[jbossweb-commits] JBossWeb SVN: r1445 - branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/authenticator.

Thursday, 22 April 2010


Author: remy.maucherat(a)jboss.com
Date: 2010-04-22 07:28:40 -0400 (Thu, 22 Apr 2010)
New Revision: 1445

Modified:
  
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/authenticator/BasicAuthenticator.java
  
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/authenticator/DigestAuthenticator.java
Log:
- Info leak.

Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/authenticator/BasicAuthenticator.java
===================================================================
---
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/authenticator/BasicAuthenticator.java	2010-04-21
22:28:31 UTC (rev 1444)
+++
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/authenticator/BasicAuthenticator.java	2010-04-22
11:28:40 UTC (rev 1445)
@@ -194,9 +194,7 @@
         CharChunk authenticateCC = authenticate.getCharChunk();
         authenticateCC.append("Basic realm=\"");
         if (config.getRealmName() == null) {
-            authenticateCC.append(request.getServerName());
-            authenticateCC.append(':');
-            authenticateCC.append(Integer.toString(request.getServerPort()));
+            authenticateCC.append("Realm");
         } else {
             authenticateCC.append(config.getRealmName());
         }

Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/authenticator/DigestAuthenticator.java
===================================================================
---
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/authenticator/DigestAuthenticator.java	2010-04-21
22:28:31 UTC (rev 1444)
+++
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/authenticator/DigestAuthenticator.java	2010-04-22
11:28:40 UTC (rev 1445)
@@ -406,8 +406,7 @@
         // Get the realm name
         String realmName = config.getRealmName();
         if (realmName == null)
-            realmName = request.getServerName() + ":"
-                + request.getServerPort();
+            realmName = "Realm";
 
         byte[] buffer = null;
         synchronized (md5Helper) {


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[jbossweb-commits] JBossWeb SVN: r1445 - branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/authenticator.