jdk-sandbox: comparison src/jdk.httpserver/share/classes/com/sun/net/httpserver/BasicAuthenticator.java

equal deleted inserted replaced

-:2227a0cfd6b3
+:78844dceede6
 * questions.
 */
 package com.sun.net.httpserver;
+import java.nio.charset.Charset;
 import java.util.Base64;
+import java.util.Objects;
+import static java.nio.charset.StandardCharsets.UTF_8;
 /**
 * BasicAuthenticator provides an implementation of HTTP Basic
 * authentication. It is an abstract class and must be extended
 * to provide an implementation of {@link #checkCredentials(String,String)}
 * which is called to verify each incoming request.
 */
 public abstract class BasicAuthenticator extends Authenticator {
-protected String realm;
+protected final String realm;
+protected final Charset charset;
+private final boolean isUTF8;
 /**
-* Creates a BasicAuthenticator for the given HTTP realm
+* Creates a BasicAuthenticator for the given HTTP realm.
+* The Basic authentication credentials (username and password) are decoded
+* using the platform's {@link Charset#defaultCharset() default character set}.
+*
 * @param realm The HTTP Basic authentication realm
-* @throws NullPointerException if the realm is an empty string
+* @throws NullPointerException if realm is {@code null}
+* @throws IllegalArgumentException if realm is an empty string
 */
 public BasicAuthenticator (String realm) {
+this(realm, Charset.defaultCharset());
+}
+/**
+* Creates a BasicAuthenticator for the given HTTP realm and using the
+* given {@link Charset} to decode the Basic authentication credentials
+* (username and password).
+*
+* @apiNote {@code UTF-8} is the recommended charset because its usage is
+* communicated to the client, and therefore more likely to be used also
+* by the client.
+*
+* @param realm The HTTP Basic authentication realm
+* @param charset The Charset to decode incoming credentials from the client
+* @throws NullPointerException if realm or charset are {@code null}
+* @throws IllegalArgumentException if realm is an empty string
+*/
+public BasicAuthenticator (String realm, Charset charset) {
+Objects.requireNonNull(charset);
+if (realm.isEmpty()) // implicit NPE check
+throw new IllegalArgumentException("realm must not be empty");
 this.realm = realm;
+this.charset = charset;
+this.isUTF8 = charset.equals(UTF_8);
 }
 /**
 * returns the realm this BasicAuthenticator was created with
 * @return the authenticator's realm string.
 * look for auth token
 */
 String auth = rmap.getFirst ("Authorization");
 if (auth == null) {
 Headers map = t.getResponseHeaders();
-map.set ("WWW-Authenticate", "Basic realm=" + "\""+realm+"\"");
+var authString = "Basic realm=" + "\"" + realm + "\"" +
+(isUTF8 ? " charset=\"UTF-8\"" : "");
+map.set ("WWW-Authenticate", authString);
 return new Authenticator.Retry (401);
 }
 int sp = auth.indexOf (' ');
 if (sp == -1 || !auth.substring(0, sp).equals ("Basic")) {
 return new Authenticator.Failure (401);
 }
 byte[] b = Base64.getDecoder().decode(auth.substring(sp+1));
-String userpass = new String (b);
+String userpass = new String (b, charset);
 int colon = userpass.indexOf (':');
 String uname = userpass.substring (0, colon);
 String pass = userpass.substring (colon+1);
 if (checkCredentials (uname, pass)) {

changeset 57838	78844dceede6
parent 47216	71c04702a3d5