View | Details | Raw Unified | Return to bug 55101
Collapse All | Expand All

(-)test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java (-16 / +6 lines)
Lines 216-253 Link Here
216
216
217
    /*
217
    /*
218
     * This is the same as testAcceptProtectedBasic (above), except
218
     * This is the same as testAcceptProtectedBasic (above), except
219
     * using white space around the username credential.
219
     * using white space around the username credential. The request
220
     *
220
     * is accepted.
221
     * The request is rejected with 401 SC_UNAUTHORIZED status.
222
     *
223
     * TODO: RFC2617 does not define the separation syntax between the
224
     *       auth-scheme and basic-credentials tokens. Tomcat should tolerate
225
     *       any reasonable amount of white space and return SC_OK.
226
     */
221
     */
227
    @Test
222
    @Test
228
    public void testUserExtraSpace() throws Exception {
223
    public void testUserExtraSpace() throws Exception {
229
        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, NO_CREDENTIALS,
224
        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, NO_CREDENTIALS,
230
                NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
225
                NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
231
        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, SPACED_USERNAME,
226
        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, SPACED_USERNAME,
232
                NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
227
                NO_COOKIES, HttpServletResponse.SC_OK);
233
    }
228
    }
234
229
235
    /*
230
    /*
236
     * This is the same as testAcceptProtectedBasic (above), except
231
     * This is the same as testAcceptProtectedBasic (above), except
237
     * using white space around the password credential.
232
     * using white space around the password credential. The request
238
     *
233
     * is accepted.
239
     * The request is rejected with 401 SC_UNAUTHORIZED status.
240
     *
241
     * TODO: RFC2617 does not define the separation syntax between the
242
     *       auth-scheme and basic-credentials tokens. Tomcat should tolerate
243
     *       any reasonable amount of white space and return SC_OK.
244
     */
234
     */
245
    @Test
235
    @Test
246
    public void testPasswordExtraSpace() throws Exception {
236
    public void testPasswordExtraSpace() throws Exception {
247
        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, NO_CREDENTIALS,
237
        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, NO_CREDENTIALS,
248
                NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
238
                NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
249
        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, SPACED_PASSWORD,
239
        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, SPACED_PASSWORD,
250
                NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
240
                NO_COOKIES, HttpServletResponse.SC_OK);
251
    }
241
    }
252
242
253
    /*
243
    /*

Return to bug 55101