[jboss-jira] [JBoss JIRA] (WFLY-5618) HTTP Authentication Basic header is case sensitive
Darran Lofthouse (JIRA)
issues at jboss.org
Tue Nov 3 10:54:00 EST 2015
[ https://issues.jboss.org/browse/WFLY-5618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated WFLY-5618:
-----------------------------------
Description:
I wrote client code to login to a rest service with security-constraint. The client code must use an HTTP header of Authorization: Basic [Base 64 username:password]. If 'Basic' is sent as uppercase 'BASIC' it didn't work, but if sent as 'Basic' then it did work. I don't think the HTTP header fields should be case sensitive.
https://tools.ietf.org/rfc/rfc2617.txt
was:
I wrote client code to login to a rest service with security-constraint. The client code must use an HTTP header of Authorization: Basic [Base 64 username:password]. If 'Basic' is sent as uppercase 'BASIC' it didn't work, but if sent as 'Basic' then it did work. I don't think the HTTP header fields should be case sensitive.
More info on HTTP authorization: http://www.httpwatch.com/httpgallery/authentication/
> HTTP Authentication Basic header is case sensitive
> --------------------------------------------------
>
> Key: WFLY-5618
> URL: https://issues.jboss.org/browse/WFLY-5618
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 9.0.2.Final
> Environment: Wildfly 9.0.1.Final.
> Reporter: Karl Nicholas
> Assignee: Darran Lofthouse
> Labels: authorization, http, security-constraint
>
> I wrote client code to login to a rest service with security-constraint. The client code must use an HTTP header of Authorization: Basic [Base 64 username:password]. If 'Basic' is sent as uppercase 'BASIC' it didn't work, but if sent as 'Basic' then it did work. I don't think the HTTP header fields should be case sensitive.
> https://tools.ietf.org/rfc/rfc2617.txt
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list