RFR: 8275534: com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string [v2]

Julia Boes jboes at openjdk.java.net
Mon Nov 1 13:12:51 UTC 2021


> This change ensures that the realm string passed to the BasicAuthenticator constructor is a quoted-string, as per RFC7230 [1]. A Utils class is added to jdk.httpserver/sun.net.httpserver that holds the new isQuotedString() method and the pre-existing isValidName() method (previously in ServerImpl.) 
> Two tests are included:
> - BasicAuthenticatorRealm.java to check that Latin-1 chars in the realm string are transported correctly,
> - BasicAuthenticatorExceptionCheck.java to check realm strings with escaped quotes.
> 
> Testing: tier 1-3.
> 
> [1] https://datatracker.ietf.org/doc/html/rfc7230

Julia Boes has updated the pull request incrementally with one additional commit since the last revision:

  address PR comments
  * change method name to isQuotedStringContent
  * update api note and throws declaration

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/6117/files
  - new: https://git.openjdk.java.net/jdk/pull/6117/files/6cb5ce86..556330d5

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=6117&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=6117&range=00-01

  Stats: 16 lines in 2 files changed: 3 ins; 2 del; 11 mod
  Patch: https://git.openjdk.java.net/jdk/pull/6117.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/6117/head:pull/6117

PR: https://git.openjdk.java.net/jdk/pull/6117


More information about the net-dev mailing list