You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/01/28 16:10:29 UTC
svn commit: r1439443 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/tomcat/util/http/parser/HttpParser.java
webapps/docs/changelog.xml
Author: markt
Date: Mon Jan 28 15:10:28 2013
New Revision: 1439443
URL: http://svn.apache.org/viewvc?rev=1439443&view=rev
Log:
Follow-up to https://issues.apache.org/bugzilla/show_bug.cgi?id=54060
More buggy client implementations of DIGEST auth. This time it is the JDK (Oracle 6.x, Oracle 7.x, OpenJDK 7.*)
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1439442
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java?rev=1439443&r1=1439442&r2=1439443&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java Mon Jan 28 15:10:28 2013
@@ -43,6 +43,7 @@ import java.util.Map;
*/
public class HttpParser {
+ @SuppressWarnings("unused") // Unused due to buggy client implementations
private static final Integer FIELD_TYPE_TOKEN = Integer.valueOf(0);
private static final Integer FIELD_TYPE_QUOTED_STRING = Integer.valueOf(1);
private static final Integer FIELD_TYPE_TOKEN_OR_QUOTED_STRING = Integer.valueOf(2);
@@ -64,7 +65,7 @@ public class HttpParser {
fieldTypes.put("nonce", FIELD_TYPE_QUOTED_STRING);
fieldTypes.put("digest-uri", FIELD_TYPE_QUOTED_STRING);
fieldTypes.put("response", FIELD_TYPE_QUOTED_LHEX);
- fieldTypes.put("algorithm", FIELD_TYPE_TOKEN);
+ fieldTypes.put("algorithm", FIELD_TYPE_QUOTED_TOKEN);
fieldTypes.put("cnonce", FIELD_TYPE_QUOTED_STRING);
fieldTypes.put("opaque", FIELD_TYPE_QUOTED_STRING);
fieldTypes.put("qop", FIELD_TYPE_QUOTED_TOKEN);
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1439443&r1=1439442&r2=1439443&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Jan 28 15:10:28 2013
@@ -57,6 +57,10 @@
<subsection name="Catalina">
<changelog>
<fix>
+ Make additional allowances for buggy client implementations of HTTP
+ DIGEST authentication. This is a follow-on to <bug>54060</bug>. (markt)
+ </fix>
+ <fix>
<bug>54438</bug>: Fix a regression in the fix for <bug>52953</bug> that
triggered a NPE when digested passwords were used and an authentication
attempt was made for a user that did not exist in the realm. (markt)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org