Java Solaris Communities Sun Store Join SDN My Profile Why Join?
» search tips 
Sun Developer Network
Developers Home > Products & Technologies > Java Technology > Community > Bug Database >
Join SDNWhy Join
 
Bug Database
Bug Detail
Quick Lists
Top 25 Bugs
Top 25 RFE's
Recently Closed Bugs
Printable Page Printable Page


Bug Database
Welcome
 
»  Login
»  Report a Bug
»  FAQs
  Bug Watch List:
» Watch this Bug
 Bug Votes:
 This bug is Closed.You cannot Vote for it.
Bug ID: 4615330
Votes 0
Synopsis REGRESSION: error in URLConnection.setRequestProperty with Base64 encoded str
Category java:classes_net
Reported Against merlin-beta3
Release Fixed
State 11-Closed, Not a Defect, bug
Priority: 4-Low
Related Bugs
Submit Date 18-DEC-2001
Description 




FULL PRODUCT VERSION :
java version "1.3.1_01"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1_01)
Java HotSpot(TM) Client VM (build 1.3.1_01, mixed mode)

java version "1.4.0-beta3"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-beta3-b84)
Java HotSpot(TM) Client VM (build 1.4.0-beta3-b84, mixed mode)

FULL OPERATING SYSTEM VERSION : 
 customer  Windows 2000 [Version 5.00.2195]

A DESCRIPTION OF THE PROBLEM :
Passing a Base64Encoded string to method setRequestProperty
of the URLConnection class causes the following error to be
thrown:

java.lang.IllegalArgumentException: Illegal character(s) in
message header value: Basic bGF3c29uOmxhd3Nvbg=="

This negates the ability to retrieve data from an http url
that requires basic authentication.

It looks like this is the result of the fix for bug 4459903


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Compile code listed below
2. run program
3. view error output

EXPECTED VERSUS ACTUAL BEHAVIOR :
The program should simply return the Yahoo home page (the
web server will ignore the "Authourization" header).  The
call to Yahoo is never completed, the error listed below is
thrown.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.IllegalArgumentException: Illegal character(s) in
message header value: Basic bGF3c29uOmxhd3Nvbg=="

This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.io.*;
import java.net.*;
import java.text.*;
import java.util.*;

// Base 64 Coders
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

class setHeaderTest
{
	public static void main(String args[])
		throws Exception
	{
		System.out.println(setHeaderTest.FetchURL
("http://www.yahoo.com","user","password"));
	}

	public static String FetchURL (String urlString,String uid,String pw)
		throws java.io.IOException,  java.net.MalformedURLException
	{
		String outStr = new String();
		URL url = new URL (urlString);

		String User = uid+":"+pw;
		BASE64Encoder encoder = new BASE64Encoder();
		String encoding = new String
(encoder.encodeBuffer(User.getBytes()));
		URLConnection uc = url.openConnection();
		uc.setRequestProperty
("Authorization", "Basic " + encoding);

		InputStream content = (InputStream)
uc.getContent();
		BufferedReader in = new BufferedReader (new
InputStreamReader (content));
		String line;
		while ((line = in.readLine()) != null) {
			outStr += line;
		}

		return outStr;
	}

}
---------- END SOURCE ----------

CUSTOMER WORKAROUND :
There is no work around for this issue outside of writing a
custom socket solution.

Release Regression From : 1.3
The above release value was the last known release where this 
bug was knwon to work. Since then there has been a regression.

(Review ID: 137400) 
======================================================================
Work Around 
1. Instead of using BASE64Encoder.encodeBuffer() which will add a '\n' at the end of the encoded output, use BASE64Encoder.encode();

or 

2. Modify the test to something like the following:

import java.io.*;
import java.net.*;
import java.text.*;
import java.util.*;

class setHeaderTest
{
	public static void main(String args[])
		throws Exception
	{
		System.out.println(new setHeaderTest().FetchURL
("http://www.yahoo.com"));
	}

	public String FetchURL (String urlString)
		throws java.io.IOException,  java.net.MalformedURLException
	{
	Authenticator.setDefault(new MyAuthenticator ());

		String outStr = new String();
		URL url = new URL (urlString);
		URLConnection uc = url.openConnection();
		InputStream content = (InputStream)
uc.getContent();
		BufferedReader in = new BufferedReader (new
InputStreamReader (content));
		String line;
		while ((line = in.readLine()) != null) {
			outStr += line;
		}

		return outStr;
	}

class MyAuthenticator extends Authenticator {
    MyAuthenticator () {
        super ();
    }

     public PasswordAuthentication getPasswordAuthentication ()
    {
        return (new PasswordAuthentication ("user", "password".toCharArray()));
    }
}

}
Evaluation 
This regression was introduced as a result of fixing bug 4447135. The fix would disallow '\n' inside the key or consecutive '\n's inside the value of http headers.

Please see 'Work Around' for viable workaround.

  xxxxx@xxxxx   2001-12-20

According to RFC 2616, CRLF is not allowed in http header names; consecutive CRLFs are not allowed in http header values. So the customer's program needs to be changed as recommended in the 'Work Around...". I will close this bug as 'not a bug'.

  xxxxx@xxxxx   2001-12-24
Comments
  
  Include a link with my name & email   


PLEASE NOTE: JDK6 is formerly known as Project Mustang





About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment
How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
© 2010, Oracle Corporation and/or its affiliates
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Content Feeds