Bug 1374797 - SwitchYard HTTP Basic Auth is case-sensitive, in violation of rfc2617
Summary: SwitchYard HTTP Basic Auth is case-sensitive, in violation of rfc2617
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: SwitchYard
Version: 6.0.0 GA
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Rob Cernich
QA Contact: Matej Melko
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-09 16:25 UTC by Rick Wagner
Modified: 2019-12-16 06:42 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-09 16:28:37 UTC
Type: Support Patch

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker ENTESB-6083 0 Major Open SwitchYard HTTP Basic Auth is case-sensitive, in violation of rfc2617 2016-09-09 16:25:11 UTC

Description Rick Wagner 2016-09-09 16:25:11 UTC 
rfc2617 [1] specifically states that the 'Basic' token should be case-insensitive, but SwitchYard is rejecting requests that use 'BASIC' instead of 'Basic'.

This is causing a compatibility issue for a customer that relies upon the behavior previously noted with SOA-P. (Case insensitive, per the spec.)

--------------------
1.2 Access Authentication Framework

HTTP provides a simple challenge-response authentication mechanism
that MAY be used by a server to challenge a client request and by a
client to provide authentication information. It uses an extensible,
case-insensitive token to identify the authentication scheme.......
-------------------------

[1] https://www.ietf.org/rfc/rfc2617.txt
Note You need to log in before you can comment on or make changes to this bug.