You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2012/10/03 17:29:32 UTC
svn commit: r1393544 -
/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
Author: dkulp
Date: Wed Oct 3 15:29:31 2012
New Revision: 1393544
URL: http://svn.apache.org/viewvc?rev=1393544&view=rev
Log:
[CXF-5440] Problems with basic-auth passwords that contain a colon.
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java?rev=1393544&r1=1393543&r2=1393544&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java Wed Oct 3 15:29:31 2012
@@ -160,11 +160,18 @@ public abstract class AbstractHTTPDestin
String authEncoded = credentials.split(" ")[1];
try {
String authDecoded = new String(Base64Utility.decode(authEncoded));
- String authInfo[] = authDecoded.split(":");
- String username = (authInfo.length > 0) ? authInfo[0] : "";
- // Below line for systems that blank out password after authentication;
- // see CXF-1495 for more info
- String password = (authInfo.length > 1) ? authInfo[1] : "";
+ int idx = authDecoded.indexOf(':');
+ String username = null;
+ String password = null;
+ if (idx == -1) {
+ username = authDecoded;
+ } else {
+ username = authDecoded.substring(0, idx);
+ if (idx < (authDecoded.length() - 1)) {
+ password = authDecoded.substring(idx + 1);
+ }
+ }
+
AuthorizationPolicy policy = pp == null
? new AuthorizationPolicy() : new PrincipalAuthorizationPolicy(pp);
policy.setUserName(username);