[GitHub] [tomcat] michael-o commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

GitBox Tue, 10 Aug 2021 10:40:56 -0700


michael-o commented on a change in pull request #444:
URL: https://github.com/apache/tomcat/pull/444#discussion_r686188244




##########
File path: java/org/apache/catalina/authenticator/BasicAuthenticator.java
##########
@@ -132,6 +132,10 @@ protected String getAuthMethod() {
         return HttpServletRequest.BASIC_AUTH;
     }
 
+    @Override
+    protected boolean isPreemptiveAuthRequest(Request request) {
+        return 
request.getCoyoteRequest().getMimeHeaders().getValue("authorization") != null;

Review comment:
       I don't consider this to be preemptive authentication. It says nothing 
that the use has not been challenged.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

Reply via email to