commons http client - kerberos token while negotiating has \r\n (carriage return line feed) characters

不羁岁月 提交于 2020-01-04 11:09:18

问题


I am trying to use jakarta commons http client. Doing kerberos authentication to communicate with a server. Authentication always fails. On digging deeper I found out that the kerberos token header has carriage return line feed characters in it which is the root cause of the issue. Why does it have \r\n characters and why is that an issue?


回答1:


\r\n characters in the kerberos token is an issue because \r is an HTTP control characters. That essentially means that the server only sees first line of the token and ignores rest hence failing authentication. To make it worse, the next likes of the token are treated as new headers and will not be formatted well. So http server will freak out.

The reason this happens is because RFC 1521 specification says that base64 encoding line length is limited at 76 characters. Hence \r\n characters. And this does not work well with HTTP protocol. This surfaces only if you use Kerberos tokens that are base64 encoded.

So solution to this is to strip out \r\n characters from the kerberos base64 encoded token header. Also, older versions of apache commons codec will not limit base64 encoding to 76 lines and hence not an issue. So if you have hook into encoding, strip out the problematic characters. If you don't then use older version of apache commons code with commons-httpclient.



来源:https://stackoverflow.com/questions/3018148/commons-http-client-kerberos-token-while-negotiating-has-r-n-carriage-return

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!