Author: dkulp Date: Mon Nov 2 18:10:29 2009 New Revision: 831990 URL: http://svn.apache.org/viewvc?rev=831990&view=rev Log: Merged revisions 831987 via svnmerge from https://svn.apache.org/repos/asf/cxf/branches/2.2.x-fixes
................ r831987 | dkulp | 2009-11-02 13:08:36 -0500 (Mon, 02 Nov 2009) | 10 lines Merged revisions 831986 via svnmerge from https://svn.apache.org/repos/asf/cxf/trunk ........ r831986 | dkulp | 2009-11-02 13:04:44 -0500 (Mon, 02 Nov 2009) | 2 lines [CXF-2370] Switch to StreamTokenizer for digest auth parsing to get matched quotes working. ........ ................ Modified: cxf/branches/2.1.x-fixes/ (props changed) cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java cxf/branches/2.1.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java Propchange: cxf/branches/2.1.x-fixes/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Nov 2 18:10:29 2009 @@ -1 +1 @@ -/cxf/branches/2.2.x-fixes:831499 +/cxf/branches/2.2.x-fixes:831499,831987 Propchange: cxf/branches/2.1.x-fixes/ ------------------------------------------------------------------------------ Binary property 'svnmerge-integrated' - no diff available. Modified: cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java?rev=831990&r1=831989&r2=831990&view=diff ============================================================================== --- cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java (original) +++ cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java Mon Nov 2 18:10:29 2009 @@ -19,13 +19,15 @@ package org.apache.cxf.transport.http; +import java.io.IOException; +import java.io.StreamTokenizer; +import java.io.StringReader; import java.io.UnsupportedEncodingException; import java.net.URL; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.HashMap; import java.util.Map; -import java.util.StringTokenizer; import java.util.concurrent.ConcurrentHashMap; import org.apache.cxf.configuration.security.AuthorizationPolicy; @@ -60,22 +62,41 @@ return true; } - @Override - public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL, - Message message, - String realm, String fullHeader) { - if (fullHeader.startsWith("Digest ")) { - Map<String, String> map = new HashMap<String, String>(); - fullHeader = fullHeader.substring(7); - StringTokenizer tok = new StringTokenizer(fullHeader, ",="); - while (tok.hasMoreTokens()) { - String key = tok.nextToken().trim(); - String value = tok.nextToken().trim(); + static Map<String, String> parseHeader(String fullHeader) { + + Map<String, String> map = new HashMap<String, String>(); + fullHeader = fullHeader.substring(7); + try { + StreamTokenizer tok = new StreamTokenizer(new StringReader(fullHeader)); + tok.quoteChar('"'); + tok.quoteChar('\''); + tok.whitespaceChars('=', '='); + tok.whitespaceChars(',', ','); + + while (tok.nextToken() != StreamTokenizer.TT_EOF) { + String key = tok.sval; + if (tok.nextToken() == StreamTokenizer.TT_EOF) { + map.put(key, null); + return map; + } + String value = tok.sval; if (value.charAt(0) == '"') { value = value.substring(1, value.length() - 1); } map.put(key, value); } + } catch (IOException ex) { + //ignore + } + return map; + } + + @Override + public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL, + Message message, + String realm, String fullHeader) { + if (fullHeader.startsWith("Digest ")) { + Map<String, String> map = parseHeader(fullHeader); if ("auth".equals(map.get("qop")) || !map.containsKey("qop")) { DigestInfo di = new DigestInfo(); Modified: cxf/branches/2.1.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java?rev=831990&r1=831989&r2=831990&view=diff ============================================================================== --- cxf/branches/2.1.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java (original) +++ cxf/branches/2.1.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java Mon Nov 2 18:10:29 2009 @@ -127,6 +127,17 @@ conduit.getURL().getPath(), "/bar/foo"); } + + @Test + public void testCXF2370() throws Exception { + String origNonce = "MTI0ODg3OTc5NzE2OTplZGUyYTg0Yzk2NTFkY2YyNjc1Y2JjZjU2MTUzZmQyYw=="; + String fullHeader = "Digest realm=\"MyCompany realm.\", qop=\"auth\"," + + "nonce=\"" + origNonce + "\""; + Map<String, String> map = DigestAuthSupplier.parseHeader(fullHeader); + assertEquals(origNonce, map.get("nonce")); + assertEquals("auth", map.get("qop")); + assertEquals("MyCompany realm.", map.get("realm")); + } /** * Verfies one of the tenents of our interface -- the Conduit sets up
