tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Kissinger <...@windchill.com>
Subject Basic authentication in AuthServlet
Date Tue, 04 Apr 2000 00:55:29 GMT
When examples/* is constrained to Basic authentication, the headers
returned are:

WWW-Authenticate: Basic "examples"

Shouldn't this be:

WWW-Authenticate: Basic realm="examples"

It appears to work either way with Netscape, but we have other
classes/apps which only handle the latter.  According to the RFC

       challenge      = auth-scheme 1*SP realm *( "," auth-param )
       realm          = "realm" "=" realm-value
       realm-value    = quoted-string

Am I missing something?


Changing org.apache.tomcat.servlets.AuthServlet works for me:
       response.setHeader( "WWW-Authenticate", "Basic realm=\"" + realm
+ "\"");


-Jason


Mime
View raw message