RFR: 8199849 HttpServer/BasicAuthenticator: unicode bytes are not correctly handled and no workaround is provided
Daniel Fuchs
daniel.fuchs at oracle.com
Wed Dec 12 11:46:20 UTC 2018
Hi Michael,
BasicAuthentication.java:
An alternative to:
byte[] passwdBytes = (new String(passwd)).getBytes(cs);
would be:
ByteBuffer bb = cs.newEncoder()
.encode(CharBuffer.wrap(passwd));
then use ByteBuffer::get to copy the bytes into `concat`
Or better you could construct a CharBuffer that contains both
the userid, ':', and passwd chars and do the decoding in one go.
HttpURLConnection.java
Given that these lines appear twice:
2310 HeaderParser hp = authhdr.headerParser();
2311 Charset charset = null;
2312 String cs = hp.findValue("charset");
2313 if (cs != null &&
cs.equalsIgnoreCase("UTF-8")) {
2314 charset = StandardCharsets.UTF_8;
2315 }
I now wonder if it should be moved to a `Charset getAuthCharset()`
method in AuthenticationHeader?
best regards,
-- daniel
On 12/12/2018 10:51, Michael McMahon wrote:
> Could I get the following webrev reviewed please?
>
> http://cr.openjdk.java.net/~michaelm/8199849/webrev.1/
>
> A CSR for the small API change will follow.
>
> Thanks,
>
> Michael
More information about the net-dev
mailing list