• Post Reply Bookmark Topic Watch Topic
  • New Topic

setRequestProperty ("authorization") in JDK 1.4  RSS feed

 
Richard Grey
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an old (JDK 1.3.1) implementation for sending data across HTTPS which uses an Authorization header.
This is set via the HttpURLConnection urlc.setRequestProperty ("authorization", value) method.
I've now compiled against JDK 1.4.0, replaced occurrences of com.sun.net.ssl.* with javax.net.ssl.* and suddenly the Authorization header is not being set. Everything else functions as per-before correctly.
Has anybody any ideas ?
If I immediately follow my urlc.setRequestProperty ("authorization", value) call with a urlc.getRequestProperty("authorization") call, it returns NULL suggesting the former didn't work.
However, if I read the bytes which comprise the HTTPS header, there is an header in amongst all the other expected headers.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you tried it with a capital 'A'?
'Authorization' as opposed to 'authorization'
see ftp://ftp.isi.edu/in-notes/rfc2616.txt section 14.8
Dave
 
Richard Grey
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Dave, but no luck.

The above always returns null - irrespective of case (and it can also be an HttpsURLConnection)
Is there a bug here in JDK 1.4 or am I missing something ?
In JDK 1.3.1 this code works fine and the recipient has a valid authorization header. But in 1.4 they don't and so refuse to communicate with me
 
Richard Grey
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok - so I submitted a bug to Sun and here's what I got in reply:

Hi Richard,
Well, I can't find any documentation.
Since the bug exists in older versions of the jdk, I think we have chosen not to
publish it. It's a debatable policy, but the one we abide by. For the same
reason the original bug report is not publically available.
-Nathanael
Richard Grey wrote:
>
> Cheers !
>
> Is this (not) documented someplace ?
>
> Regards
>
> -----Original Message-----
> From: Nathanael Thompson
> Sent: 27 June 2002 4:59 pm
> To: Richard Grey
> Subject: Re: (Review ID: 158397) HttpURLConnection method
> setRequestProperty("Authorization") fails to set header
>
> Hi Richard Grey,
>
> Thank you for using our bug submit page.
>
> This behavior is intentional in order to prevent a security hole that
> getRequestProperty() opened. setRequestProperty("Authorization") should
> still
> work, you just won't be able to proof the results via getRequestProperty().
>
> Regards,
> Nathanael
> ----------------- Original Bug Report-------------------
>
> category : java
> release : 1.4
> subcategory : classes_net
> type : bug
> synopsis : HttpURLConnection method setRequestProperty("Authorization")
> fails to set header
> description : FULL PRODUCT VERSION :
> java version "1.4.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92)
> Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode)
>
> FULL OPERATING SYSTEM VERSION :
>
> Microsoft Windows 2000 [Version 5.00.2195]
>
> A DESCRIPTION OF THE PROBLEM :
> The following code snippet compiles but always returns null:
>
> URL destination = new URL("http://www.wherever.com");
> HttpURLConnection urlc = destination.openConnection();
>
> urlc.setRequestProperty("Authorization", "user");
> System.out.println("*** auth: " + urlc.getRequestProperty
> ("Authorization"));
>
> REGRESSION. Last worked in version 1.3.1
>
> STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
> The following code snippet compiles but always returns null:
>
> URL destination = new URL("http://www.wherever.com");
> HttpURLConnection urlc = destination.openConnection();
>
> urlc.setRequestProperty("Authorization", "user");
> System.out.println("*** auth: " + urlc.getRequestProperty
> ("Authorization"));
>
> EXPECTED VERSUS ACTUAL BEHAVIOR :
> Expectped output from this snippet should produce:
>
> *** auth: user
>
> Actual output from this snippet:
>
> *** auth: null
>
> REPRODUCIBILITY :
> This bug can be reproduced always.
 
javalisa
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
httpurlconnection is one of the favorite bugs on Sun's bug parade. Open Source is the way to go. To stick w/ Java, if we one has access to the server one could try RMI. I will try this for my application.
See

http://developer.java.sun.com/developer/bugParade/bugs/4345327.html

This is the page to use to send a bug report - if enough people make noise maybe we can get attention:
http://java.sun.com/cgi-bin/bugreport.cgi
I had the same problem - posted in this forum a few weeks ago, I tried to setrequestheader for the user-agent and it was a no go, I saw on the web that in a way earlier jdk the bug was there -it compiles and runs but gee, does nothing, how nice - can't they just open source the thing so we can fix it - jeeze.
If you do not have access to the server, you might have to try python or maybe jpython.
[ July 10, 2002: Message edited by: javalisa ]
 
GaryGGray
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have just run into the same problem using 1.4. If I had not seen this discussion I would still be trying to make this work. Is there any answer to this short of going back to 1.3.1?
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!