You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/11/02 19:08:36 UTC
svn commit: r831987 - in /cxf/branches/2.2.x-fixes: ./
rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
Author: dkulp
Date: Mon Nov 2 18:08:36 2009
New Revision: 831987
URL: http://svn.apache.org/viewvc?rev=831987&view=rev
Log:
Merged revisions 831986 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r831986 | dkulp | 2009-11-02 13:04:44 -0500 (Mon, 02 Nov 2009) | 2 lines
[CXF-2370] Switch to StreamTokenizer for digest auth parsing to get
matched quotes working.
........
Modified:
cxf/branches/2.2.x-fixes/ (props changed)
cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
cxf/branches/2.2.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java?rev=831987&r1=831986&r2=831987&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java (original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java Mon Nov 2 18:08:36 2009
@@ -19,13 +19,15 @@
package org.apache.cxf.transport.http;
+import java.io.IOException;
+import java.io.StreamTokenizer;
+import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
-import java.util.StringTokenizer;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
@@ -60,22 +62,41 @@
return true;
}
- @Override
- public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL,
- Message message,
- String realm, String fullHeader) {
- if (fullHeader.startsWith("Digest ")) {
- Map<String, String> map = new HashMap<String, String>();
- fullHeader = fullHeader.substring(7);
- StringTokenizer tok = new StringTokenizer(fullHeader, ",=");
- while (tok.hasMoreTokens()) {
- String key = tok.nextToken().trim();
- String value = tok.nextToken().trim();
+ static Map<String, String> parseHeader(String fullHeader) {
+
+ Map<String, String> map = new HashMap<String, String>();
+ fullHeader = fullHeader.substring(7);
+ try {
+ StreamTokenizer tok = new StreamTokenizer(new StringReader(fullHeader));
+ tok.quoteChar('"');
+ tok.quoteChar('\'');
+ tok.whitespaceChars('=', '=');
+ tok.whitespaceChars(',', ',');
+
+ while (tok.nextToken() != StreamTokenizer.TT_EOF) {
+ String key = tok.sval;
+ if (tok.nextToken() == StreamTokenizer.TT_EOF) {
+ map.put(key, null);
+ return map;
+ }
+ String value = tok.sval;
if (value.charAt(0) == '"') {
value = value.substring(1, value.length() - 1);
}
map.put(key, value);
}
+ } catch (IOException ex) {
+ //ignore
+ }
+ return map;
+ }
+
+ @Override
+ public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL,
+ Message message,
+ String realm, String fullHeader) {
+ if (fullHeader.startsWith("Digest ")) {
+ Map<String, String> map = parseHeader(fullHeader);
if ("auth".equals(map.get("qop"))
|| !map.containsKey("qop")) {
DigestInfo di = new DigestInfo();
Modified: cxf/branches/2.2.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java?rev=831987&r1=831986&r2=831987&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java (original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java Mon Nov 2 18:08:36 2009
@@ -127,6 +127,17 @@
conduit.getURL().getPath(),
"/bar/foo");
}
+
+ @Test
+ public void testCXF2370() throws Exception {
+ String origNonce = "MTI0ODg3OTc5NzE2OTplZGUyYTg0Yzk2NTFkY2YyNjc1Y2JjZjU2MTUzZmQyYw==";
+ String fullHeader = "Digest realm=\"MyCompany realm.\", qop=\"auth\","
+ + "nonce=\"" + origNonce + "\"";
+ Map<String, String> map = DigestAuthSupplier.parseHeader(fullHeader);
+ assertEquals(origNonce, map.get("nonce"));
+ assertEquals("auth", map.get("qop"));
+ assertEquals("MyCompany realm.", map.get("realm"));
+ }
/**
* Verfies one of the tenents of our interface -- the Conduit sets up