users@jersey.java.net

Base64 encoding in HTTPBasicAuthFilter

From: Martin Probst <mail_at_martin-probst.com>
Date: Wed, 8 Jul 2009 13:08:46 +0200

Hi all,

I noticed a weird thing in my copy of jersey 1.1.0-ea; the
HTTPBasicAuthFilter seems to be wrong. The constructor builds the
header value like this:

  authentication = "Basic " + Base64.encode(username + ":" + password);

But Base64.encode(...) returns a byte array. This is then implicitly
converted to a String like "B[@...", but not the sequence of bytes as
ASCII. The net effect is that the auth header will be invalid. I guess
the correct code should be along the lines of:

  authentication = "Basic " + new String(Base64.encode(username + ":"
+ password), Charset.forName("ASCII"));

At least that works for me and produces a proper auth header. The
weird thing is that this really cannot have worked ever, as far as I
can see?

Martin