markt 2004/04/22 14:47:58
Modified: catalina/src/share/org/apache/catalina/authenticator
DigestAuthenticator.java
Log:
Fix bug 9851. Digest authentication failed with Mozilla and other issues re RFC2617.
- Based on a patch supplied by Juan Carlos Estibariz.
Revision Changes Path
1.13 +23 -17
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java
Index: DigestAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- DigestAuthenticator.java 24 Dec 2003 20:40:50 -0000 1.12
+++ DigestAuthenticator.java 22 Apr 2004 21:47:58 -0000 1.13
@@ -188,7 +188,7 @@
*/
public String getInfo() {
- return (this.info);
+ return (info);
}
@@ -335,21 +335,15 @@
if ("username".equals(currentTokenName))
userName = removeQuotes(currentTokenValue);
if ("realm".equals(currentTokenName))
- realmName = removeQuotes(currentTokenValue);
+ realmName = removeQuotes(currentTokenValue, true);
if ("nonce".equals(currentTokenName))
nOnce = removeQuotes(currentTokenValue);
if ("nc".equals(currentTokenName))
nc = currentTokenValue;
if ("cnonce".equals(currentTokenName))
cnonce = removeQuotes(currentTokenValue);
- if ("qop".equals(currentTokenName)) {
- //support both quoted and non-quoted
- if (currentTokenValue.startsWith("\"") &&
- currentTokenValue.endsWith("\""))
- qop = removeQuotes(currentTokenValue);
- else
- qop = currentTokenValue;
- }
+ if ("qop".equals(currentTokenName))
+ qop = removeQuotes(currentTokenValue);
if ("uri".equals(currentTokenName))
uri = removeQuotes(currentTokenValue);
if ("response".equals(currentTokenName))
@@ -414,16 +408,28 @@
/**
- * Removes the quotes on a string.
+ * Removes the quotes on a string. RFC2617 states quotes are optional for
+ * all parameters except realm.
*/
- protected static String removeQuotes(String quotedString) {
- if (quotedString.length() > 2) {
+ protected static String removeQuotes(String quotedString,
+ boolean quotesRequired) {
+ //support both quoted and non-quoted
+ if (quotedString.length() > 0 && quotedString.charAt(0) != '"' &&
+ !quotesRequired) {
+ return quotedString;
+ } else if (quotedString.length() > 2) {
return quotedString.substring(1, quotedString.length() - 1);
} else {
return new String();
}
}
+ /**
+ * Removes the quotes on a string.
+ */
+ protected static String removeQuotes(String quotedString) {
+ return removeQuotes(quotedString, false);
+ }
/**
* Generate a unique token. The token is generated according to the
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
