afs commented on a change in pull request #666: JENA-1811: Dispatch on
Content-Type. Accumulated code and comment cleanup.
URL: https://github.com/apache/jena/pull/666#discussion_r364147314
##########
File path:
jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/auth/Auth.java
##########
@@ -103,4 +104,20 @@ public static boolean allow(String user, AuthPolicy
policy, Runnable notAllowed)
notAllowed.run();
return false;
}
+
+ /**
+ * Calculate the value of the "Authentication" HTTP header for basic auth.
Basic
+ * auth is not secure when used over HTTP (the password can be extracted).
Use
+ * with HTTPS is better.
+ * <p>
+ * Unlike digest auth, basic auth can be setup without an extra round trip
to the
+ * server, making it easier for scripts where teh body is not replayable.
Review comment:
Thanks for raising this. I can't find a definitive answer by searching the
web.
Not sure about the `<p>`. It is legal HTML (not xHTML). I don't get a
warning/error in Eclipse. The POM has `<doclint>none</doclint>` and given the
scale and age of Jena, other places will have no closing `</p>`.
Elsewhere, I have projects using Java11 and no special configuration of the
javadoc plugin.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
