Jetty

DigestAuthenticator returns '401 Unauthorized' after successful login in Ajax env.

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Not A Bug
  • Affects Version/s: 7.5.2
  • Fix Version/s: None
  • Component/s: Eclipse
  • Labels:
    None
  • Environment:
    FreeBSD 8.0 + Firefox 8.0
  • Number of attachments :
    1

Description

Hi,

DigestAuthenticator returns '401 Unauthorized' after successful login,
so we have to type userid and password again and again.
The attached files is the summary of HTTP sequence.

. Loggedin
. 200 OKs: for same nounce.
. 401 Unauthorized: 5 seconds after login. 'nc' is not ordered, since this is running on Ajax.

It seems that checkNounce() becomes to be too restrictive.

This happnes with jetty-securiy-7.5.2, 7.5.3, 7.5.4, and does not with 7.5.1.

Thanks,

  1. Text File
    hoge2.txt
    25/Dec/11 7:16 PM
    4 kB
    Fumiyuki Shimizu

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Jan Bartel added a comment -

Please see https://bugs.eclipse.org/bugs/show_bug.cgi?id=336443

The nonce-count must be sequentially increasing.

I suggest that your ajax solution uses only a single connection to ensure that they are ordered sequentially.

Jan

Show
Jan Bartel added a comment - Please see https://bugs.eclipse.org/bugs/show_bug.cgi?id=336443 The nonce-count must be sequentially increasing. I suggest that your ajax solution uses only a single connection to ensure that they are ordered sequentially. Jan
Jan Bartel made changes -
Field Original Value New Value
Resolution Not A Bug [ 6 ]
Status Open [ 1 ] Resolved [ 5 ]

People

  • Assignee:
    Unassigned
    Reporter:
    Fumiyuki Shimizu
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: