Integrated: 8144100: Incorrect case-sensitive equality in com.sun.net.httpserver.BasicAuthenticator

Nizar Benalla duke at openjdk.org
Sat May 11 04:27:09 UTC 2024


On Wed, 8 May 2024 04:23:47 GMT, Nizar Benalla <duke at openjdk.org> wrote:

> Passes Tier 1-3
> Please review this change that aims to fix a bug when parsing the client's request.
> 
> RFC 9110 states 
> 
>> 11. HTTP Authentication 11.1. Authentication Scheme
> HTTP provides a general framework for access control and authentication, via an extensible set of challenge-response authentication schemes, which can be used by a server to challenge a client request and by a client to provide authentication information. It uses a **case-insensitive** token to identify the authentication scheme: 
> ```auth-scheme = token```
> 
> But in `BasicAuthenticator#authenticate` it was done in a case sensitive manner
> 
> TIA

This pull request has now been integrated.

Changeset: b87a7e99
Author:    Nizar Benalla <nizar.benalla at oracle.com>
Committer: Jaikiran Pai <jpai at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/b87a7e990631c8b402578f645397b2aeda8927bb
Stats:     120 lines in 2 files changed: 118 ins; 0 del; 2 mod

8144100: Incorrect case-sensitive equality in com.sun.net.httpserver.BasicAuthenticator

Reviewed-by: jpai, dfuchs

-------------

PR: https://git.openjdk.org/jdk/pull/19133


More information about the net-dev mailing list