ChristopherSchultz commented on code in PR #834:
URL: https://github.com/apache/tomcat/pull/834#discussion_r2020937294
##########
java/org/apache/catalina/realm/DigestCredentialHandlerBase.java:
##########
@@ -288,7 +289,7 @@ protected String mutate(String inputCredentials, byte[]
salt, int iterations, in
* @return <code>true</code> if the strings are equal to each other,
<code>false</code> otherwise.
*/
public static boolean equals(final String s1, final String s2, final
boolean ignoreCase) {
- if (s1 == s2) {
+ if (Objects.equals(s1, s2)) {
Review Comment:
Yes, and this is exactly the intent of this method: check the parameters for
reference-equality and return quickly. If they are not reference-equals,
continue to test via other means.
Your patch renders the rest of the method useless. If the strings are not
character-equals, then Objects.equals() is evaluated and then the two strings
are re-compared for absolutely no reason.
This method performs constant-time equality and should not be changed. There
is a reason String.equals() is not being used, here, at all.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
