Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8275534

com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 18
    • 6, 18
    • core-libs
    • None
    • b23

      The value of the basic authentication realm is defined by RFC 7617 as a free-form string - which therefore may contain quotes.
      The BasicAuthenticator embeds the string directly in the WWW-Authenticate challenge, without escaping any quotes it may contain.

      The API documentation of BasicAuthenticator should either be clarified, or its behavior changed to escape quotes before embedding the realm string in the WWW-Authenticate header value.

            jboes Julia Boes (Inactive)
            dfuchs Daniel Fuchs
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: