tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 9851] - Digest Authentication Doesn't Work Properly with Mozilla
Date Fri, 30 May 2003 16:57:18 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9851>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9851

Digest  Authentication Doesn't Work Properly with Mozilla

jcestiba@yahoo.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |



------- Additional Comments From jcestiba@yahoo.com  2003-05-30 16:57 -------
In fact rfc2617 sec. 1.2 allows unquoted parameters:   
auth-param     = token "=" ( token | quoted-string )   
   
and none of the parameters defined in sec. 3.2.2 requires quotes, only in the   
realm-value (which is defined in sec. 1.2 for all authentication schemes) does:   
      realm       = "realm" "=" realm-value   
      realm-value = quoted-string   
   
so any client could send any parameter without quotes, here is an example from   
amaya:   
   
Digest   
username="admin",realm="Test",nonce="1db89a32eb4dbb7e24a62a6d0814c50e",uri="/test",qop=auth,nc=00000001
  
,cnonce="012345678",response=863092c9a25115868640b6e016c2329d,opaque=992b892c6f47ff99b9fef0cb4d425c09
  
   
The attached patch addresses this problem, the patch is against this rev:   
   
 * $Header:   
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java,v
  
1.11 2003/03/24 23:19:19 keith Exp $   
 * $Revision: 1.11 $   
 * $Date: 2003/03/24 23:19:19 $

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message