69a70 > import java.util.StringTokenizer; 243,265c244 < < // Parse the authentication scheme from the challenge < // TODO: Use regular expression pattern matching to parse the challenge < int space = challenge.indexOf(' '); < if(space < 0) { < throw new HttpException("Authentication challenge \'" + challenge + "\'does not contain an authentication scheme"); < } < String authScheme = challenge.substring(0, space); < < // Parse the realm from the authentication challenge < // FIXME: Note that this won't work if there is more than one realm within the challenge < if (challenge.length() < space + 1) { < throw new HttpException("Unable to parse authentication challenge \"" + challenge + "\", expected realm"); < } < String realmstr = challenge.substring(space+1, challenge.length()); < realmstr.trim(); < if (realmstr.length() < "realm=\"\"".length()) { < throw new HttpException("Unable to parse authentication challenge \"" + challenge + "\", expected realm"); < } < String realm = realmstr.substring("realm=\"".length(), realmstr.length()-1); < log.debug("Parsed realm \"" + realm + "\" from challenge \"" + challenge + "\"."); < < // Check for the authentication type, and add header if necessisary --- > // the request header 267,268d245 < if ("basic".equalsIgnoreCase(authScheme)) { // Basic authentication < requestHeader = Authenticator.basic(realm, state, respHeader); 270,271c247,267 < } else if ("digest".equalsIgnoreCase(authScheme)) { // Digest authentication < requestHeader = Authenticator.digest(realm, method, state, respHeader); --- > StringTokenizer st = new StringTokenizer(challenge, ","); > while(st.hasMoreTokens()) { > challenge = st.nextToken().trim(); > > log.debug("Attempting to authenticate as : " + challenge); > > // Parse the authentication scheme from the challenge > StringTokenizer stt = new StringTokenizer(challenge, " \t"); > String authScheme = stt.nextToken(); > > if("basic".equalsIgnoreCase(authScheme) || "digest".equalsIgnoreCase(authScheme)) { > // Parse the realm from the authentication challenge > if(!stt.hasMoreTokens()) { > throw new HttpException("Unable to parse authentication challenge \"" + challenge + "\", expected realm"); > } > String realmstr = stt.nextToken().trim(); > if (realmstr.length() < "realm=\"\"".length()) { > throw new HttpException("Unable to parse authentication challenge \"" + challenge + "\", expected realm"); > } > String realm = realmstr.substring("realm=\"".length(), realmstr.length()-1); > log.debug("Parsed realm \"" + realm + "\" from challenge \"" + challenge + "\"."); 273,274c269,283 < } else { // unrecognized authentication < throw new UnsupportedOperationException("Authentication type \"" + authScheme + "\" is not recognized."); --- > // Check for the authentication type, and add header if necessisary > if ("basic".equalsIgnoreCase(authScheme)) { // Basic authentication > requestHeader = Authenticator.basic(realm, state, respHeader); > break; > > } else if ("digest".equalsIgnoreCase(authScheme)) { // Digest authentication > requestHeader = Authenticator.digest(realm, method, state, respHeader); > break; > } > } > else { > if(log.isInfoEnabled()) { > log.info("Authentication type \"" + authScheme + "\" is not recognized."); > } > }