Unable to use custom authentication (because of Invalid auth header in AuthenticationFilter)
Daniel Fuchs
daniel.fuchs at oracle.com
Mon May 28 11:14:15 UTC 2018
Hi Yann,
Sorry for the late reply. For some reason your email wasn't
delivered until now :-(
Do you know which headers is sent back to the client with the
401 response?
The client expects either WWW-Authenticate with 401 or
Proxy-Authenticate with 407 - and will throw an
IOException: Invalid auth header
if the header expected for the unauthorized code is
not found.
I have logged https://bugs.openjdk.java.net/browse/JDK-8203882
to try and improve this behavior, but it would be helpful
to know what headers the server sends back with its 401
response.
best regards,
-- daniel
On 15/04/2018 22:01, Yann Le Moigne wrote:
> Hello,
>
> I tried to use the incubator/httpclient to use a rest API. This API use non standard header and a json web token for authentication. This API return 401 status when the token is missing.
>
> Currently ( java version "10" 2018-03-20 ) the response processing end with :
> ```
> java.io.IOException: Invalid auth header
> at jdk.incubator.httpclient/jdk.incubator.http.AuthenticationFilter.lambda$response$1(AuthenticationFilter.java:211)
> ```
>
> I did not find a way to disable this filter or workaround the issue, and the current code block my use case.
>
> Is it intended ? (I believe that 401 is agnostic about the way the auth must be performed, but I’m not sure)
> Any workaround to suggest ?
>
> Regards,
> Yann.
>
More information about the net-dev
mailing list