Looks fine.
- Michael.
Chris Hegarty wrote:
Michael,
A minor change to the encoder used for Basic Authentication.
Webrev:
http://cr.openjdk.java.net/~chegar/6947917/webrev.00/webrev/
The Basic Authentication implementation,
sun.net.www.protocol.http.BasicAuthentication, uses a
sun.misc.BASE64Encoder to encode the Authentication headers field
value. The sun.misc.BASE64Encoder class encodes 57 bytes per line.
This results in a maximum of 57/3 * 4, or 76, characters per output
line (not counting the line termination) before writing a LineSuffix,
i.e. a newline character.
With long long usernames and/or passwords it is possible to generate a
header value with more than 76 characters, therefore causing a newline
character to be returned as part of the header value. This violates
the HTTP spec for Message Headers, which states that "Header fields
can be extended over multiple lines by preceding each extra line with
at least one SP or HT.".
We should increase the number of bytes per line for the encoder used
for Basic Authentication, similar to what is done in
NegotiateAuthentication.
-Chris.
