362447 – Maximum nonce age updatability broken

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 362447 - Maximum nonce age updatability broken

Summary: Maximum nonce age updatability broken

Status:	RESOLVED FIXED

Alias:	None

Product:	Jetty
Classification:	RT
Component:	other (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P3 normal (vote)
Target Milestone:	7.5.x
Assignee:	Jesse McConnell
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-10-31 00:51 EDT by Matthew Long
Modified:	2011-11-02 17:39 EDT (History)
CC List:	0 users

See Also:

Attachments
DigestAuthenticator patch for updatable max nonce age (13.63 KB, patch) 2011-10-31 01:05 EDT, Matthew Long	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthew Long

2011-10-31 00:51:49 EDT

Build Identifier: 8.0.4.v20111024

The issue of an updatable maximum nonce age was raised in https://bugs.eclipse.org/bugs/show_bug.cgi?id=326734 and the suggested solution was to extend the DigestAuthenticator class in order to set the maxNonceAge field.
This field has been made private, breaking the suggested solution.
In addition the alternative method of setting the maximum nonce age is not thread safe.
It would be nice if a setter could be added for the max nonce age, or the field made protected again.

Reproducible: Always

Steps to Reproduce:
N/A

Comment 1 Matthew Long

2011-10-31 01:05:24 EDT

Created attachment 206188 [details]
DigestAuthenticator patch for updatable max nonce age

I've attached a suggested patch to add a setter to the DigestAuthenticator and add thread safety to the field.

Comment 2 Jesse McConnell

2011-11-02 17:39:58 EDT

fixed on master, will be merged to jetty 8 on next merge