Author: markt
Date: Wed Mar 20 21:17:48 2013
New Revision: 1459061
URL: http://svn.apache.org/r1459061
Log:
Switching to the new Decoder has fixed a couple of TODOs. Update the comments
and tests accordingly.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java?rev=1459061&r1=1459060&r2=1459061&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
Wed Mar 20 21:17:48 2013
@@ -110,8 +110,6 @@ public class BasicAuthenticator
ByteChunk authorizationBC = authorization.getByteChunk();
if (authorizationBC.startsWithIgnoreCase("basic ", 0)) {
authorizationBC.setOffset(authorizationBC.getOffset() + 6);
- // FIXME: Add trimming
- // authorizationBC.trim();
// Use the StringCache as these will be the same between
// requests
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1459061&r1=1459060&r2=1459061&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Wed Mar 20 21:17:48 2013
@@ -187,8 +187,6 @@ public class SpnegoAuthenticator extends
}
authorizationBC.setOffset(authorizationBC.getOffset() + 10);
- // FIXME: Add trimming
- // authorizationBC.trim();
// Create the String directly as this will change on each request and
we
// don't want to use the StringCache
Modified:
tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java?rev=1459061&r1=1459060&r2=1459061&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
(original)
+++
tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
Wed Mar 20 21:17:48 2013
@@ -197,18 +197,20 @@ public class TestNonLoginAndBasicAuthent
* This is the same as testAcceptProtectedBasic (above), except
* using excess white space after the authentication method.
*
- * The request is rejected with 401 SC_UNAUTHORIZED status.
+ * The access will be challenged with 401 SC_UNAUTHORIZED, and then be
+ * permitted once authenticated.
*
- * TODO: RFC2617 does not define the separation syntax between the
- * auth-scheme and basic-credentials tokens. Tomcat should tolerate
- * any reasonable amount of white space and return SC_OK.
+ * RFC2617 does not define the separation syntax between the auth-scheme
and
+ * basic-credentials tokens. Tomcat tolerates any amount of white space
+ * (within the limits of HTTP header sizes) and returns SC_OK.
*/
@Test
public void testAuthMethodExtraSpace() throws Exception {
doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, NO_CREDENTIALS,
NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, SPACED_BASE64,
- NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
+ NO_COOKIES, HttpServletResponse.SC_OK);
+
}
/*
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
