cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator DigestAuthenticator.java

Thu, 22 Apr 2004 14:48:32 -0700 

markt       2004/04/22 14:48:32

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        DigestAuthenticator.java
  Log:
  Fix bug 9851. Digest authentication failed with Mozilla and other issues re RFC2617.
  - Based on a patch supplied by Juan Carlos Estibariz.
  - Ported from TC4.
  
  Revision  Changes    Path
  1.6       +17 -5     
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java
  
  Index: DigestAuthenticator.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- DigestAuthenticator.java  27 Feb 2004 14:58:41 -0000      1.5
  +++ DigestAuthenticator.java  22 Apr 2004 21:48:32 -0000      1.6
  @@ -295,7 +295,7 @@
               if ("username".equals(currentTokenName))
                   userName = removeQuotes(currentTokenValue);
               if ("realm".equals(currentTokenName))
  -                realmName = removeQuotes(currentTokenValue);
  +                realmName = removeQuotes(currentTokenValue, true);
               if ("nonce".equals(currentTokenName))
                   nOnce = removeQuotes(currentTokenValue);
               if ("nc".equals(currentTokenName))
  @@ -365,16 +365,28 @@
   
   
       /**
  -     * Removes the quotes on a string.
  +     * Removes the quotes on a string. RFC2617 states quotes are optional for
  +     * all parameters except realm.
        */
  -    protected static String removeQuotes(String quotedString) {
  -        if (quotedString.length() > 2) {
  +    protected static String removeQuotes(String quotedString,
  +                                         boolean quotesRequired) {
  +        //support both quoted and non-quoted
  +        if (quotedString.length() > 0 && quotedString.charAt(0) != '"' &&
  +                !quotesRequired) {
  +            return quotedString;
  +        } else if (quotedString.length() > 2) {
               return quotedString.substring(1, quotedString.length() - 1);
           } else {
               return new String();
           }
       }
   
  +    /**
  +     * Removes the quotes on a string.
  +     */
  +    protected static String removeQuotes(String quotedString) {
  +        return removeQuotes(quotedString, false);
  +    }
   
       /**
        * Generate a unique token. The token is generated according to the
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to