Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #5845 - Use UTF-8 encoding for client basic auth if requested. #5847

Merged
merged 4 commits into from
Jan 12, 2021

Conversation

sbordet
Copy link
Contributor

@sbordet sbordet commented Dec 29, 2020

  • Introduced get/setCharset in BasicAuthenticator on server-side.
  • Looking for the "charset" parameter on the client-side, and if there, use it.
  • Added test case.
  • Code cleanups.

Signed-off-by: Simone Bordet simone.bordet@gmail.com

* Introduced get/setCharset in BasicAuthenticator on server-side.
* Looking for the "charset" parameter on the client-side, and if there, use it.
* Added test case.
* Code cleanups.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
@sbordet sbordet linked an issue Dec 29, 2020 that may be closed by this pull request
@sbordet sbordet requested a review from gregw December 29, 2020 16:59
Don't use unicode sequences to please CheckStyle.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Disable CheckStyle check so that the unicode sequence in the test matches that in realm.properties.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but perhaps precompute challenge string (or even field)

Comment on lines +100 to +104
String value = "basic realm=\"" + _loginService.getName() + "\"";
Charset charset = getCharset();
if (charset != null)
value += ", charset=\"" + charset.name() + "\"";
response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), value);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe pre compute this string rather than recreate on every request?

@sbordet sbordet merged commit 6e1cd86 into jetty-9.4.x Jan 12, 2021
@sbordet sbordet deleted the jetty-9.4.x-5845-basic_auth_charset branch January 12, 2021 10:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Use UTF-8 encoding for client basic auth if requested
2 participants