Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8275534

com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 6, 18
    • Fix Version/s: 18
    • Component/s: core-libs
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b23

      Description

      The value of the basic authentication realm is defined by RFC 7617 as a free-form string - which therefore may contain quotes.
      The BasicAuthenticator embeds the string directly in the WWW-Authenticate challenge, without escaping any quotes it may contain.

      The API documentation of BasicAuthenticator should either be clarified, or its behavior changed to escape quotes before embedding the realm string in the WWW-Authenticate header value.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jboes Julia Boes (Inactive)
              Reporter:
              dfuchs Daniel Fuchs
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: