RFR: 8199849 HttpServer/BasicAuthenticator: unicode bytes are not correctly handled and no workaround is provided
Michael McMahon
michael.x.mcmahon at oracle.com
Wed Dec 12 16:06:26 UTC 2018
Hi Daniel,
On 12/12/2018, 11:46, Daniel Fuchs wrote:
> Hi Michael,
>
> BasicAuthentication.java:
>
> An alternative to:
>
> byte[] passwdBytes = (new String(passwd)).getBytes(cs);
>
> would be:
>
> ByteBuffer bb = cs.newEncoder()
> .encode(CharBuffer.wrap(passwd));
>
> then use ByteBuffer::get to copy the bytes into `concat`
>
> Or better you could construct a CharBuffer that contains both
> the userid, ':', and passwd chars and do the decoding in one go.
>
I think the simplest solution is just to use a StringBuilder to combine
the username and password into one String and encode that string in one
call.
> HttpURLConnection.java
>
> Given that these lines appear twice:
>
> 2310 HeaderParser hp = authhdr.headerParser();
> 2311 Charset charset = null;
> 2312 String cs = hp.findValue("charset");
> 2313 if (cs != null &&
> cs.equalsIgnoreCase("UTF-8")) {
> 2314 charset = StandardCharsets.UTF_8;
> 2315 }
>
>
> I now wonder if it should be moved to a `Charset getAuthCharset()`
> method in AuthenticationHeader?
>
That's a good idea.
Thanks,
Michael
> best regards,
>
> -- daniel
>
> On 12/12/2018 10:51, Michael McMahon wrote:
>> Could I get the following webrev reviewed please?
>>
>> http://cr.openjdk.java.net/~michaelm/8199849/webrev.1/
>>
>> A CSR for the small API change will follow.
>>
>> Thanks,
>>
>> Michael
>
More information about the net-dev
mailing list