Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8275534

com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P4
    • 18
    • 6, 18
    • core-libs
    • None
    • b23

    Description

      The value of the basic authentication realm is defined by RFC 7617 as a free-form string - which therefore may contain quotes.
      The BasicAuthenticator embeds the string directly in the WWW-Authenticate challenge, without escaping any quotes it may contain.

      The API documentation of BasicAuthenticator should either be clarified, or its behavior changed to escape quotes before embedding the realm string in the WWW-Authenticate header value.

      Attachments

        Issue Links

          Activity

            People

              jboes Julia Boes (Inactive)
              dfuchs Daniel Fuchs
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: