Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGreg Wilkins2016-02-03 08:26:58 -0500
committerGreg Wilkins2016-02-03 08:28:08 -0500
commitf2e71a2ddedd7938b9a0554a989d3c9cd69f4bed (patch)
tree1ee6f8c651f2ddc9e95550acde0aea75158ef43f
parent1b7045babd2926d5ae4fba03ea124d695533a28c (diff)
downloadorg.eclipse.jetty.project-f2e71a2ddedd7938b9a0554a989d3c9cd69f4bed.tar.gz
org.eclipse.jetty.project-f2e71a2ddedd7938b9a0554a989d3c9cd69f4bed.tar.xz
org.eclipse.jetty.project-f2e71a2ddedd7938b9a0554a989d3c9cd69f4bed.zip
485306 - HttpParser (HttpURI) mistaking basic auth password as a port number
Added support for a password and a getUser() method
-rw-r--r--jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java19
-rw-r--r--jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java10
2 files changed, 28 insertions, 1 deletions
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java
index 3062145dfc..fe3768bc24 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java
@@ -333,6 +333,8 @@ public class HttpURI
state=State.PORT;
break;
case '@':
+ if (_user!=null)
+ throw new IllegalArgumentException("Bad authority");
_user=uri.substring(mark,i);
mark=i+1;
break;
@@ -371,7 +373,16 @@ public class HttpURI
case PORT:
{
- if (c=='/')
+ if (c=='@')
+ {
+ if (_user!=null)
+ throw new IllegalArgumentException("Bad authority");
+ // It wasn't a port, but a password!
+ _user=_host+":"+uri.substring(mark,i);
+ mark=i+1;
+ state=State.HOST;
+ }
+ else if (c=='/')
{
_port=TypeUtil.parseInt(uri,mark,i-mark,10);
path_mark=mark=i;
@@ -744,6 +755,12 @@ public class HttpURI
return _host+":"+_port;
return _host;
}
+
+ /* ------------------------------------------------------------ */
+ public String getUser()
+ {
+ return _user;
+ }
}
diff --git a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java
index d308cde3b5..74c6feedde 100644
--- a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java
+++ b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpURITest.java
@@ -22,6 +22,7 @@ package org.eclipse.jetty.http;
import static org.junit.Assert.*;
import java.io.UnsupportedEncodingException;
+import java.net.URI;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
@@ -193,4 +194,13 @@ public class HttpURITest
assertEquals("http:/path/info",uri.toString());
}
+
+ @Test
+ public void testBasicAuthCredentials() throws Exception
+ {
+ HttpURI uri = new HttpURI("http://user:password@example.com:8888/blah");
+ assertEquals("http://user:password@example.com:8888/blah", uri.toString());
+ assertEquals(uri.getAuthority(), "example.com:8888");
+ assertEquals(uri.getUser(), "user:password");
+ }
}

Back to the top