On Wed, 8 May 2024 04:23:47 GMT, Nizar Benalla <d...@openjdk.org> wrote:
> Passes Tier 1-3
> Please review this change that aims to fix a bug when parsing the client's
> request.
>
> RFC 9110 states
>
>> 11. HTTP Authentication 11.1. Authentication Scheme
> HTTP provides a general framework for access control and authentication, via
> an extensible set of challenge-response authentication schemes, which can be
> used by a server to challenge a client request and by a client to provide
> authentication information. It uses a **case-insensitive** token to identify
> the authentication scheme:
> ```auth-scheme = token```
>
> But in `BasicAuthenticator#authenticate` it was done in a case sensitive
> manner
>
> TIA
test/jdk/com/sun/net/httpserver/BasicAuthToken.java line 100:
> 98:
> 99: static class ServerAuthenticator extends BasicAuthenticator {
> 100: private static boolean invoked = false;
this should be declared volatile since it will be mutated in one thread and
read in the other.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19133#discussion_r1595367351
