Bug 40524 - request.getAuthType() returns different string from HttpServletRequest.CLIENT_CERT_AUTH
request.getAuthType() returns different string from HttpServletRequest.CLIENT...
Status: RESOLVED FIXED
Product: Tomcat 5
Classification: Unclassified
Component: Servlet & JSP API
5.5.12
Other Windows XP
: P2 major (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2006-09-16 01:49 UTC by Dario Andrade
Modified: 2007-01-14 07:30 UTC (History)
0 users



Attachments
Fix for CLIENT_CERT/CLIENT-CERT mismatch (818 bytes, patch)
2007-01-11 11:46 UTC, Chris Halstead
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dario Andrade 2006-09-16 01:49:08 UTC
using inspect:

request.getAuthType()
  (java.lang.String) CLIENT-CERT
	 
HttpServletRequest.CLIENT_CERT_AUTH
   (java.lang.String) CLIENT_CERT

api says they should be the same object (== should work)
Comment 1 Chris Halstead 2007-01-11 11:46:19 UTC
Created attachment 19396 [details]
Fix for CLIENT_CERT/CLIENT-CERT mismatch

The auth-methodType value 'CLIENT-CERT' is defined in the web-app DTDs and
XSDs, but HttpServletRequest.java uses 'CLIENT_CERT'.  The Tomcat internal
Request class correctly uses 'CLIENT-CERT'.  This patch fixes
HttpServletRequest to match the descriptor definition.
Comment 2 Mark Thomas 2007-01-13 19:48:41 UTC
-1 for this patch.

As per the spec:
CLIENT-CERT is for use in web.xml
CLIENT_CERT is the value of HttpServletRequest.CLIENT_CERT_AUTH and should be
returned by HttpServletRequest.getAuthType()

The bug that needs to be fixed is that HttpServletRequest.getAuthType() should
return CLIENT_CERT rather than CLIENT-CERT 
Comment 3 Mark Thomas 2007-01-14 07:30:24 UTC
I have committed an alternative fix. It will be in 5.5.21 onwards.