]
Aslak Knutsen updated ARQ-630:
------------------------------
Status: Resolved (was: Pull Request Sent)
Fix Version/s: tomcat_1.0.0.Final
Resolution: Done
pushed upstream
The default charset is used to encode the HTTP BASIC AUTH credentials
string into a sequence of bytes. ISO-8859-1 should be used for Tomcat
-------------------------------------------------------------------------------------------------------------------------------------------
Key: ARQ-630
URL:
https://issues.jboss.org/browse/ARQ-630
Project: Arquillian
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Tomcat Containers
Environment: Win 7 32-bit (Locale: en_IN, file.encoding = Cp1252), Apache Tomcat
7.0.14
Reporter: Vineet Reynolds
Assignee: Vineet Reynolds
Fix For: tomcat_1.0.0.Final
Tomcat decodes the Authorization HTTP header containing the HTTP BASIC authentication
credentials, using the ISO-8859-1 charset. On the contrary, Arquillian uses
{{Charset.defaultCharset}} to encode the supplied credentials, before Base64 encoding the
resulting byte array. This can result in a 401 error, when accessing the manager
application on Tomcat; the failure will occur when the credentials contain characters that
are encoded differently in ISO-8859-1 and the default charset of the environment. For
example, if the default charset is UTF-8, then credentials containing _ö_ will not be
accepted by Tomcat as _ö_ is encoded as 0xC3 0xB6 in UTF-8 and 0xF6 in ISO-8859-1.
The suggested fix is to use ISO-8859-1 in
{{CommonTomcatManager.constructHttpBasicAuthHeader()}} as listed:
{code:java}
// Set up an authorization header with our credentials
String credentials = configuration.getUser() + ":" +
configuration.getPass();
return "Basic "
+ new
String(Base64.encodeBase64(credentials.getBytes(Charset.forName("ISO-8859-1"))),
Charset.defaultCharset());
{code}
instead of the existing
{code:java}
// Set up an authorization header with our credentials
String credentials = configuration.getUser() + ":" +
configuration.getPass();
return "Basic "
+ new
String(Base64.encodeBase64(credentials.getBytes(Charset.defaultCharset())),
Charset.defaultCharset());
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: