Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Question about AuthenticationProtocolHandler's Realm.
Any one can help? Really appreciate!

On Mon, Mar 23, 2015 at 12:20 PM, yang zhenyu <snyangzhenyu99@xxxxxxxxx> wrote:
Hi, Jetty-users,

I have a jetty project which needs to support spnego authentication, since Jetty now is still not officially support it, I implemented my own. However, i found that the current implementation of 
AuthenticationProtocolHandler.java put the realm information hard-coded in the regex pattern used for parsing authentication_token like below:

final Pattern AUTHENTICATE_PATTERN = Pattern.compile("([^\\s]+)\\s+realm=\"([^\"]+)\"(.*)", Pattern.CASE_INSENSITIVE);

this works well with jetty client but it caused the php and python clients failed since they don't expect realm info shoul be in the challenge sent back from the server and will consider it as part of the spnego token content.

May i know why jetty has this 'realm' hard-coded in the regex and is it possible to make it optional at least?

Thanks.

-Zhenyu

Back to the top