Rolled back 2nd change

Author: alessandro.gherardi

connectors/apache-connector/src/test/java/org/glassfish/jersey/apache/connector/AuthTest.java

@@ -182,25 +182,6 @@ public String getDigest(@Context HttpHeaders h) {
             return "GET";
         }
 
-        @GET
-        @Path("basicAndDigest")
-        public String getBasicAndDigest(@Context HttpHeaders h) {
-            String value = h.getRequestHeaders().getFirst("Authorization");
-            if (value == null) {
-                throw new WebApplicationException(
-                        Response.status(401).header("WWW-Authenticate", "Basic realm=\"WallyWorld\"")
-                            .header("WWW-Authenticate", "Digest realm=\"WallyWorld\"")
-                            .entity("Forbidden").build());
-            } else if (value.startsWith("Basic")) {
-                throw new WebApplicationException(
-                        Response.status(401).header("WWW-Authenticate", "Basic realm=\"WallyWorld\"")
-                            .header("WWW-Authenticate", "Digest realm=\"WallyWorld\"")
-                            .entity("Digest authentication expected").build());
-            }
-
-            return "GET";
-        }
-
         @POST
         public String post(@Context HttpHeaders h, String e) {
             requestCount++;
@@ -310,19 +291,6 @@ public void testAuthGetWithDigestFilter() {
         assertEquals(cm.getTotalStats().getLeased(), 0);
     }
 
-    @Test
-    public void testAuthGetWithBasicAndDigestFilter() {
-        ClientConfig cc = new ClientConfig();
-        PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager();
-        cc.connectorProvider(new ApacheConnectorProvider());
-        cc.property(ApacheClientProperties.CONNECTION_MANAGER, cm);
-        Client client = ClientBuilder.newClient(cc);
-        client.register(HttpAuthenticationFeature.universal("name", "password"));
-        WebTarget r = client.target(getBaseUri()).path("test/basicAndDigest");
-
-        assertEquals("GET", r.request().get(String.class));
-    }
-
     @Test
     @Ignore("JERSEY-1750: Cannot retry request with a non-repeatable request entity. How to buffer the entity?"
             + " Allow repeatable write in jersey?")

core-client/src/main/java/org/glassfish/jersey/client/authentication/HttpAuthenticationFilter.java

@@ -220,21 +220,15 @@ public void filter(ClientRequestContext request, ClientResponseContext response)
         Type result = null; // which authentication is requested: BASIC or DIGEST
         boolean authenticate;
 
-        // If the server requests both BASIC and DIGEST, prefer DIGEST since it's stronger
-        // (see https://tools.ietf.org/html/rfc2617#section-4.6)
         if (response.getStatus() == Response.Status.UNAUTHORIZED.getStatusCode()) {
-            List<String> authStrings = response.getHeaders().get(HttpHeaders.WWW_AUTHENTICATE);
-            if (authStrings != null) {
-                for (String authString : authStrings) {
-                    final String upperCaseAuth = authString.trim().toUpperCase();
-                    if (result == null && upperCaseAuth.startsWith("BASIC")) {
-                        result = Type.BASIC;
-                    } else if (upperCaseAuth.startsWith("DIGEST")) {
-                        result = Type.DIGEST;
-                    }
-                }
-                 
-                if (result == null) {
+            String authString = response.getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE);
+            if (authString != null) {
+                final String upperCaseAuth = authString.trim().toUpperCase();
+                if (upperCaseAuth.startsWith("BASIC")) {
+                    result = Type.BASIC;
+                } else if (upperCaseAuth.startsWith("DIGEST")) {
+                    result = Type.DIGEST;
+                } else {
                     // unknown authentication -> this filter cannot authenticate with this method
                     return;
                 }