Uploaded image for project: 'GeoTools'
  1. GEOT-5731

Bad Authorization header encoding in SimpleHTTPClient

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 12.2, 16.0, 17.1
    • Fix Version/s: 16.4, 17.2
    • Component/s: main
    • Labels:
      None
    • Environment:

      Oracle Corporation: 1.8.0_91 (Java HotSpot(TM) 64-Bit Server VM)

      Description

      This issue has been found while trying to use very long credentials in GeoServer WMS cascading Store settings.

      GeoTools Simple HTTP Client encodes the credentials using Base64, but the encoder adds newlines.

      Here's the line: https://github.com/geotools/geotools/blob/master/modules/library/main/src/main/java/org/geotools/data/ows/SimpleHttpClient.java#L157

      New lines are not allowed in Authorization header "Basic" encoding:
      https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
      http://www.ietf.org/rfc/rfc2617.txt

      I think it can be simply fixed passing the Base64.DONT_BREAK_LINES option to the encoder.

      As a side note, the encoder had some improvements during the years and it is now part of Java8.

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                aaime Andrea Aime
                Reporter:
                Gnafu Gnafu
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: