Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8275534: com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string #6117

Closed
wants to merge 2 commits into from

Conversation

FrauBoes
Copy link
Member

@FrauBoes FrauBoes commented Oct 26, 2021

This change ensures that the realm string passed to the BasicAuthenticator constructor is a quoted-string, as per RFC7230 [1]. A Utils class is added to jdk.httpserver/sun.net.httpserver that holds the new isQuotedString() method and the pre-existing isValidName() method (previously in ServerImpl.)
Two tests are included:

  • BasicAuthenticatorRealm.java to check that Latin-1 chars in the realm string are transported correctly,
  • BasicAuthenticatorExceptionCheck.java to check realm strings with escaped quotes.

Testing: tier 1-3.

[1] https://datatracker.ietf.org/doc/html/rfc7230


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issue

  • JDK-8275534: com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/6117/head:pull/6117
$ git checkout pull/6117

Update a local copy of the PR:
$ git checkout pull/6117
$ git pull https://git.openjdk.java.net/jdk pull/6117/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 6117

View PR using the GUI difftool:
$ git pr show -t 6117

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/6117.diff

@bridgekeeper
Copy link

@bridgekeeper bridgekeeper bot commented Oct 26, 2021

👋 Welcome back jboes! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@FrauBoes
Copy link
Member Author

@FrauBoes FrauBoes commented Oct 26, 2021

/csr needed

@openjdk openjdk bot added rfr csr labels Oct 26, 2021
@openjdk
Copy link

@openjdk openjdk bot commented Oct 26, 2021

@FrauBoes has indicated that a compatibility and specification (CSR) request is needed for this pull request.
@FrauBoes please create a CSR request for issue JDK-8275534. This pull request cannot be integrated until the CSR request is approved.

@openjdk
Copy link

@openjdk openjdk bot commented Oct 26, 2021

@FrauBoes The following label will be automatically applied to this pull request:

  • net

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

@openjdk openjdk bot added the net label Oct 26, 2021
@mlbridge
Copy link

@mlbridge mlbridge bot commented Oct 26, 2021

Webrevs

@@ -65,16 +72,23 @@ public BasicAuthenticator (String realm) {
* @apiNote {@code UTF-8} is the recommended charset because its usage is
* communicated to the client, and therefore more likely to be used also
* by the client.
* <p>Where a backslash ("\") is used as quoting mechanism within the realm
* string, it must be escaped by two preceding backslashes, for example
* {@code "foo\\\"bar\\\""} will be embedded as {@code "foo\"bar\""}.
Copy link
Member

@Michael-Mc-Mahon Michael-Mc-Mahon Oct 27, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same point as above

* change method name to isQuotedStringContent
* update api note and throws declaration
dfuch
dfuch approved these changes Nov 1, 2021
Copy link
Member

@Michael-Mc-Mahon Michael-Mc-Mahon left a comment

LGTM

@openjdk openjdk bot removed the csr label Nov 3, 2021
@openjdk
Copy link

@openjdk openjdk bot commented Nov 3, 2021

@FrauBoes This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8275534: com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string

Reviewed-by: michaelm, dfuchs

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 106 new commits pushed to the master branch:

  • be1ca2b: 8276298: G1: Remove unused G1SegmentedArrayBufferList::add
  • a316c06: 8275730: Relax memory constraint on MultiThreadedRefCounter
  • 6150633: 8276348: Use blessed modifier order in java.base
  • 465d350: 8276157: C2: Compiler stack overflow during escape analysis on Linux x86_32
  • 7439b59: 8276044: ciReplay: C1 does not dump a replay file when using DumpReplay as compile command option
  • 87b926e: 8275086: compiler/c2/irTests/TestPostParseCallDevirtualization.java fails when compiler1 is disabled
  • 2b02b6f: 8274942: AssertionError at jdk.compiler/com.sun.tools.javac.util.Assert.error(Assert.java:155)
  • bb92fb0: 8274930: sun/tools/jps/TestJps.java can fail with long VM arguments string
  • 6a04899: 8275840: Add test to java/nio/channels/Channels/TransferTo.java to test transfer sizes > 2GB
  • 01105d6: 8276367: ProblemList vmTestbase/nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption/TestDescription.java
  • ... and 96 more: https://git.openjdk.java.net/jdk/compare/3ff085e2967508ad312c9d32fa908807aefe69ee...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added the ready label Nov 3, 2021
@FrauBoes
Copy link
Member Author

@FrauBoes FrauBoes commented Nov 4, 2021

/integrate

@openjdk
Copy link

@openjdk openjdk bot commented Nov 4, 2021

Going to push as commit ee49963.
Since your change was applied there have been 124 commits pushed to the master branch:

  • 3613ce7: 8275586: Zero: Simplify interpreter initialization
  • c62b347: 8276623: JDK-8275650 accidentally pushed "out" file
  • a1f4c42: 8276227: ciReplay: SIGSEGV if classfile for replay compilation is not present after JDK-8275868
  • 9eadcbb: 8276217: Harmonize StrictMath intrinsics handling
  • fb0be81: 8276096: Simplify Unsafe.{load|store}Fence fallbacks by delegating to fullFence
  • 558ee40: 8276615: Update CR number of some tests in ProblemList-zgc.txt
  • 603bba2: 8271420: Extend CDS custom loader support to Windows platform
  • ce8c767: 8276220: Reduce excessive allocations in DateTimeFormatter
  • 0ab910d: 8276066: Reset LoopPercentProfileLimit for x86 due to suboptimal performance
  • f3320d2: 8276588: Change "ccc" to "CSR" in HotSpot sources
  • ... and 114 more: https://git.openjdk.java.net/jdk/compare/3ff085e2967508ad312c9d32fa908807aefe69ee...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot closed this Nov 4, 2021
@openjdk openjdk bot added integrated and removed ready rfr labels Nov 4, 2021
@openjdk
Copy link

@openjdk openjdk bot commented Nov 4, 2021

@FrauBoes Pushed as commit ee49963.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@FrauBoes FrauBoes deleted the 8275534-basicauth branch Nov 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
integrated net
3 participants