RFR: 8281561: Disable http DIGEST mechanism with MD5 by default [v2]
Michael McMahon
michaelm at openjdk.java.net
Thu Mar 10 11:00:49 UTC 2022
On Wed, 9 Mar 2022 15:18:43 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> Michael McMahon has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java line 82:
>
>> 80: @SuppressWarnings("removal")
>> 81: String secprops = AccessController.doPrivileged(
>> 82: new PrivilegedAction<>() {
>
> could use a lambda instead of an anonymous class?
Had tried it first and compiler didn't know whether lambda is a PrivilegedAction or a PrivilegedExceptionAction, but it seems a cast works. Will change it.
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java line 127:
>
>> 125: String s = NetProperties.get(enabledAlgPropName);
>> 126: return s == null
>> 127: ? "" : s.replaceAll("\\s", "").toUpperCase();
>
> Should probably use Local.ROOT to convert to upper case.
> It seems to me that the code that takes a String as argument, check for null and returns an empty set, remove spaces, convert it to upper case, splits the string at commas, and create an immutable set from that, could be moved to an auxillary function and called for parsing both the Security property and the System property - since their syntax is identical.
good idea
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
More information about the net-dev
mailing list