Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-5618

HTTP Authentication Basic header is case sensitive

XMLWordPrintable

    • Hide

      Configure a simple restful service, protect it with <security-constraint> in web.xml. Write client with Authorization: Basic header. Change 'Basic' to 'BASIC'. E.g.:
      requestContext.getHeaders().add( "Authorization", "Basic " + DatatypeConverter.printBase64Binary(
      (user+":"+password).getBytes("UTF-8")) );

      Show
      Configure a simple restful service, protect it with <security-constraint> in web.xml. Write client with Authorization: Basic header. Change 'Basic' to 'BASIC'. E.g.: requestContext.getHeaders().add( "Authorization", "Basic " + DatatypeConverter.printBase64Binary( (user+":"+password).getBytes("UTF-8")) );
    • Compatibility/Configuration
    • Workaround Exists
    • Hide

      User 'Basic' instead of 'BASIC' in authorization http header.

      Show
      User 'Basic' instead of 'BASIC' in authorization http header.
    • Low

      I wrote client code to login to a rest service with security-constraint. The client code must use an HTTP header of Authorization: Basic [Base 64 username:password]. If 'Basic' is sent as uppercase 'BASIC' it didn't work, but if sent as 'Basic' then it did work. I don't think the HTTP header fields should be case sensitive.

      https://tools.ietf.org/rfc/rfc2617.txt

            sdouglas1@redhat.com Stuart Douglas
            karlnicholas Karl Nicholas (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: