On Wed, 8 May 2024 04:23:47 GMT, Nizar Benalla <d...@openjdk.org> wrote:
> Passes Tier 1-3 > Please review this change that aims to fix a bug when parsing the client's > request. > > RFC 9110 states > >> 11. HTTP Authentication 11.1. Authentication Scheme > HTTP provides a general framework for access control and authentication, via > an extensible set of challenge-response authentication schemes, which can be > used by a server to challenge a client request and by a client to provide > authentication information. It uses a **case-insensitive** token to identify > the authentication scheme: > ```auth-scheme = token``` > > But in `BasicAuthenticator#authenticate` it was done in a case sensitive > manner > > TIA This pull request has now been integrated. Changeset: b87a7e99 Author: Nizar Benalla <nizar.bena...@oracle.com> Committer: Jaikiran Pai <j...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/b87a7e990631c8b402578f645397b2aeda8927bb Stats: 120 lines in 2 files changed: 118 ins; 0 del; 2 mod 8144100: Incorrect case-sensitive equality in com.sun.net.httpserver.BasicAuthenticator Reviewed-by: jpai, dfuchs ------------- PR: https://git.openjdk.org/jdk/pull/19133
