PDA

View Full Version : WWW-Authenticate bug


hm2k
04-16-2010, 03:20 PM
Can someone test and confirm this bug?

http://bugs.caucho.com/view.php?id=4000

Thanks.

nam
04-16-2010, 07:02 PM
Tomcat was not setting the request.getAuthType() that Quercus was using.

Fixed for 4.0.7.

hm2k
04-19-2010, 09:15 PM
When can we expect 4.0.7 to be released?

Thanks.

nam
04-20-2010, 08:55 PM
We are currently on a 3-4 week release schedule, and this is week #2.

hm2k
04-21-2010, 04:51 PM
Meanwhile, is there a nightly build/snapshot of resin?

nam
04-24-2010, 01:03 AM
Do not have publicly accessible nightlys, but we do release snapshots from time to time between releases. They should be available at http://www.caucho.com/download

hm2k
05-25-2010, 11:39 AM
This bug is still apparent in Quercus 4.0.7.

Test code:

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>


From: http://php.net/manual/en/features.http-auth.php

To repeat:

Put this code in auth.php and update to Google AppEngine.

Visit http://example.appspot.com/auth.php

You will be prompted for a username and password.

A username and password are being requested by http://example.appspot.com. The site says: "My Realm"

You will never reach the message, it will repeatedly prompt for a username and password.

This suggests that $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] are never populated.

hm2k
06-02-2010, 10:21 AM
Can someone confirm that this bug is still apparent in Quercus 4.0.7?

Thanks.

sblommers
06-02-2010, 05:00 PM
Hi I just created a test.php file with that code on the latest SVN build (4.0.8) and this doesn't seem fixed. Running this on jetty6

Do you think I might need to configure jetty with a realm or is just testing this enough?

sblommers
06-02-2010, 05:06 PM
I see this in the bugtracker:

php/082h
php/082i

Fixed in 4.0.7.

Tomcat is not setting the request.getAuthType().

But I think this got lost in maybe a merge because I cannot find a trace of it in the current SVN. You should reopen it and refere to this bug: http://bugs.caucho.com/view.php?id=4000

Best of luck!

Sebastiaan

hm2k
06-02-2010, 07:10 PM
Yeah, I don't seem to have permission to reopen the bug report.

Hopefully an admin will read this and reopen the bug report.

Cheers for checking this out anyway.

sblommers
06-02-2010, 09:17 PM
I added a new bugreport for this at http://bugs.caucho.com/view.php?id=4065

Best regards,
Sebastiaan