Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 316320 - Digest authentication works in opposite way than set in constraint
Summary: Digest authentication works in opposite way than set in constraint
Status: CLOSED FIXED
Alias: None
Product: Jetty
Classification: RT
Component: server (show other bugs)
Version: 8.0.0   Edit
Hardware: All All
: P3 minor (vote)
Target Milestone: 7.0.2.RC0   Edit
Assignee: David Jencks CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-09 11:12 EDT by Jonas CLA
Modified: 2010-09-28 01:58 EDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jonas CLA 2010-06-09 11:12:29 EDT 
Digest authenticator validates request only if constraint authenticate property is set to false.

In org.eclipse.jetty.security.authentication.DigestAuthenticator on line 65 returns deferred authenticator while validation is mandatory.
Comment 1 Jan Bartel CLA 2010-09-27 04:24:00 EDT 
David,

Can you look into this one? The issue has been raised against 8, but it is probably the case for 7 as well.

thanks
Jan
Comment 2 David Jencks CLA 2010-09-27 14:03:02 EDT 
I'm confused by this report.  In both jetty 7 and 8 DigestAuthenticator lines 65-66 read:

        if (!mandatory)
            return _deferred;

which appears to be correct and the opposite of what the report claims.  I need more information to proceed.
Comment 3 Jonas CLA 2010-09-28 01:21:26 EDT 
I checked it once again and found out that it was a bug in version 8.0.0.M0 (the artifact I checked can be found at http://mirrors.ibiblio.org/pub/mirrors/maven2/org/eclipse/jetty/jetty-security/8.0.0.M0/jetty-security-8.0.0.M0-sources.jar), however in version 8.0.0.M1 it is now fixed.
Comment 4 Jan Bartel CLA 2010-09-28 01:58:31 EDT 
Jonas,

Thanks for letting us know. I'm closing this issue.