RFR: 8275534: com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string [v2]

Daniel Fuchs dfuchs at openjdk.java.net
Mon Nov 1 13:22:10 UTC 2021


On Mon, 1 Nov 2021 13:12:51 GMT, Julia Boes <jboes at openjdk.org> wrote:

>> This change ensures that the realm string passed to the BasicAuthenticator constructor is a quoted-string, as per RFC7230 [1]. A Utils class is added to jdk.httpserver/sun.net.httpserver that holds the new isQuotedString() method and the pre-existing isValidName() method (previously in ServerImpl.) 
>> Two tests are included:
>> - BasicAuthenticatorRealm.java to check that Latin-1 chars in the realm string are transported correctly,
>> - BasicAuthenticatorExceptionCheck.java to check realm strings with escaped quotes.
>> 
>> Testing: tier 1-3.
>> 
>> [1] https://datatracker.ietf.org/doc/html/rfc7230
>
> Julia Boes has updated the pull request incrementally with one additional commit since the last revision:
> 
>   address PR comments
>   * change method name to isQuotedStringContent
>   * update api note and throws declaration

Marked as reviewed by dfuchs (Reviewer).

-------------

PR: https://git.openjdk.java.net/jdk/pull/6117


More information about the net-dev mailing list