[jboss-jira] [JBoss JIRA] (DROOLS-693) UrlResource does not handle Basic Authentication correctly

Michael Anstis (JIRA) issues at jboss.org
Tue Jan 20 14:27:49 EST 2015 

     [ https://issues.jboss.org/browse/DROOLS-693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Anstis resolved DROOLS-693.
-----------------------------------
      Assignee: Michael Anstis  (was: Mark Proctor)
    Resolution: Done


*drools*
(master) http://github.com/droolsjbpm/drools/commit/7c1900629

(6.2.x) http://github.com/droolsjbpm/drools/commit/3b725b5e5

> UrlResource does not handle Basic Authentication correctly
> ----------------------------------------------------------
>
>                 Key: DROOLS-693
>                 URL: https://issues.jboss.org/browse/DROOLS-693
>             Project: Drools
>          Issue Type: Bug
>    Affects Versions: 6.2.0.CR4
>            Reporter: Michael Anstis
>            Assignee: Michael Anstis
>             Fix For: 6.2.0.Final
>
>
> See the following forum posts:
> [drools-usage] Loading Kie jar via HTTP causing HTTP 500 Error
> [drools-usage] integrate external project jar (created by WB) into our web application
> These both do something similar to this:
> {code}
> KieServices ks = KieServices.Factory.get();
> KieRepository kr = ks.getRepository();
> UrlResource urlResource = (UrlResource) ks.getResources().newUrlResource("http://ip:9080/kie-drools-wb-distribution/maven2/com/ost/myproj/1.0/myproj-1.0.jar");
> urlResource.setUsername("username");
> urlResource.setPassword("password");
> urlResource.setBasicAuthentication("enabled");
> InputStream is = null;
>     try {
>         is = urlResource.getInputStream();
>         KieModule kModule = kr.addKieModule( ks.getResources().newInputStreamResource(is) );
> ...
> {code}
> UrlResources's grabStream() and grabLastMod() methods do not Base64 encode the UID:PWD in accordance with HTTP Specification http://tools.ietf.org/html/rfc2617#page-5.
> I'd be tempted to further improve UrlResource to only append Basic Authentication information *if* Basic Authentication has been enabled on the  UrlResource instance. 



--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

More information about the jboss-jira mailing list