You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Barry Dunne <ba...@hotmail.com> on 2003/07/29 14:20:11 UTC
Re: [PATCH] Digest Authentication
carlos.quiroz-castro@nokia.com wrote:
>Here I attach a patch for DigestAuthentication.java that should fix the
>problems with DIGEST authentication.
>
>- // in some cases qop has quotes, and in some not. We'll
>support both
>- if (currentTokenValue.startsWith("\"") &&
>currentTokenValue.endsWith("\"")) {
>- qop = removeQuotes(currentTokenValue);
>- } else {
>- qop = currentTokenValue;
>- }
It appears that qop is not the only problem, the sun java plug-in (v1.4.1)
sends the nc value quoted.
This prevents applets logging in.
It might be worth leaving qop = removeQuotes(currentTokenValue);
change the nc line to call removeQuotes, i.e. nc =
removeQuotes(currentTokenValue);
and add a test to the start of removeQuotes method as follows:
protected static String removeQuotes(String quotedString) {
if ((!quotedString.startsWith("\"")) ||
(!quotedString.endsWith("\"")))
return quotedString;
if (quotedString.length() > 2) {
return quotedString.substring(1, quotedString.length() - 1);
} else {
return new String();
}
}
This would prevent the same problem happening on any of the digest fields.
Barry.
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org