#440 No 'opaque' causes NPE when attempting DigestAuthentication

closed-fixed
Wolfgang Fahl
None
5
2012-09-12
2010-02-23
Jason McSwain
No

-----------------------
Description:
-----------------------
it would appear that HttpUnit is expecting the "opaque" value to be set on the AuthenticationChallenge. However according to RFC 2109, the "opaque" key/value/pair is optional.

NullPointerException thrown when performing a request against a server using digest authentication.

-----------------------
Actual Results:
-----------------------
java.lang.NullPointerException
at com.meterware.httpunit.AuthenticationChallenge$DigestAuthenticationStrategy$Algorithm.quote(AuthenticationChallenge.java:185)
at com.meterware.httpunit.AuthenticationChallenge$DigestAuthenticationStrategy$Algorithm.append(AuthenticationChallenge.java:180)
at com.meterware.httpunit.AuthenticationChallenge$DigestAuthenticationStrategy$Algorithm.appendDigestParams(AuthenticationChallenge.java:131)
at com.meterware.httpunit.AuthenticationChallenge$DigestAuthenticationStrategy$Algorithm.appendParams(AuthenticationChallenge.java:121)
at com.meterware.httpunit.AuthenticationChallenge$DigestAuthenticationStrategy.createAuthenticationHeader(AuthenticationChallenge.java:239)
at com.meterware.httpunit.AuthenticationChallenge.createAuthenticationHeader(AuthenticationChallenge.java:69)
at com.meterware.httpunit.WebClient.createResponse(WebClient.java:652)
at com.meterware.httpunit.WebWindow.getResource(WebWindow.java:220)
at com.meterware.httpunit.WebWindow.getSubframeResponse(WebWindow.java:181)
at com.meterware.httpunit.WebWindow.getResponse(WebWindow.java:158)
at com.meterware.httpunit.WebWindow.updateWindow(WebWindow.java:199)
at com.meterware.httpunit.WebWindow.getSubframeResponse(WebWindow.java:183)
at com.meterware.httpunit.WebWindow.getResponse(WebWindow.java:158)
at com.meterware.httpunit.WebClient.getResponse(WebClient.java:122)

-----------------------
Expected Results:
-----------------------
- When building the response inside AuthenticationChallenge.DigestAuthenticationStrategy.Algorithm, the code should check to see if the opaque value is null, and if so, then don't try and use it in the response.

-----------------------
Code:
-----------------------
WebConversation wc = new WebConversation();
wc.setAuthentication(realm, usr, pass);
WebRequest req = new GetMethodWebRequest(url);
WebResponse resp = wc.getResponse(req);

Discussion

  • Jason McSwain
    Jason McSwain
    2010-02-23

    Sorry, i may have been mistaken on the particular RFC... this one is more specifically related: RFC 2617

     
  • Wolfgang Fahl
    Wolfgang Fahl
    2012-09-12

    The change is now in the subversion repository and will be in the next build

     
  • Wolfgang Fahl
    Wolfgang Fahl
    2012-09-12

    • assigned_to: nobody --> wolfgang_fahl
    • status: open --> closed-fixed