Craig McClanahan created CXF-4771:
-------------------------------------
Summary: OAuth 2.0 MAC Authorization Header is not parsed correctly
Key: CXF-4771
URL: https://issues.apache.org/jira/browse/CXF-4771
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 2.7.2
Reporter: Craig McClanahan
I'm trying to implement MAC authorization on my OAuth 2.0 server. I use
OAuthClientUtils#createAuthorizationHeader() to create an authorization header
that, on the wire, looks something like this:
Authorization: MAC
id="55aa32664c6e1ae9eea4f8d2a6b6fe3",nonce="bMIaTnH+yw7daK6augoW9waPBhQ=",mac="xMgBytGHEyVjLk0Bea5Sa6jfMdUvvrCWJhlL95rtNHs=",ts="1358796727285",
There is a minor problem with this -- the trailing comma should be eliminated.
The major problem, though, is when the server tries to parse this
(AuthorizationUtils#getAuthorizationParts()). The call to
mc.getHttpHeaders().getRequestHeader("Authorization") returns five header
values instead of one. It appears to be parsing on both spaces and commas.
This causes the remaining logic to never parse the MAC token.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
