2

I'm using HTTP Header Basic authentication to send username and password to the server:

Code:

List<String> as = new ArrayList<String>();
HttpTransportProperties.Authenticator basicAuth = new HttpTransportProperties.Authenticator();

as.add(Authenticator.BASIC);
basicAuth.setAuthSchemes(as);

basicAuth.setUsername("ABC");
basicAuth.setPassword("password");

basicAuth.setPreemptiveAuthentication(true);

serviceStub._getServiceClient().getOptions().setProperty(
                org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE,
                basicAuthenticator);

I'm using Tomcat 6 as a server.

In catalina.log file, I can see the following:

header=authorization=Basic U2hyZXlhczpwYXNzd29yZA==

I'm expecting "authorization" as "Authorization" i.e. Captial 'A' in authorization.

I've checked many existing post but not able to find the answer.

Could you please advice how to achieve above result?

Thanks in advance

Abhijit
  • 374
  • 3
  • 15
user2078308
  • 41
  • 2
  • 9

1 Answers1

3

HTTP Headers field names, as authorization, are case insensitive

From RFC 2616 - "Hypertext Transfer Protocol -- HTTP/1.1", Section 4.2, "Message Headers":

Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive.

So case shouldn't matter

EDIT Add a newer HTTP/1.1 document for reference

Community
  • 1
  • 1
Ori Marko
  • 56,308
  • 23
  • 131
  • 233
  • 1
    Correct answer, but you are citing a very obsolete spec. – Julian Reschke Nov 21 '18 at 09:23
  • @JulianReschke Add a newer HTTP/1.1 document for reference – Ori Marko Nov 21 '18 at 09:26
  • Thanks for your comment. Its good that field names are case case-insensitive. Are there any options if we need to still change these fields? – user2078308 Nov 21 '18 at 10:21
  • @user2078308 shouldn't last line use `basicAuth` and not `basicAuthenticator`? – Ori Marko Nov 21 '18 at 10:29
  • @user7294900 - ya..I already corrected that in my code. Do you know any options to change "authentication" to "Authentication"? – user2078308 Nov 21 '18 at 10:45
  • Capitalize it,see https://stackoverflow.com/questions/3904579/how-to-capitalize-the-first-letter-of-a-string-in-java – Ori Marko Nov 21 '18 at 10:53
  • @user7294900 - No. RFC 2616 is really out of date. You need to look at RFC 7231. – Julian Reschke Nov 21 '18 at 10:59
  • Hi @user7294900, where we will get "Authentication" header field in above code which we can update/capitalize? I tried to find it but not able to see that. Can you please help? – user2078308 Nov 22 '18 at 04:37
  • @user2078308 use `HEADER_AUTHORIZATION` instead `AUTHENTICATE` – Ori Marko Nov 22 '18 at 08:44
  • I tried to use HEADER_AUTHORIZATION but I can't see any header field 'Authorization' in tomcat logs. Do you know how can ensure if suggested approach is working? – user2078308 Nov 22 '18 at 09:05
  • Just to conclude this thread. Tomcat 6 is logging HTTP header field as "authorization" instead of "Authorization". I used SOAP UI to test the same code and it is correctly displaying field as "Authorization". – user2078308 Nov 22 '18 at 13:08
  • @user2078308 see https://www.mulesoft.org/jira/browse/MULE-4325 or Tomcat 7 won't fix issue https://bz.apache.org/bugzilla/show_bug.cgi?id=58464 – Ori Marko Nov 22 '18 at 13:09