0aa80c7af2
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
33 lines
988 B
Plaintext
33 lines
988 B
Plaintext
== How to fix it in Apache HttpClient
|
|
|
|
=== Code examples
|
|
The following code uses basic authentication to send out an HTTP request to a protected endpoint.
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
import org.apache.http.client.methods.HttpPost;
|
|
|
|
String encoded = Base64.getEncoder().encodeToString("login:passwd".getBytes());
|
|
HttpPost httpPost = new HttpPost("http://api.example.com/foo");
|
|
httpPost.setHeader("Authorization", "Basic " + encoded); // Noncompliant
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,java,diff-id=1,diff-type=compliant]
|
|
----
|
|
import org.apache.http.client.methods.HttpPost;
|
|
|
|
// An access token should be retrieved before the HTTP request
|
|
String accessToken = System.getenv("ACCESS_TOKEN");
|
|
HttpPost httpPost = new HttpPost("http://api.example.com/foo");
|
|
httpPost.setHeader("Authorization", "Bearer " + accessToken);
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/token-auth.adoc[]
|
|
|
|
include::../../common/fix/ssl.adoc[] |