You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Barry Dunne <ba...@hotmail.com> on 2003/07/29 14:20:11 UTC

Re: [PATCH] Digest Authentication

carlos.quiroz-castro@nokia.com wrote:

>Here I attach a patch for DigestAuthentication.java that should fix the 
>problems with DIGEST authentication.
>
>-                // in some cases qop has quotes, and in some not. We'll 
>support both
>-                if (currentTokenValue.startsWith("\"") && 
>currentTokenValue.endsWith("\"")) {
>-                  qop = removeQuotes(currentTokenValue);
>-                } else {
>-                  qop = currentTokenValue;
>-                }


It appears that qop is not the only problem, the sun java plug-in (v1.4.1) 
sends the nc value quoted.
This prevents applets logging in.

It might be worth leaving  qop = removeQuotes(currentTokenValue);
change the nc line to call removeQuotes, i.e.  nc = 
removeQuotes(currentTokenValue);
and add a test to the start of removeQuotes method as follows:

    protected static String removeQuotes(String quotedString) {
        if ((!quotedString.startsWith("\"")) || 
(!quotedString.endsWith("\"")))
            return quotedString;
        if (quotedString.length() > 2) {
            return quotedString.substring(1, quotedString.length() - 1);
        } else {
            return new String();
        }
    }

This would prevent the same problem happening on any of the digest fields.

Barry.

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org