svn commit: r1459062 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/authenticator/ test/org/apache/catalina/authenticator/

Wed, 20 Mar 2013 14:18:50 -0700 

Author: markt
Date: Wed Mar 20 21:18:27 2013
New Revision: 1459062

URL: http://svn.apache.org/r1459062
Log:
Switching to the new Decoder has fixed a couple of TODOs. Update the comments 
and tests accordingly.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
    
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
    
tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1459061

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java?rev=1459062&r1=1459061&r2=1459062&view=diff
==============================================================================
--- 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
 Wed Mar 20 21:18:27 2013
@@ -135,8 +135,6 @@ public class BasicAuthenticator
             ByteChunk authorizationBC = authorization.getByteChunk();
             if (authorizationBC.startsWithIgnoreCase("basic ", 0)) {
                 authorizationBC.setOffset(authorizationBC.getOffset() + 6);
-                // FIXME: Add trimming
-                // authorizationBC.trim();
                 
                 // Use the StringCache as these will be the same between
                 // requests

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1459062&r1=1459061&r2=1459062&view=diff
==============================================================================
--- 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
 Wed Mar 20 21:18:27 2013
@@ -191,8 +191,6 @@ public class SpnegoAuthenticator extends
         }
 
         authorizationBC.setOffset(authorizationBC.getOffset() + 10);
-        // FIXME: Add trimming
-        // authorizationBC.trim();
                 
         // Create the String directly as this will change on each request and 
we
         // don't want to use the StringCache

Modified: 
tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java?rev=1459062&r1=1459061&r2=1459062&view=diff
==============================================================================
--- 
tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
 Wed Mar 20 21:18:27 2013
@@ -197,18 +197,20 @@ public class TestNonLoginAndBasicAuthent
      * This is the same as testAcceptProtectedBasic (above), except
      * using excess white space after the authentication method.
      *
-     * The request is rejected with 401 SC_UNAUTHORIZED status.
+     * The access will be challenged with 401 SC_UNAUTHORIZED, and then be
+     * permitted once authenticated.
      *
-     * TODO: RFC2617 does not define the separation syntax between the
-     *       auth-scheme and basic-credentials tokens. Tomcat should tolerate
-     *       any reasonable amount of white space and return SC_OK.
+     * RFC2617 does not define the separation syntax between the auth-scheme 
and
+     * basic-credentials tokens. Tomcat tolerates any amount of white space
+     * (within the limits of HTTP header sizes) and returns SC_OK.
      */
     @Test
     public void testAuthMethodExtraSpace() throws Exception {
         doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, NO_CREDENTIALS,
                 NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
         doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, SPACED_BASE64,
-                NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
+                NO_COOKIES, HttpServletResponse.SC_OK);
+
     }
 
     /*



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to