Uploaded image for project: 'Drools'
  1. Drools
  2. DROOLS-693

UrlResource does not handle Basic Authentication correctly

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 6.2.0.Final
    • 6.2.0.CR4
    • None
    • None

    Description

      See the following forum posts:

      [drools-usage] Loading Kie jar via HTTP causing HTTP 500 Error

      [drools-usage] integrate external project jar (created by WB) into our web application

      These both do something similar to this:

      KieServices ks = KieServices.Factory.get();
KieRepository kr = ks.getRepository();
UrlResource urlResource = (UrlResource) ks.getResources().newUrlResource("http://ip:9080/kie-drools-wb-distribution/maven2/com/ost/myproj/1.0/myproj-1.0.jar");
urlResource.setUsername("username");
urlResource.setPassword("password");
urlResource.setBasicAuthentication("enabled");

InputStream is = null;
    try {
        is = urlResource.getInputStream();
        KieModule kModule = kr.addKieModule( ks.getResources().newInputStreamResource(is) );
...

      UrlResources's grabStream() and grabLastMod() methods do not Base64 encode the UID:PWD in accordance with HTTP Specification http://tools.ietf.org/html/rfc2617#page-5.

      I'd be tempted to further improve UrlResource to only append Basic Authentication information if Basic Authentication has been enabled on the UrlResource instance.

      Attachments

        Activity

          People

            manstis@redhat.com Michael Anstis
            manstis@redhat.com Michael Anstis
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: