RFR: 8144100: Incorrect case-sensitive equality in com.sun.net.httpserver.BasicAuthenticator
Nizar Benalla
duke at openjdk.org
Thu May 9 12:01:15 UTC 2024
Passes Tier 1-3
Please review this change that aims to fix a bug when parsing the client's request.
RFC 9110 states
> 11. HTTP Authentication 11.1. Authentication Scheme
HTTP provides a general framework for access control and authentication, via an extensible set of challenge-response authentication schemes, which can be used by a server to challenge a client request and by a client to provide authentication information. It uses a **case-insensitive** token to identify the authentication scheme:
```auth-scheme = token```
But in `BasicAuthenticator#authenticate` it was done in a case sensitive manner
TIA
-------------
Commit messages:
- Update copyright year
- Checking if server response is 200
- Add improvements suggested by Jaikiran.
- Added test to check authentication scheme token
- now using a case-insensitive token
Changes: https://git.openjdk.org/jdk/pull/19133/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=19133&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8144100
Stats: 119 lines in 2 files changed: 117 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/19133.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/19133/head:pull/19133
PR: https://git.openjdk.org/jdk/pull/19133
More information about the net-dev
mailing list