8dncrSjZZc2Zm
V1BObzdFQnFlZXgyNVE0YThrPQ==
at sun.net.www.protocol.http.HttpURLConnection.checkMessageHeader(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.setAuthenticationProperty(Unknown Source)
at sun.net.www.protocol.http.BasicAuthentication.setHeaders(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
... 2 more
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.PasswordAuthentication;
import java.net.URL;
class TokenClientAuthenticator extends Authenticator {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("dboden", "{ll10}dboden|1155072603540|1155126969668|vw+J6YsffWPNo7EBqeex25Q4a8k=".toCharArray());
}
public static void main(String[] args) throws Exception {
Authenticator.setDefault(new TokenClientAuthenticator());
URL url = new URL("http://lolfidsales01:6000/SS/rcp/launch.jnlp"); //change this to a location that requires basic auth
HttpURLConnection con = (HttpURLConnection)url.openConnection();
int responseCode = con.getResponseCode();
System.out.println("Response is " + responseCode);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Don't use an Authenticator, create the Base64 encoded string and remove the "\n"s.
String encodeMe = m_username + ":" + m_sToken;
BASE64Encoder encoder = new BASE64Encoder();
String base64Encoded = encoder.encode(encodeMe.getBytes());
//!Important! - Get rid of any newline characters erroneously
// added by the Base64Encoder
base64Encoded = base64Encoded.replaceAll("\n", "");
basicAuthCredentialsBase64 = base64Encoded;
Comments
|