On Thu, 9 May 2024 12:49:09 GMT, Nizar Benalla <d...@openjdk.org> wrote:
>> Passes Tier 1-3 >> Please review this change that aims to fix a bug when parsing the client's >> request. >> >> RFC 9110 states >> >>> 11. HTTP Authentication 11.1. Authentication Scheme >> HTTP provides a general framework for access control and authentication, via >> an extensible set of challenge-response authentication schemes, which can be >> used by a server to challenge a client request and by a client to provide >> authentication information. It uses a **case-insensitive** token to identify >> the authentication scheme: >> ```auth-scheme = token``` >> >> But in `BasicAuthenticator#authenticate` it was done in a case sensitive >> manner >> >> TIA > > Nizar Benalla has updated the pull request incrementally with one additional > commit since the last revision: > > Declare `ServerAuthenticator.invoked` as volatile test/jdk/com/sun/net/httpserver/BasicAuthToken.java line 24: > 22: */ > 23: > 24: /** Suggestion: /* It was recently suggested that test comments are not API documentation comments, and that we should avoid `/**` in that case. Maybe we will do a global pass on the test base at some point (or not) but in the mean time let's avoid propagating this pattern in new tests. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/19133#discussion_r1596537133
