[Bug 54060] New: DigestAuthenticator doesn't parse Authorization header correctly

bugzilla Sun, 28 Oct 2012 14:37:17 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=54060


          Priority: P2
            Bug ID: 54060
          Assignee: dev@tomcat.apache.org
           Summary: DigestAuthenticator doesn't parse Authorization header
                    correctly
          Severity: normal
    Classification: Unclassified
                OS: Linux
          Reporter: mthorn...@optrak.com
          Hardware: PC
            Status: NEW
           Version: 7.0.30
         Component: Catalina
           Product: Tomcat 7

>From DigestAuthenticator at line 546

            // Bugzilla 37132:
http://issues.apache.org/bugzilla/show_bug.cgi?id=37132
            String[] tokens =
authorization.split(",(?=(?:[^\"]*\"[^\"]*\")+$)");

if the last term in the line is not enclosed in quotes, only a single 'term'
results. For example:

Header: username="mthornton", qop=auth
token[0] is username="mthornton", qop=auth

Header: username="mthornton", qop=auth, cnonce="9926cb3c334ede11"
token[0] is username="mthornton"
token[1] is  qop=auth
token[2] is  cnonce="9926cb3c334ede11"

(Headers abbreviated for clarity).

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 54060] New: DigestAuthenticator doesn't parse Authorization header correctly

Reply via email to