RFR: 8144100: Incorrect case-sensitive equality in com.sun.net.httpserver.BasicAuthenticator [v2]

Daniel Fuchs dfuchs at openjdk.org
Fri May 10 09:51:11 UTC 2024


On Thu, 9 May 2024 12:49:09 GMT, Nizar Benalla <duke at openjdk.org> wrote:

>> Passes Tier 1-3
>> Please review this change that aims to fix a bug when parsing the client's request.
>> 
>> RFC 9110 states 
>> 
>>> 11. HTTP Authentication 11.1. Authentication Scheme
>> HTTP provides a general framework for access control and authentication, via an extensible set of challenge-response authentication schemes, which can be used by a server to challenge a client request and by a client to provide authentication information. It uses a **case-insensitive** token to identify the authentication scheme: 
>> ```auth-scheme = token```
>> 
>> But in `BasicAuthenticator#authenticate` it was done in a case sensitive manner
>> 
>> TIA
>
> Nizar Benalla has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Declare `ServerAuthenticator.invoked` as volatile

test/jdk/com/sun/net/httpserver/BasicAuthToken.java line 24:

> 22:  */
> 23: 
> 24: /**

Suggestion:

/*

It was recently suggested that test comments are not API documentation comments, and that we should avoid `/**` in that case. Maybe we will do a global pass on the test base at some point (or not) but in the mean time let's avoid propagating this pattern in new tests.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/19133#discussion_r1596537133


More information about the net-dev mailing list