On Tue, 26 Oct 2021 12:46:31 GMT, Julia Boes <jb...@openjdk.org> wrote:
> This change ensures that the realm string passed to the BasicAuthenticator > constructor is a quoted-string, as per RFC7230 [1]. A Utils class is added to > jdk.httpserver/sun.net.httpserver that holds the new isQuotedString() method > and the pre-existing isValidName() method (previously in ServerImpl.) > Two tests are included: > - BasicAuthenticatorRealm.java to check that Latin-1 chars in the realm > string are transported correctly, > - BasicAuthenticatorExceptionCheck.java to check realm strings with escaped > quotes. > > Testing: tier 1-3. > > [1] https://datatracker.ietf.org/doc/html/rfc7230 This pull request has now been integrated. Changeset: ee499632 Author: Julia Boes <jb...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/ee499632586eabb3dab209645d5b9c781a09034b Stats: 339 lines in 6 files changed: 305 ins; 22 del; 12 mod 8275534: com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string Reviewed-by: michaelm, dfuchs ------------- PR: https://git.openjdk.java.net/jdk/pull/6117