Improve detection of basic auth challenge (#69)

labkey-adam · web-flow · commit fbcdbfef7ddc · 2024-02-14T16:31:51.000-08:00
diff --git a/src/org/labkey/remoteapi/ApiKeyCredentialsProvider.java b/src/org/labkey/remoteapi/ApiKeyCredentialsProvider.java
@@ -18,6 +18,7 @@
 import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
 import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
 import org.apache.hc.client5.http.protocol.HttpClientContext;
+import org.apache.hc.core5.http.HttpStatus;
 import org.labkey.remoteapi.security.EnsureLoginCommand;
 
 import java.io.IOException;
@@ -55,8 +56,7 @@ public boolean shouldRetryRequest(CommandException exception, HttpUriRequest req
         // requests should use the session. This mimics the behavior of BasicAuthCredentialsProvider.
 
         String authHeaderValue = exception.getAuthHeaderValue();
-
-        boolean authChallenge = (null != authHeaderValue && authHeaderValue.startsWith("Basic realm") && "You must log in to view this content.".equals(exception.getMessage()));
+        boolean authChallenge = (exception.getStatusCode() == HttpStatus.SC_UNAUTHORIZED && null != authHeaderValue && authHeaderValue.startsWith("Basic realm"));
 
         if (authChallenge)
             request.setHeader("apikey", _apiKey);
