RFR: 8144100: Incorrect case-sensitive equality in com.sun.net.httpserver.BasicAuthenticator [v3]
Nizar Benalla
duke at openjdk.org
Sat May 11 02:31:14 UTC 2024
On Fri, 10 May 2024 13:58:58 GMT, Nizar Benalla <duke at openjdk.org> wrote:
>> Passes Tier 1-3
>> Please review this change that aims to fix a bug when parsing the client's request.
>>
>> RFC 9110 states
>>
>>> 11. HTTP Authentication 11.1. Authentication Scheme
>> HTTP provides a general framework for access control and authentication, via an extensible set of challenge-response authentication schemes, which can be used by a server to challenge a client request and by a client to provide authentication information. It uses a **case-insensitive** token to identify the authentication scheme:
>> ```auth-scheme = token```
>>
>> But in `BasicAuthenticator#authenticate` it was done in a case sensitive manner
>>
>> TIA
>
> Nizar Benalla has updated the pull request incrementally with one additional commit since the last revision:
>
> added suggestions by daniel and jaikiran
Only tests failing tier 1-3 are Math related tests, https://bugs.openjdk.org/browse/JDK-8332066.
`Test8210461.java`,`WorstCaseTests.java` and `SinCosCornerCasesTests.java`. Completely unrelated to my changes.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19133#issuecomment-2105461567
More information about the net-dev
mailing list