On Jul 8, 2009, at 1:08 PM, Martin Probst wrote:
> Hi all,
>
> I noticed a weird thing in my copy of jersey 1.1.0-ea; the
> HTTPBasicAuthFilter seems to be wrong. The constructor builds the
> header value like this:
>
> authentication = "Basic " + Base64.encode(username + ":" + password);
>
> But Base64.encode(...) returns a byte array. This is then implicitly
> converted to a String like "B[@...", but not the sequence of bytes as
> ASCII. The net effect is that the auth header will be invalid. I guess
> the correct code should be along the lines of:
>
> authentication = "Basic " + new String(Base64.encode(username + ":"
> + password), Charset.forName("ASCII"));
>
> At least that works for me and produces a proper auth header. The
> weird thing is that this really cannot have worked ever, as far as I
> can see?
>
Me neither, how very embarrassing, i have fixed it in the trunk.
Thanks,
Paul.