Skip to main content

Bug in HttpURLConnection with digest authentication?

1 reply [Last post]
nriviera
Offline
Joined: 2007-10-17
Points: 0

I have been trying to use HttpURLConnection to authenticate using the digest method, posting a request to the server, and then reading the response of the request. I am successful with these steps, but problem is, as soon as I call the close() method on the InputStream acquired from HttpURLConnection.getInputStream() a ProtocolException is thrown by DigestAuthentication.checkResponse() because it is being fed a 'null' header.

My code:
-------------------------------------------------------------

public static void main(String[] args) {

try {
Authenticator.setDefault(new HttpAuthenticator());
URL url = new URL("http://192.186.1.0/Server");
URLConnection uconn = url.openConnection();
try {
if ( uconn instanceof HttpURLConnection ) {
HttpURLConnection hconn = (HttpURLConnection) uconn;
hconn.addRequestProperty("Content-Type", "text/xml;charset=UTF-8");
hconn.addRequestProperty("Accept", "text/xml, application/xml");
hconn.setDoOutput(true);

PrintStream out = new PrintStream(hconn.getOutputStream(), false, "UTF8");
out.println("");
out.flush();
out.close();
}

InputStream ins = uconn.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(ins));

String str;
while((str = reader.readLine()) != null) {
System.out.println(str);
}

ins.close(); <-- ** FAILS HERE
} catch (IOException ioe) {
System.out.println("IOException encountered:");
ioe.printStackTrace();
InputStream eins = ((HttpURLConnection)uconn).getErrorStream();
BufferedReader erd = new BufferedReader(new InputStreamReader(eins));
String str;
while((str = erd.readLine()) != null) {
System.out.println(str);
}
}

} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}

}

-------------------------------------------------------------

I believe that the bug is in HttpURLConnection.checkResponseCredentials() which iscalled in the finally clause of HttpInputStream.close(). checkResponseCredentials() should not pass a null header to checkResponse(), and in fact it should not even be trying to check the credentials during a close if it's not necessary (i.e. needCheck==>false), as far as I'm concerned. This makes HttpURLConnection pretty much useless. However, I cannot confirm the precise cause of the problem because the source release of JDK6u3 is not released yet -- it seems the source download page is mistakenly showing the binary page instead.

FYI, I implemented this successfully using apache commons HttpClient, but it would be nice if third party libraries weren't necessary since this behavior is supposedly available as part of the JDK.

cheers,
Ben

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
alanb
Offline
Joined: 2005-08-08
Points: 0

You message doesn't show your Authenticator implementation but in any case, the place to submit bugs is:
http://bugreport.sun.com/bugreport