JDK 14 issue in BasicAuthenticator

Simone Bordet simone.bordet at gmail.com
Sun Dec 15 16:52:21 UTC 2019


the Jetty integration with HttpServerProvider is failing a couple of
tests in JDK 14 (they pass in earlier JDKs).

This is due to the fact that com.sun.net.httpserver.BasicAuthenticator
has been changed to report the charset in the WWW-Authenticate header
(see line 100).
The header produced is:

Basic realm="Test" charset="UTF-8"

which is invalid, since parameters must be separated by commas. The
right format would be:

Basic realm="Test", charset="UTF-8"

See https://tools.ietf.org/html/rfc7235#appendix-C.

Furthermore, there is some code duplication between lines 98-101 and 123-125.
The second set of lines lacks the charset parameter that the first set
of lines added, so there is a chance to factor those lines to a common

I'm a JDK author and I can open a bug about this.


Simone Bordet
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz

More information about the net-dev mailing list