Re: svn commit: r1303338 - /tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java

[Brian Burch]

On 21/03/12 10:00, ma...@apache.org wrote:
Author: markt
Date: Wed Mar 21 10:00:52 2012
New Revision: 1303338
URL: http://svn.apache.org/viewvc?rev=1303338&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52953
When using DIGEST auth, digests are always represented using lower case hex 
characters

I realise this particular change is trivial, but because I hadn't 
updated my sandbox of the trunk for a couple of weeks, I decided to add 
a new unit test for bug 52954 in:

org.apache.catalina.authenticator.TestDigestAuthenticator.

No-one should be surprised to hear the new test case is currently 
failing on my system with 401 status - it simply confirms the bug exists 
in my sandbox:

Last Changed Author: markt
Last Changed Rev: 1297213
Last Changed Date: 2012-03-05 20:20:00 +0000 (Mon, 05 Mar 2012)


I'm not in a hurry to update my sandbox because I am confident svn 
commit r1303338 fixes the reported bug.

However, this test class hasn't changed for quite a long time, so before 
I submit my change, I intend to look for any other corner-cases that 
might also have been missed. If anyone else is planning to do similar 
work, please let me know so that I don't waste my time!

Regards,

Brian

Modified:
     tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java

Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1303338&r1=1303337&r2=1303338&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Wed Mar 21 
10:00:52 2012
@@ -27,6 +27,7 @@ import java.security.NoSuchAlgorithmExce
  import java.security.Principal;
  import java.security.cert.X509Certificate;
  import java.util.ArrayList;
+import java.util.Locale;

  import javax.servlet.http.HttpServletResponse;

@@ -381,7 +382,8 @@ public abstract class RealmBase extends
                                    String qop, String realm,
                                    String md5a2) {

-        String md5a1 = getDigest(username, realm);
+        // In digest auth, digests are always lower case
+        String md5a1 = getDigest(username, realm).toLowerCase(Locale.ENGLISH);
          if (md5a1 == null)
              return null;
          String serverDigestValue;



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org