Yves Piel created CXF-8747:
------------------------------
Summary: Digest authentication - support of qop="auth-int"
Key: CXF-8747
URL: https://issues.apache.org/jira/browse/CXF-8747
Project: CXF
Issue Type: New Feature
Reporter: Yves Piel
Digest authentication has a parameter qop that can take 2 value 'auth' or
'auth-int': [https://www.rfc-editor.org/rfc/rfc7616.html]
It seems cxf only support 'auth'. We can try withÂ
[https://httpbin.org/#/Auth/get_digest_auth__qop___user___passwd___algorithm_]
{noformat}
@ParameterizedTest
@CsvSource({"auth,MD5",
"auth,SHA-256",
"auth,SHA-512",
"auth-int,MD5",
"auth-int,SHA-256",
"auth-int,SHA-512",})
public void digest(String qop, String algo){
String myUser = "myUser";
String myPassword = "myPassword";
WebClient client = WebClient.create("https://httpbin.org/digest-auth/";)
.path("{qop}/{user}/{passwd}/{algorithm}", qop, myUser,
myPassword, algo);
HTTPConduit httpConduit = WebClient.getConfig(client).getHttpConduit();
AuthorizationPolicy digestAuthPolicy = new AuthorizationPolicy();
digestAuthPolicy.setUserName(myUser);
digestAuthPolicy.setPassword(myPassword);
digestAuthPolicy.setAuthorizationType(HttpAuthHeader.AUTH_TYPE_DIGEST);
httpConduit.setAuthorization(digestAuthPolicy);
Response response = client.invoke("GET", null);
System.out.println(String.format("qop=%s, algo=%s => status: %s", qop,
algo, response.getStatus())); // is 200 OK
}
{noformat}
That generates this output:
{noformat}
qop=auth, algo=MD5 => status: 200
qop=auth, algo=SHA-256 => status: 200
qop=auth, algo=SHA-512 => status: 200
qop=auth-int, algo=MD5 => status: 401
qop=auth-int, algo=SHA-256 => status: 401
qop=auth-int, algo=SHA-512 => status: 401
{noformat}
It could be great to support it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
