[jbpm-issues] [JBoss JIRA] Commented: (JBPM-2876) Password encoding for login to console

Wednesday, 8 September 2010

    [
https://jira.jboss.org/browse/JBPM-2876?page=com.atlassian.jira.plugin.sy...
] 

Mike M commented on JBPM-2876:
------------------------------

To be more specific about the above error - it is always reproducible when the '%'
is the last character of the password entered.

I have also discovered similar problems occur when there is an ampersand (&) in the
password.

...
 Password encoding for login to console
 --------------------------------------

                 Key: JBPM-2876
                 URL: https://jira.jboss.org/browse/JBPM-2876
             Project: jBPM
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
          Components: Console
    Affects Versions: jBPM 4.3
            Reporter: Mike M
            Priority: Optional
             Fix For: jBPM 4.x

 When logging into the console, if a user's password includes a '%' (percent)
symbol, the following error shows up in the server log and GWT shows an
"authentication failed" error message.
 06-01 12:03:22,412 WARN  [org.apache.tomcat.util.http.Parameters]
(http-stinger%2F10.20.36.59-8080-1) Parameters: Character decoding failed. Parameter
skipped.
 java.io.CharConversionException: isHexDigit
        at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:88)
        at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:49)
        at org.apache.tomcat.util.http.Parameters.urlDecode(Parameters.java:429)
        at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:412)
        at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:363)
        at org.apache.catalina.connector.Request.parseParameters(Request.java:2562)
        at org.apache.catalina.connector.Request.getParameter(Request.java:1060)
        at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:254)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
        at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
        at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
        at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
        at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:619)
 Here are some relevant links:

http://ninadgawad.wordpress.com/2008/08/21/character-decoding-error-while...
 http://www.mail-archive.com/users@tomcat.apache.org/msg36743.html
 http://www.mail-archive.com/users@tomcat.apache.org/msg36744.html 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[jbpm-issues] [JBoss JIRA] Commented: (JBPM-2876) Password encoding for login to console