RFR: 8144100: Incorrect case-sensitive equality in com.sun.net.httpserver.BasicAuthenticator

Nizar Benalla duke at openjdk.org
Thu May 9 12:01:15 UTC 2024


Passes Tier 1-3
Please review this change that aims to fix a bug when parsing the client's request.

RFC 9110 states 

> 11. HTTP Authentication 11.1. Authentication Scheme
HTTP provides a general framework for access control and authentication, via an extensible set of challenge-response authentication schemes, which can be used by a server to challenge a client request and by a client to provide authentication information. It uses a **case-insensitive** token to identify the authentication scheme: 
```auth-scheme = token```

But in `BasicAuthenticator#authenticate` it was done in a case sensitive manner

TIA

-------------

Commit messages:
 - Update copyright year
 - Checking if server response is 200
 - Add improvements suggested by Jaikiran.
 - Added test to check authentication scheme token
 - now using a case-insensitive token

Changes: https://git.openjdk.org/jdk/pull/19133/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=19133&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8144100
  Stats: 119 lines in 2 files changed: 117 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/19133.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/19133/head:pull/19133

PR: https://git.openjdk.org/jdk/pull/19133


More information about the net-dev mailing list