Closed ArwaNashaat closed 10 months ago
Hi, thanks for your report. We implement authentication using OkHttp Authenticators which only activate when they encounter a 401 unauthorized. What happens in your API when no authentication is sent? What's returned?
The result is a NullPointerException.
I am implementing an AccessControlFilter that takes query params from a request sent by Ostara, the request from Ostara looks like the following:
The Filter I'm implementing takes a request and extracts the QeuryString from it:
HttpServletRequest httpRequest = WebUtils.toHttp(servletRequest);
String queryString = httpRequest.getQueryString();
This results in NullPointerException, As the value of the QueryParam is not sent (I don't know why, I'm sending it through Ostara). When I try to send the same request with the same QueryParam from Postman, it works as expected and correctly authenticates it.
The query string will only be sent if a 401 is received without it
Is it the same case with BasicAuth? I tried it and the same happened.
I'm not sure that I understand you correctly, how can I apply authorization on the APIs sent from Ostara. I'm trying to apply authentication on the actuator's APIs.
It's the same case for all authentication types. The way OkHttp behaves in this case is that it expects the first request to fail with a 401 before attempting to authenticate.
Expected Behavior
String queryString should equal the value sent from Ostara.
Current Behavior
String queryString is null, while I'm sending the key & value from Ostara.
Steps to Reproduce
Possible Solution (Not obligatory)
Additional details
Your Environment