[arquillian-issues] [JBoss JIRA] (ARQ-630) The default charset is used to encode the HTTP BASIC AUTH credentials string into a sequence of bytes. ISO-8859-1 should be used for Tomcat

Vineet Reynolds (Updated) (JIRA) jira-events at lists.jboss.org
Mon Oct 17 05:51:45 EDT 2011 

     [ https://issues.jboss.org/browse/ARQ-630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vineet Reynolds updated ARQ-630:
--------------------------------

              Status: Pull Request Sent  (was: Open)
    Git Pull Request: https://github.com/arquillian/arquillian-container-tomcat/pull/13


Pull request submitted. An improvement of the proposed fix in JIRA is present in the pull request.

Unit tests have also been amended to use ISO-8859-1 credentials in arquillian.xml for testing; credentials in ASCII will continue to work.
                
> The default charset is used to encode the HTTP BASIC AUTH credentials string into a sequence of bytes. ISO-8859-1 should be used for Tomcat
> -------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ARQ-630
>                 URL: https://issues.jboss.org/browse/ARQ-630
>             Project: Arquillian
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Tomcat Containers
>         Environment: Win 7 32-bit (Locale: en_IN, file.encoding = Cp1252), Apache Tomcat 7.0.14
>            Reporter: Vineet Reynolds
>            Assignee: Vineet Reynolds
>
> Tomcat decodes the Authorization HTTP header containing the HTTP BASIC authentication credentials, using the ISO-8859-1 charset. On the contrary, Arquillian uses {{Charset.defaultCharset}} to encode the supplied credentials, before Base64 encoding the resulting byte array. This can result in a 401 error, when accessing the manager application on Tomcat; the failure will occur when the credentials contain characters that are encoded differently in ISO-8859-1 and the default charset of the environment. For example, if the default charset is UTF-8, then credentials containing _ö_ will not be accepted by Tomcat as _ö_ is encoded as 0xC3 0xB6 in UTF-8 and 0xF6 in ISO-8859-1.
> The suggested fix is to use ISO-8859-1 in {{CommonTomcatManager.constructHttpBasicAuthHeader()}} as listed:
> {code:java}
>       // Set up an authorization header with our credentials
>       String credentials = configuration.getUser() + ":" + configuration.getPass();
>       return "Basic "
>                 + new String(Base64.encodeBase64(credentials.getBytes(Charset.forName("ISO-8859-1"))), Charset.defaultCharset());
> {code}
> instead of the existing
> {code:java}
>       // Set up an authorization header with our credentials
>       String credentials = configuration.getUser() + ":" + configuration.getPass();
>       return "Basic "
>                 + new String(Base64.encodeBase64(credentials.getBytes(Charset.defaultCharset())), Charset.defaultCharset());
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the arquillian-issues mailing list