tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: Basic authentication in AuthServlet
Date Tue, 04 Apr 2000 01:23:46 GMT
Jason,

Thanks for catching this.  I just checked in a patch as you suggested, and
confirmed that it operates with both Netscape and IE correctly.

In the future, could you please report problems via Bugzilla on the web
site (http://jakarta.apache.org/bugs)?  That way, you don't run the risk of
having a bug report buried in the high volume of messages on the mailing
list.

Craig McClanahan


Jason Kissinger wrote:

> When examples/* is constrained to Basic authentication, the headers
> returned are:
>
> WWW-Authenticate: Basic "examples"
>
> Shouldn't this be:
>
> WWW-Authenticate: Basic realm="examples"
>
> It appears to work either way with Netscape, but we have other
> classes/apps which only handle the latter.  According to the RFC
>
>        challenge      = auth-scheme 1*SP realm *( "," auth-param )
>        realm          = "realm" "=" realm-value
>        realm-value    = quoted-string
>
> Am I missing something?
>
> Changing org.apache.tomcat.servlets.AuthServlet works for me:
>        response.setHeader( "WWW-Authenticate", "Basic realm=\"" + realm
> + "\"");
>
> -Jason
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message