commons http客户端-协商时的kerberos令牌具有\ r \ n(回车换行符)字符 [英] commons http client - kerberos token while negotiating has \r\n (carriage return line feed) characters
问题描述
我正在尝试使用jakarta commons http客户端.执行kerberos身份验证以与服务器通信.身份验证始终失败.在深入研究时,我发现kerberos令牌标头中包含回车换行符,这是问题的根本原因.为什么它有\ r \ n个字符,为什么这是个问题?
I am trying to use jakarta commons http client. Doing kerberos authentication to communicate with a server. Authentication always fails. On digging deeper I found out that the kerberos token header has carriage return line feed characters in it which is the root cause of the issue. Why does it have \r\n characters and why is that an issue?
推荐答案
\ r \ n字符是一个问题,因为\ r是HTTP控制字符.从本质上讲,这意味着服务器仅看到令牌的第一行,而忽略其余部分,从而导致身份验证失败.更糟糕的是,令牌的下一个赞被视为新的标头,并且格式不正确.因此,http服务器会吓坏了.
\r\n characters in the kerberos token is an issue because \r is an HTTP control characters. That essentially means that the server only sees first line of the token and ignores rest hence failing authentication. To make it worse, the next likes of the token are treated as new headers and will not be formatted well. So http server will freak out.
发生这种情况的原因是因为RFC 1521规范说base64编码行的长度限制为76个字符.因此\ r \ n个字符.这在HTTP协议中不能很好地工作.仅当您使用base64编码的Kerberos令牌时,此选项才会浮出水面.
The reason this happens is because RFC 1521 specification says that base64 encoding line length is limited at 76 characters. Hence \r\n characters. And this does not work well with HTTP protocol. This surfaces only if you use Kerberos tokens that are base64 encoded.
因此,解决方案是从kerberos base64编码的令牌头中除去\ r \ n个字符.同样,较早版本的apache commons编解码器不会将base64编码限制为76行,因此不是问题.因此,如果您喜欢编码,请剔除有问题的字符.如果您不这样做的话,请在commons-httpclient中使用旧版本的apache commons代码.
So solution to this is to strip out \r\n characters from the kerberos base64 encoded token header. Also, older versions of apache commons codec will not limit base64 encoding to 76 lines and hence not an issue. So if you have hook into encoding, strip out the problematic characters. If you don't then use older version of apache commons code with commons-httpclient.
这篇关于commons http客户端-协商时的kerberos令牌具有\ r \ n(回车换行符)字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
