search

lemonzone2010 / javamelody

Automatically exported from code.google.com/p/javamelody
0 stars 0 forks source link

HTTP-401 / WWW-Authenticate wrongly reported as HTTP error #455

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Install JavaMelody on Webapp that uses HTTP-basic auth
2. Trigger a HTTP-401 / WWW-Authenticate flow
3. JavaMelody reports the 401 as an HTTP error whilst is only the first-phase 
of an HTTP Basic Auth handshake

What is the expected output? What do you see instead?
I would have expected the 401 / WWW-Authenticate to be treated as normal traffic

What version of the product are you using? On what application server, JDK,
operating system?
JDK 1.7 / MacOSX

Please provide any additional information below.

Original issue reported on code.google.com by luca.mil...@gmail.com on 21 Jan 2015 at 11:54

GoogleCodeExporter commented 9 years ago 
The problem is in the net.bull.javamelody.MonitoringFilter, line 234:

if (wrappedResponse.getCurrentStatus() >= 400) {
                    systemError = true;
                    errorCounter.addRequestForSystemError(
                            "Error" + wrappedResponse.getCurrentStatus(), duration, cpuUsedMillis,
                            null);
                }

When respose is 401 with WWW-Authenticate header, the response is NOT actually 
an error but only the first handshake of a Basic (or Digest) Auth.

Original comment by luca.mil...@gmail.com on 21 Jan 2015 at 11:57

GoogleCodeExporter commented 9 years ago 
This is fixed in trunk (revision 4009) and ready for the next release (1.55).

Thanks

Original comment by evernat@free.fr on 29 Jan 2015 at 2:01