RE: WebDAV using Tomcat 5 and Dreamweaver 7.0.1

Fri, 13 Aug 2004 14:00:15 -0700 

Looking at the headers the nc value in the header from dreamweaver is quoted. My
reading of RFC2617 is that the nc value should not be quoted. Tomcat removes
quotes from those parameters that are allowed to be quoted.

Quoting selectively from RFC2617:

       nonce-count      = "nc" "=" nc-value
       nc-value         = 8LHEX
       LHEX             =  "0" | "1" | "2" | "3" |
                           "4" | "5" | "6" | "7" |
                           "8" | "9" | "a" | "b" |
                           "c" | "d" | "e" | "f"


Mark

> -----Original Message-----
> From: Robert Hunt [mailto:[EMAIL PROTECTED] 
> Sent: Friday, August 13, 2004 5:51 AM
> To: [EMAIL PROTECTED]
> Subject: WebDAV using Tomcat 5 and Dreamweaver 7.0.1
> 
> I'm having problems with using Dreamweaver to access a Tomcat WebDAV
> environment.  The web.xml file uses <security-constraint> and a
> <login-config> (DIGEST) to produce the authentication 
> challenge (sc 401).
> Every time, DW continues to receive a 401 status.
> 
> I rolled my own digest authentication (according to RFC2069 & 
> 2617) and
> found that DW returns an authorization header that does NOT 
> contain spaces
> between the parameters, where NS (7) and IE(6) do.  
> Accounting for this, my
> webdav servlet (extension of Catalina's
> WebdavServlet
> 
> ) can match DW's digest response and not trip a 401.
> 
> Dreamweaver response:
> ----------------------------
> authorization=Digest
> username="userX",realm="/webdav1",nonce="f776f4450e9673ad73b0f
> 1b3f7ec2d55",u
> ri="/webdav1/",qop="auth",nc="00000001",cnonce="411c41d4",resp
> onse="24bc402d
> 885b5b12f895a850e5efed1a",opaque=""
> ----------------------------
> 
> Netscape response:
> ----------------------------
> header=authorization=Digest username="userX", realm="/webdav1",
> nonce="669d20f8bf4fe0af6433bc8c2c295581", uri="/webdav1/",
> response="c44573ae2284658d1de62f2d5154acc0", qop=auth, nc=00000001,
> cnonce="082c875dcb2ca740"
> ----------------------------
> 
> 
> A quick look at the RFC's and I can't find whether 
> param-comma-space-param
> is required or param-comma-param, but it's late and RFCs are 
> notorious for
> giving one heavy eyelids.  Can anyone tell me which is 
> correct?  (So I can
> go submit a bug?)
> 
> Not this should be such a picky issue; whitespace between the 
> parameters
> (from none to lots) should not be what trips up the authentication.
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to