From 27958cc708ac3caafbd76f9339a9bd1b5e6fa760 Mon Sep 17 00:00:00 2001
From: jaymode <jay.modi@elasticsearch.com>
Date: Thu, 16 Jun 2016 13:18:35 -0400
Subject: [PATCH] security: add charset to the WWW-Authenticate header

The WWW-Authenticate header can optionally specify the charset that the server uses after
decoding credentials. If this is not specified, most clients will limit the available characters to
ISO-8859-1, which causes issues for certain characters.

See RFC 7617

Closes elastic/elasticsearch#2290

Original commit: elastic/x-pack-elasticsearch@44411eebe7f33323b0672b834a5e151a6fef403e
---
 .../java/org/elasticsearch/shield/support/Exceptions.java     | 4 ++--
 .../java/org/elasticsearch/shield/test/ShieldAssertions.java  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Exceptions.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Exceptions.java
index caac6700b01..349a6b70285 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Exceptions.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Exceptions.java
@@ -19,13 +19,13 @@ public class Exceptions {
 
     public static ElasticsearchSecurityException authenticationError(String msg, Throwable cause, Object... args) {
         ElasticsearchSecurityException e = new ElasticsearchSecurityException(msg, RestStatus.UNAUTHORIZED, cause, args);
-        e.addHeader("WWW-Authenticate", "Basic realm=\"" + Security.NAME + "\"");
+        e.addHeader("WWW-Authenticate", "Basic realm=\"" + Security.NAME + "\" charset=\"UTF-8\"");
         return e;
     }
 
     public static ElasticsearchSecurityException authenticationError(String msg, Object... args) {
         ElasticsearchSecurityException e = new ElasticsearchSecurityException(msg, RestStatus.UNAUTHORIZED, args);
-        e.addHeader("WWW-Authenticate", "Basic realm=\"" + Security.NAME + "\"");
+        e.addHeader("WWW-Authenticate", "Basic realm=\"" + Security.NAME + "\" charset=\"UTF-8\"");
         return e;
     }
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldAssertions.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldAssertions.java
index d7c311e12b4..e2018815c6c 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldAssertions.java
+++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldAssertions.java
@@ -21,6 +21,6 @@ public class ShieldAssertions {
         assertThat(e.status(), is(RestStatus.UNAUTHORIZED));
         assertThat(e.getHeaderKeys(), hasSize(1));
         assertThat(e.getHeader("WWW-Authenticate"), notNullValue());
-        assertThat(e.getHeader("WWW-Authenticate"), contains("Basic realm=\"" + Security.NAME + "\""));
+        assertThat(e.getHeader("WWW-Authenticate"), contains("Basic realm=\"" + Security.NAME + "\" charset=\"UTF-8\""));
     }
 }