Odi, The patch looks fine to me. There is just a few minor points that I would like to be considered before the patch is committed:
- DigestScheme#DigestScheme( String ) constructor should probably log a warning message or even throw an exception if it encounters an unrecognised 'qop' element. Currently they are just silently ignored. - Use StringBuffer to concatenate strings in DigestScheme#createDigest( String, String ). - A test case for unsupported qop in HTTP Digest authentication would be nice. - The patch makes a few public methods private (quite appropriately in my opinion). Nobody is going to miss them, I think, however, the fact of 2.0 API breakage should be reflected in API_CHANGES_2_1.txt Cheers Oleg On Thu, 2003-09-11 at 11:55, Ortwin Glück wrote: > While reviewing a Patch to include MD5-sess into the Digest > Authentication Scheme I came across a few flaws in that class. I suggest > the following changes (see attached patch): > > - The qop Parameter must be parsed correctly and not just be ignored > - The fact that it is legal to have a missing qop must not be ignored > - The class should be prepared to handle the auth-int qop option > (even though an implementation is not possible with the current design) > - The public interface of this class is narrowed (as it is not needed by > the tests any more) > - The test cases should check the actual result rather than checking for > equality after another run through the same logic. Note: This is not > simple for requests that require the client to generate a cnonce. > > The patch is against HEAD. The 2.0 branch would be unaffected by these > changes. > > Odi > > ______________________________________________________________________ > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]