#1209 ✓resolved

Bug in WS library when handling HTTP 401 responses

Reported by Jamie | November 3rd, 2011 @ 02:19 AM | in 1.2.4 (closed)

There's a bug with the WS library in dealing with 401 (Unauthorized) responses using either WSAsync or WSUrlFetch:

1) Using WSAsync - The call to WS.get() times out with a RuntimeException instead of returning the proper 401 response:

A java.lang.RuntimeException has been caught, java.util.concurrent.ExecutionException: java.util.concurrent.TimeoutException: No response received after 10000

2) Using WSUrlFetch - An IOException is wrapped with a RuntimeException then thrown, instead of returning a proper 401 response:

A java.lang.RuntimeException has been caught, java.lang.RuntimeException: java.io.IOException: Server returned HTTP response code: 401 for URL: http://browserspy.dk/password-ok.php

Note that making the same authenticated request via "curl" (via the command line) or using native Java's HttpURLConnection work fine.

Here's how to test/verify this bug:

1) Create a FunctionalTest with the following method:

    public void test() {
        // The correct username/password is "test" & "test"
        HttpResponse resp = WS.url("http://browserspy.dk/password-ok.php").authenticate("bad", "bad").timeout("10s").get();

2) To test via WSAsync (the default), leave the following commented in application.conf. To test WSUrlFetch, uncomment.

# WS configuration
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Default engine is Async Http Client, uncomment to use
# the JDK's internal implementation
# webservice = urlfetch

For more details, I posted on the forum: https://groups.google.com/forum/#!msg/play-framework/LbOt_INDBcI/hE...

I will submit a patch/pull request for the WSUrlFetch issue. I'm unclear on how to fix the WSAsync issue.

Framework version: 1.2.3
Platform you're using: Mac OSX

Reproduction steps: See above

Details: See above

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2>Play framework</h2>

Play makes it easier to build Web applications with Java. It is a clean alternative to bloated Enterprise Java stacks. It focuses on developer productivity and targets RESTful architectures. Learn more on the <a href="http://www.playframework.org">http://www.playframework.org</a> website.<br><br>

<h2>Source code is hosted on github</h2>Check out our repository at <a href="http://github.com/playframework/play">http://github.com/playframework/play</a><br><br>

<h2>Contributing, creating a patch</h2> Please read the <a href="http://play.lighthouseapp.com/projects/57987/contributor-guide">contributor guide</a><br><br>

<h2>Reporting Security Vulnerabilities</h2> Since all bug reports are public, please report any security vulnerability directly to <em>guillaume dot bort at gmail dot com</em>.<br><br>

<h2>Creating a bug report</h2> Bug reports are incredibly helpful, so take time to report bugs and request features in our ticket tracker. We’re always grateful for patches to Play’s code. Indeed, bug reports with attached patches will get fixed far quickly than those without any.<br><br>

Please include as much relevant information as possible including the exact framework version you're using and a code snippet that reproduces the problem.<br><br>

Don't have too much expectations. Unless the bug is really a serious "everything is broken" thing, you're creating a ticket to start a discussion. Having a patch (or a branch on Github we can pull from) is better, but then again we'll only pull high quality branches that make sense to be in the core of Play.