cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r831987 - in /cxf/branches/2.2.x-fixes: ./ rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
Date Mon, 02 Nov 2009 18:08:36 GMT
Author: dkulp
Date: Mon Nov  2 18:08:36 2009
New Revision: 831987

URL: http://svn.apache.org/viewvc?rev=831987&view=rev
Log:
Merged revisions 831986 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r831986 | dkulp | 2009-11-02 13:04:44 -0500 (Mon, 02 Nov 2009) | 2 lines
  
  [CXF-2370] Switch to StreamTokenizer for digest auth parsing to get
  matched quotes working.
........

Modified:
    cxf/branches/2.2.x-fixes/   (props changed)
    cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
    cxf/branches/2.2.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java

Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java?rev=831987&r1=831986&r2=831987&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
Mon Nov  2 18:08:36 2009
@@ -19,13 +19,15 @@
 
 package org.apache.cxf.transport.http;
 
+import java.io.IOException;
+import java.io.StreamTokenizer;
+import java.io.StringReader;
 import java.io.UnsupportedEncodingException;
 import java.net.URL;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.StringTokenizer;
 import java.util.concurrent.ConcurrentHashMap;
 
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
@@ -60,22 +62,41 @@
         return true;
     }
     
-    @Override
-    public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL,
-                                           Message message,
-                                           String realm, String fullHeader) {
-        if (fullHeader.startsWith("Digest ")) {
-            Map<String, String> map = new HashMap<String, String>();
-            fullHeader = fullHeader.substring(7);
-            StringTokenizer tok = new StringTokenizer(fullHeader, ",=");
-            while (tok.hasMoreTokens()) {
-                String key = tok.nextToken().trim();
-                String value = tok.nextToken().trim();
+    static Map<String, String> parseHeader(String fullHeader) {
+        
+        Map<String, String> map = new HashMap<String, String>();
+        fullHeader = fullHeader.substring(7);
+        try {
+            StreamTokenizer tok = new StreamTokenizer(new StringReader(fullHeader));
+            tok.quoteChar('"');
+            tok.quoteChar('\'');
+            tok.whitespaceChars('=', '=');
+            tok.whitespaceChars(',', ',');
+            
+            while (tok.nextToken() != StreamTokenizer.TT_EOF) {
+                String key = tok.sval;
+                if (tok.nextToken() == StreamTokenizer.TT_EOF) {
+                    map.put(key, null);
+                    return map;
+                }
+                String value = tok.sval;
                 if (value.charAt(0) == '"') {
                     value = value.substring(1, value.length() - 1);
                 }
                 map.put(key, value);
             }
+        } catch (IOException ex) {
+            //ignore
+        }
+        return map;
+    }
+    
+    @Override
+    public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL,
+                                           Message message,
+                                           String realm, String fullHeader) {
+        if (fullHeader.startsWith("Digest ")) {
+            Map<String, String> map = parseHeader(fullHeader);
             if ("auth".equals(map.get("qop"))
                 || !map.containsKey("qop")) {
                 DigestInfo di = new DigestInfo();

Modified: cxf/branches/2.2.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java?rev=831987&r1=831986&r2=831987&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
Mon Nov  2 18:08:36 2009
@@ -127,6 +127,17 @@
                      conduit.getURL().getPath(),
                      "/bar/foo");
     }
+    
+    @Test
+    public void testCXF2370() throws Exception {
+        String origNonce = "MTI0ODg3OTc5NzE2OTplZGUyYTg0Yzk2NTFkY2YyNjc1Y2JjZjU2MTUzZmQyYw==";
+        String fullHeader = "Digest realm=\"MyCompany realm.\", qop=\"auth\","
+            + "nonce=\"" + origNonce + "\"";
+        Map<String, String> map = DigestAuthSupplier.parseHeader(fullHeader);
+        assertEquals(origNonce, map.get("nonce"));
+        assertEquals("auth", map.get("qop"));
+        assertEquals("MyCompany realm.", map.get("realm"));
+    }
 
     /**
      * Verfies one of the tenents of our interface -- the Conduit sets up



Mime
View raw message