markt 2004/04/22 14:47:58 Modified: catalina/src/share/org/apache/catalina/authenticator DigestAuthenticator.java Log: Fix bug 9851. Digest authentication failed with Mozilla and other issues re RFC2617. - Based on a patch supplied by Juan Carlos Estibariz. Revision Changes Path 1.13 +23 -17 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java Index: DigestAuthenticator.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- DigestAuthenticator.java 24 Dec 2003 20:40:50 -0000 1.12 +++ DigestAuthenticator.java 22 Apr 2004 21:47:58 -0000 1.13 @@ -188,7 +188,7 @@ */ public String getInfo() { - return (this.info); + return (info); } @@ -335,21 +335,15 @@ if ("username".equals(currentTokenName)) userName = removeQuotes(currentTokenValue); if ("realm".equals(currentTokenName)) - realmName = removeQuotes(currentTokenValue); + realmName = removeQuotes(currentTokenValue, true); if ("nonce".equals(currentTokenName)) nOnce = removeQuotes(currentTokenValue); if ("nc".equals(currentTokenName)) nc = currentTokenValue; if ("cnonce".equals(currentTokenName)) cnonce = removeQuotes(currentTokenValue); - if ("qop".equals(currentTokenName)) { - //support both quoted and non-quoted - if (currentTokenValue.startsWith("\"") && - currentTokenValue.endsWith("\"")) - qop = removeQuotes(currentTokenValue); - else - qop = currentTokenValue; - } + if ("qop".equals(currentTokenName)) + qop = removeQuotes(currentTokenValue); if ("uri".equals(currentTokenName)) uri = removeQuotes(currentTokenValue); if ("response".equals(currentTokenName)) @@ -414,16 +408,28 @@ /** - * Removes the quotes on a string. + * Removes the quotes on a string. RFC2617 states quotes are optional for + * all parameters except realm. */ - protected static String removeQuotes(String quotedString) { - if (quotedString.length() > 2) { + protected static String removeQuotes(String quotedString, + boolean quotesRequired) { + //support both quoted and non-quoted + if (quotedString.length() > 0 && quotedString.charAt(0) != '"' && + !quotesRequired) { + return quotedString; + } else if (quotedString.length() > 2) { return quotedString.substring(1, quotedString.length() - 1); } else { return new String(); } } + /** + * Removes the quotes on a string. + */ + protected static String removeQuotes(String quotedString) { + return removeQuotes(quotedString, false); + } /** * Generate a unique token. The token is generated according to the
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]