This is an automated email from the ASF dual-hosted git repository. reta pushed a commit to branch 3.6.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.6.x-fixes by this push: new e2fe369230 [CXF-8761] DigestAuthSupplier: Must not decode URL encoded URI parts (#996) e2fe369230 is described below commit e2fe36923045e9bf45f24906de23f11a5e71ed3e Author: Thomas Faller <tfall...@gmx.de> AuthorDate: Tue Oct 4 02:34:43 2022 +0200 [CXF-8761] DigestAuthSupplier: Must not decode URL encoded URI parts (#996) --- .../cxf/transport/http/auth/DigestAuthSupplier.java | 6 +++--- .../transport/http/auth/DigestAuthSupplierTest.java | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java index f2e4488af2..b076ae3fd7 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java @@ -100,9 +100,9 @@ public class DigestAuthSupplier implements HttpAuthSupplier { } private static String getAuthURI(URI currentURI) { - String authURI = currentURI.getPath(); - if (currentURI.getQuery() != null) { - authURI += '?' + currentURI.getQuery(); + String authURI = currentURI.getRawPath(); + if (currentURI.getRawQuery() != null) { + authURI += '?' + currentURI.getRawQuery(); } return authURI; } diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/http/auth/DigestAuthSupplierTest.java b/rt/transports/http/src/test/java/org/apache/cxf/transport/http/auth/DigestAuthSupplierTest.java index e9dc03c513..127b88b885 100644 --- a/rt/transports/http/src/test/java/org/apache/cxf/transport/http/auth/DigestAuthSupplierTest.java +++ b/rt/transports/http/src/test/java/org/apache/cxf/transport/http/auth/DigestAuthSupplierTest.java @@ -91,4 +91,23 @@ public class DigestAuthSupplierTest { expectedParams.put("algorithm", "MD5"); assertEquals(expectedParams, params); } + + @Test + public void testUrlEncodedUri() throws Exception { + AuthorizationPolicy authPolicy = new AuthorizationPolicy(); + authPolicy.setUserName("testUser"); + authPolicy.setPassword("testPassword"); + + // uri with utf-8 url encoded path and query + URI uri = new URI("http://localhost.com/sch%C3%B6ne?gr%C3%BC%C3%9Fe"); + assertEquals("/schöne", uri.getPath()); + assertEquals("grüße", uri.getQuery()); + + DigestAuthSupplier authSupplier = new DigestAuthSupplier(); + String authToken = authSupplier.getAuthorization(authPolicy, uri, new MessageImpl(), "Digest"); + HttpAuthHeader authHeader = new HttpAuthHeader(authToken); + assertTrue(authHeader.authTypeIsDigest()); + // uri parts must stay encoded + assertEquals("/sch%C3%B6ne?gr%C3%BC%C3%9Fe", authHeader.getParams().get("uri")); + } }