You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by re...@apache.org on 2022/10/04 14:31:53 UTC
[cxf] branch 3.5.x-fixes updated: [CXF-8761] DigestAuthSupplier: Must not decode URL encoded URI parts (#996)
This is an automated email from the ASF dual-hosted git repository.
reta pushed a commit to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.5.x-fixes by this push:
new b1f80c4971 [CXF-8761] DigestAuthSupplier: Must not decode URL encoded URI parts (#996)
b1f80c4971 is described below
commit b1f80c49718d0d92c547a6cf84756d6f5c2baae0
Author: Thomas Faller <tf...@gmx.de>
AuthorDate: Tue Oct 4 02:34:43 2022 +0200
[CXF-8761] DigestAuthSupplier: Must not decode URL encoded URI parts (#996)
---
.../cxf/transport/http/auth/DigestAuthSupplier.java | 6 +++---
.../transport/http/auth/DigestAuthSupplierTest.java | 19 +++++++++++++++++++
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java
index f2e4488af2..b076ae3fd7 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/DigestAuthSupplier.java
@@ -100,9 +100,9 @@ public class DigestAuthSupplier implements HttpAuthSupplier {
}
private static String getAuthURI(URI currentURI) {
- String authURI = currentURI.getPath();
- if (currentURI.getQuery() != null) {
- authURI += '?' + currentURI.getQuery();
+ String authURI = currentURI.getRawPath();
+ if (currentURI.getRawQuery() != null) {
+ authURI += '?' + currentURI.getRawQuery();
}
return authURI;
}
diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/http/auth/DigestAuthSupplierTest.java b/rt/transports/http/src/test/java/org/apache/cxf/transport/http/auth/DigestAuthSupplierTest.java
index e9dc03c513..127b88b885 100644
--- a/rt/transports/http/src/test/java/org/apache/cxf/transport/http/auth/DigestAuthSupplierTest.java
+++ b/rt/transports/http/src/test/java/org/apache/cxf/transport/http/auth/DigestAuthSupplierTest.java
@@ -91,4 +91,23 @@ public class DigestAuthSupplierTest {
expectedParams.put("algorithm", "MD5");
assertEquals(expectedParams, params);
}
+
+ @Test
+ public void testUrlEncodedUri() throws Exception {
+ AuthorizationPolicy authPolicy = new AuthorizationPolicy();
+ authPolicy.setUserName("testUser");
+ authPolicy.setPassword("testPassword");
+
+ // uri with utf-8 url encoded path and query
+ URI uri = new URI("http://localhost.com/sch%C3%B6ne?gr%C3%BC%C3%9Fe");
+ assertEquals("/schöne", uri.getPath());
+ assertEquals("grüße", uri.getQuery());
+
+ DigestAuthSupplier authSupplier = new DigestAuthSupplier();
+ String authToken = authSupplier.getAuthorization(authPolicy, uri, new MessageImpl(), "Digest");
+ HttpAuthHeader authHeader = new HttpAuthHeader(authToken);
+ assertTrue(authHeader.authTypeIsDigest());
+ // uri parts must stay encoded
+ assertEquals("/sch%C3%B6ne?gr%C3%BC%C3%9Fe", authHeader.getParams().get("uri"));
+ }
}