Details
Description
The get request in the velocity code block does not pass given basic authentication credentials into request.
Neither passing them with
getURLContent("https://website.com", "lrlunin", "Pa$$w0rd")
nor with
getURLContent("https://lrlunin:Pa$$w0rd@website.com")
I used app.beeceptor.com to discover the oncoming request headers and got this:
{ "user-agent": "XWikiBot/1.0", "x-forwarded-for": "62.141.173.204", "x-forwarded-host": "xwiki.free.beeceptor.com", "x-forwarded-proto": "https", "accept-encoding": "gzip" }
while the same request done with postman/curl got this:
{ "user-agent": "PostmanRuntime/7.33.0", "accept": "*/*", "accept-encoding": "gzip, deflate, br", "authorization": "Basic HJsdW5pbjpnaHBfeDRlWWlDQddVVJoZUxoWVhueDZtb1JVOTI1MzBEZXF1", "postman-token": "33c2dffd-a559-4e0b-aa5b-69f1964a8535", "x-forwarded-for": "89.247.251.102", "x-forwarded-host": "xwiki.free.beeceptor.com", "x-forwarded-proto": "https" }
So I am pretty sure that the Apache HttpClient ignores the credentials given. I found some similar issues:
- https://stackoverflow.com/questions/18108783/apache-httpclient-doesnt-set-basic-authentication-credentials
- https://stackoverflow.com/questions/2014700/preemptive-basic-authentication-with-apache-httpclient-4