8275534: com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string

[FrauBoes]

This change ensures that the realm string passed to the BasicAuthenticator constructor is a quoted-string, as per RFC7230 [1]. A Utils class is added to jdk.httpserver/sun.net.httpserver that holds the new isQuotedString() method and the pre-existing isValidName() method (previously in ServerImpl.)
Two tests are included:

• BasicAuthenticatorRealm.java to check that Latin-1 chars in the realm string are transported correctly,
• BasicAuthenticatorExceptionCheck.java to check realm strings with escaped quotes.

Testing: tier 1-3.

[1] https://datatracker.ietf.org/doc/html/rfc7230

---

Progress

• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change must be properly reviewed

Issue

• JDK-8275534: com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string

Reviewers

• Michael McMahon (@Michael-Mc-Mahon - Reviewer)
• Daniel Fuchs (@dfuch - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/6117/head:pull/6117
$ git checkout pull/6117

Update a local copy of the PR:
$ git checkout pull/6117
$ git pull https://git.openjdk.java.net/jdk pull/6117/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 6117

View PR using the GUI difftool:
$ git pr show -t 6117

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/6117.diff

[bridgekeeper]

👋 Welcome back jboes! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[FrauBoes]

/csr needed

[openjdk]

@FrauBoes has indicated that a compatibility and specification (CSR) request is needed for this pull request.
@FrauBoes please create a CSR request for issue JDK-8275534. This pull request cannot be integrated until the CSR request is approved.

[openjdk]

@FrauBoes The following label will be automatically applied to this pull request:

• net

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 01: Full - Incremental (556330d5)
• 00: Full (6cb5ce86)

[Michael-Mc-Mahon]

Same point as above

[Michael-Mc-Mahon]

LGTM

[openjdk]

@FrauBoes This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8275534: com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string

Reviewed-by: michaelm, dfuchs

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 106 new commits pushed to the master branch:

• be1ca2b: 8276298: G1: Remove unused G1SegmentedArrayBufferList::add
• a316c06: 8275730: Relax memory constraint on MultiThreadedRefCounter
• 6150633: 8276348: Use blessed modifier order in java.base
• 465d350: 8276157: C2: Compiler stack overflow during escape analysis on Linux x86_32
• 7439b59: 8276044: ciReplay: C1 does not dump a replay file when using DumpReplay as compile command option
• 87b926e: 8275086: compiler/c2/irTests/TestPostParseCallDevirtualization.java fails when compiler1 is disabled
• 2b02b6f: 8274942: AssertionError at jdk.compiler/com.sun.tools.javac.util.Assert.error(Assert.java:155)
• bb92fb0: 8274930: sun/tools/jps/TestJps.java can fail with long VM arguments string
• 6a04899: 8275840: Add test to java/nio/channels/Channels/TransferTo.java to test transfer sizes > 2GB
• 01105d6: 8276367: ProblemList vmTestbase/nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption/TestDescription.java
• ... and 96 more: https://git.openjdk.java.net/jdk/compare/3ff085e2967508ad312c9d32fa908807aefe69ee...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[FrauBoes]

/integrate

[openjdk]

Going to push as commit ee49963.
Since your change was applied there have been 124 commits pushed to the master branch:

• 3613ce7: 8275586: Zero: Simplify interpreter initialization
• c62b347: 8276623: JDK-8275650 accidentally pushed "out" file
• a1f4c42: 8276227: ciReplay: SIGSEGV if classfile for replay compilation is not present after JDK-8275868
• 9eadcbb: 8276217: Harmonize StrictMath intrinsics handling
• fb0be81: 8276096: Simplify Unsafe.{load|store}Fence fallbacks by delegating to fullFence
• 558ee40: 8276615: Update CR number of some tests in ProblemList-zgc.txt
• 603bba2: 8271420: Extend CDS custom loader support to Windows platform
• ce8c767: 8276220: Reduce excessive allocations in DateTimeFormatter
• 0ab910d: 8276066: Reset LoopPercentProfileLimit for x86 due to suboptimal performance
• f3320d2: 8276588: Change "ccc" to "CSR" in HotSpot sources
• ... and 114 more: https://git.openjdk.java.net/jdk/compare/3ff085e2967508ad312c9d32fa908807aefe69ee...master

Your commit was automatically rebased without conflicts.

[openjdk]

@FrauBoes Pushed as commit ee49963.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.