chury / ksoap2-android

Automatically exported from code.google.com/p/ksoap2-android
0 stars 0 forks source link

Basic authentication fails on long username/password combinations. #192

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

1. Setup a basic auth realm with a long username and password combination
2. Add a authorization header to the transport call. 

headerList.add(new HeaderProperty("Authorization", "Basic " + 
org.kobjects.base64.Base64.encode("username:password".getBytes())));

3. Perform a call to the realm, and get a 401 HTTP error.
4. Correct the base 64 encoding in header to:

headerList.add(new HeaderProperty("Authorization", "Basic " + 
android.util.Base64.encodeToString("username:password".getBytes(), 
android.util.Base64.NO_WRAP));

What version of the product are you using? On what operating system?

ksoap 3.2.0

Please provide any additional information below.

The base 64 encoding used in HttpBasicAuth follows the standard base64 
encoding, which wraps the encoded string at character 76. This is not allowed 
for basic authorization, which expects the entire content without any line 
breaks.

This can be fixed by using the standard Base64 encoding from the android 
platform without wrapping being performed.

Original issue reported on code.google.com by dvank...@gmail.com on 23 May 2014 at 12:59