https://issues.apache.org/bugzilla/show_bug.cgi?id=54060
Priority: P2
Bug ID: 54060
Assignee: [email protected]
Summary: DigestAuthenticator doesn't parse Authorization header
correctly
Severity: normal
Classification: Unclassified
OS: Linux
Reporter: [email protected]
Hardware: PC
Status: NEW
Version: 7.0.30
Component: Catalina
Product: Tomcat 7
>From DigestAuthenticator at line 546
// Bugzilla 37132:
http://issues.apache.org/bugzilla/show_bug.cgi?id=37132
String[] tokens =
authorization.split(",(?=(?:[^\"]*\"[^\"]*\")+$)");
if the last term in the line is not enclosed in quotes, only a single 'term'
results. For example:
Header: username="mthornton", qop=auth
token[0] is username="mthornton", qop=auth
Header: username="mthornton", qop=auth, cnonce="9926cb3c334ede11"
token[0] is username="mthornton"
token[1] is qop=auth
token[2] is cnonce="9926cb3c334ede11"
(Headers abbreviated for clarity).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
