RFR 8199849: HttpServer/BasicAuthenticator: unicode bytes are not correctly handled
Michael McMahon
michael.x.mcmahon at oracle.com
Tue Aug 6 16:20:49 UTC 2019
Thanks Daniel. Suggested changes made and new webrev at:
http://cr.openjdk.java.net/~michaelm/8199849/webrev.4/
- Michael.
On 06/08/2019, 14:37, Daniel Fuchs wrote:
> Hi Michael, Patrick,
>
> BasicAuthentication.java:
>
> The two constructors might benefit from a bit of refactoring
> allowing them to share the code that encode the credentials.
>
> BasicAuthenticator.java:
>
> 76 if ("".equals(realm))
>
> I'd suggest using
>
> if (realm.isEmpty())
>
> If you do so you might also decide to add a comment that
> this is an implicit null check and decide to remove the
> previous line: Objects.requiresNonNull(realm).
>
> BasicAuthenticatorCharset.java:
>
> This appears as a new test, yet it has a copyright
> line 2005, 2019, and two @bug refs?
>
> typo: setAuthenticatonPW
>
> 146 // should fail once with UNICODE_PW and unsupporting
> character set
> 147 if (failCount != 1)
> 148 throw new RuntimeException("Fail count exceeded: 1 !=
> " + failCount);
>
> well... OK. But technically the test could succeed
> if the failing charset didn't fail but the passing
> charset did.
>
> It would be much better to test that the charset that
> is expected to fail fails and that the charset that
> is expected to pass passes...
>
> TestHttpUnicode.java
>
> Are the copyright years OK or is this just
> copy-paste mistake?
>
> 44 static class testAuthenticator extends
> java.net.Authenticator {
>
> can this class start with an upper case please?
> it's a bit confusing given that the server authenticator is a
> stored in a variable named `testAuthenticator` as well.
>
>
> Otherwise, looks good to me!
>
> best regards,
>
> -- daniel
>
>
> On 06/08/2019 12:44, Michael McMahon wrote:
>> This change went through a couple of rounds of review before, and I
>> got diverted to something else
>> at the time. So, just picking it up now.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8199849
>>
>> Webrev: http://cr.openjdk.java.net/~michaelm/8199849/webrev.3/index.html
>>
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8215275
>>
>> The two tests were contributed by Patrick Concannon.
>>
>> Thanks,
>> Michael.
>
More information about the net-dev
mailing list