Author: markt Date: Mon Jan 28 15:10:28 2013 New Revision: 1439443 URL: http://svn.apache.org/viewvc?rev=1439443&view=rev Log: Follow-up to https://issues.apache.org/bugzilla/show_bug.cgi?id=54060 More buggy client implementations of DIGEST auth. This time it is the JDK (Oracle 6.x, Oracle 7.x, OpenJDK 7.*)
Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r1439442 Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java?rev=1439443&r1=1439442&r2=1439443&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java Mon Jan 28 15:10:28 2013 @@ -43,6 +43,7 @@ import java.util.Map; */ public class HttpParser { + @SuppressWarnings("unused") // Unused due to buggy client implementations private static final Integer FIELD_TYPE_TOKEN = Integer.valueOf(0); private static final Integer FIELD_TYPE_QUOTED_STRING = Integer.valueOf(1); private static final Integer FIELD_TYPE_TOKEN_OR_QUOTED_STRING = Integer.valueOf(2); @@ -64,7 +65,7 @@ public class HttpParser { fieldTypes.put("nonce", FIELD_TYPE_QUOTED_STRING); fieldTypes.put("digest-uri", FIELD_TYPE_QUOTED_STRING); fieldTypes.put("response", FIELD_TYPE_QUOTED_LHEX); - fieldTypes.put("algorithm", FIELD_TYPE_TOKEN); + fieldTypes.put("algorithm", FIELD_TYPE_QUOTED_TOKEN); fieldTypes.put("cnonce", FIELD_TYPE_QUOTED_STRING); fieldTypes.put("opaque", FIELD_TYPE_QUOTED_STRING); fieldTypes.put("qop", FIELD_TYPE_QUOTED_TOKEN); Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1439443&r1=1439442&r2=1439443&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Jan 28 15:10:28 2013 @@ -57,6 +57,10 @@ <subsection name="Catalina"> <changelog> <fix> + Make additional allowances for buggy client implementations of HTTP + DIGEST authentication. This is a follow-on to <bug>54060</bug>. (markt) + </fix> + <fix> <bug>54438</bug>: Fix a regression in the fix for <bug>52953</bug> that triggered a NPE when digested passwords were used and an authentication attempt was made for a user that did not exist in the realm. (markt) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org