RFR: 8144100: Incorrect case-sensitive equality in com.sun.net.httpserver.BasicAuthenticator [v2]

Nizar Benalla duke at openjdk.org
Thu May 9 12:49:09 UTC 2024


> Passes Tier 1-3
> Please review this change that aims to fix a bug when parsing the client's request.
> 
> RFC 9110 states 
> 
>> 11. HTTP Authentication 11.1. Authentication Scheme
> HTTP provides a general framework for access control and authentication, via an extensible set of challenge-response authentication schemes, which can be used by a server to challenge a client request and by a client to provide authentication information. It uses a **case-insensitive** token to identify the authentication scheme: 
> ```auth-scheme = token```
> 
> But in `BasicAuthenticator#authenticate` it was done in a case sensitive manner
> 
> TIA

Nizar Benalla has updated the pull request incrementally with one additional commit since the last revision:

  Declare `ServerAuthenticator.invoked` as volatile

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/19133/files
  - new: https://git.openjdk.org/jdk/pull/19133/files/ff93e73c..5003802b

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=19133&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=19133&range=00-01

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/19133.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/19133/head:pull/19133

PR: https://git.openjdk.org/jdk/pull/19133


More information about the net-dev mailing list