Return-Path: Delivered-To: apmail-jakarta-commons-httpclient-dev-archive@www.apache.org Received: (qmail 48401 invoked from network); 13 Sep 2003 09:48:46 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 13 Sep 2003 09:48:46 -0000 Received: (qmail 62730 invoked by uid 500); 13 Sep 2003 09:48:18 -0000 Delivered-To: apmail-jakarta-commons-httpclient-dev-archive@jakarta.apache.org Received: (qmail 62713 invoked by uid 500); 13 Sep 2003 09:48:18 -0000 Mailing-List: contact commons-httpclient-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Commons HttpClient Project" Reply-To: "Commons HttpClient Project" Delivered-To: mailing list commons-httpclient-dev@jakarta.apache.org Received: (qmail 62700 invoked from network); 13 Sep 2003 09:48:18 -0000 Received: from unknown (HELO mail6.bluewin.ch) (195.186.4.229) by daedalus.apache.org with SMTP; 13 Sep 2003 09:48:18 -0000 Received: from fatboy (213.3.33.159) by mail6.bluewin.ch (Bluewin AG 7.0.020) id 3F570712001096CF for commons-httpclient-dev@jakarta.apache.org; Sat, 13 Sep 2003 09:48:31 +0000 Subject: Re: [PATCH] Reworked digest auth From: Oleg Kalnichevski Reply-To: olegk@apache.org To: Commons HttpClient Project In-Reply-To: <3F6062B2.7080600@nose.ch> References: <3F6062B2.7080600@nose.ch> Content-Type: text/plain; charset=ISO-8859-1 Message-Id: <1063446510.2923.12.camel@kczrh-okt22.corp.bearingpoint.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Date: Sat, 13 Sep 2003 09:48:30 +0000 Content-Transfer-Encoding: 8bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Odi, The patch looks fine to me. There is just a few minor points that I would like to be considered before the patch is committed: - DigestScheme#DigestScheme( String ) constructor should probably log a warning message or even throw an exception if it encounters an unrecognised 'qop' element. Currently they are just silently ignored. - Use StringBuffer to concatenate strings in DigestScheme#createDigest( String, String ). - A test case for unsupported qop in HTTP Digest authentication would be nice. - The patch makes a few public methods private (quite appropriately in my opinion). Nobody is going to miss them, I think, however, the fact of 2.0 API breakage should be reflected in API_CHANGES_2_1.txt Cheers Oleg On Thu, 2003-09-11 at 11:55, Ortwin Gl�ck wrote: > While reviewing a Patch to include MD5-sess into the Digest > Authentication Scheme I came across a few flaws in that class. I suggest > the following changes (see attached patch): > > - The qop Parameter must be parsed correctly and not just be ignored > - The fact that it is legal to have a missing qop must not be ignored > - The class should be prepared to handle the auth-int qop option > (even though an implementation is not possible with the current design) > - The public interface of this class is narrowed (as it is not needed by > the tests any more) > - The test cases should check the actual result rather than checking for > equality after another run through the same logic. Note: This is not > simple for requests that require the client to generate a cnonce. > > The patch is against HEAD. The 2.0 branch would be unaffected by these > changes. > > Odi > > ______________________________________________________________________ > -- > To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org > For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org