Looking at this again alongside http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22563 I still think this token should not be quoted but I have patched both TC4 and TC5 to remove the quotes if they are present.
Mark > -----Original Message----- > From: Mark Thomas [mailto:[EMAIL PROTECTED] > Sent: Friday, August 13, 2004 10:00 PM > To: 'Tomcat Users List' > Subject: RE: WebDAV using Tomcat 5 and Dreamweaver 7.0.1 > > Looking at the headers the nc value in the header from > dreamweaver is quoted. My > reading of RFC2617 is that the nc value should not be quoted. > Tomcat removes > quotes from those parameters that are allowed to be quoted. > > Quoting selectively from RFC2617: > > nonce-count = "nc" "=" nc-value > nc-value = 8LHEX > LHEX = "0" | "1" | "2" | "3" | > "4" | "5" | "6" | "7" | > "8" | "9" | "a" | "b" | > "c" | "d" | "e" | "f" > > > Mark > > > -----Original Message----- > > From: Robert Hunt [mailto:[EMAIL PROTECTED] > > Sent: Friday, August 13, 2004 5:51 AM > > To: [EMAIL PROTECTED] > > Subject: WebDAV using Tomcat 5 and Dreamweaver 7.0.1 > > > > I'm having problems with using Dreamweaver to access a Tomcat WebDAV > > environment. The web.xml file uses <security-constraint> and a > > <login-config> (DIGEST) to produce the authentication > > challenge (sc 401). > > Every time, DW continues to receive a 401 status. > > > > I rolled my own digest authentication (according to RFC2069 & > > 2617) and > > found that DW returns an authorization header that does NOT > > contain spaces > > between the parameters, where NS (7) and IE(6) do. > > Accounting for this, my > > webdav servlet (extension of Catalina's > > WebdavServlet > > > > ) can match DW's digest response and not trip a 401. > > > > Dreamweaver response: > > ---------------------------- > > authorization=Digest > > username="userX",realm="/webdav1",nonce="f776f4450e9673ad73b0f > > 1b3f7ec2d55",u > > ri="/webdav1/",qop="auth",nc="00000001",cnonce="411c41d4",resp > > onse="24bc402d > > 885b5b12f895a850e5efed1a",opaque="" > > ---------------------------- > > > > Netscape response: > > ---------------------------- > > header=authorization=Digest username="userX", realm="/webdav1", > > nonce="669d20f8bf4fe0af6433bc8c2c295581", uri="/webdav1/", > > response="c44573ae2284658d1de62f2d5154acc0", qop=auth, nc=00000001, > > cnonce="082c875dcb2ca740" > > ---------------------------- > > > > > > A quick look at the RFC's and I can't find whether > > param-comma-space-param > > is required or param-comma-param, but it's late and RFCs are > > notorious for > > giving one heavy eyelids. Can anyone tell me which is > > correct? (So I can > > go submit a bug?) > > > > Not this should be such a picky issue; whitespace between the > > parameters > > (from none to lots) should not be what trips up the authentication. > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
