[JBoss JIRA] Created: (JBSEAM-4799) International characters in login name with rememberMe in usernameOnly mode causes IllegalArgumentException

Thursday, 7 April 2011

International characters in login name with rememberMe in usernameOnly mode causes
IllegalArgumentException
-----------------------------------------------------------------------------------------------------------

                 Key: JBSEAM-4799
                 URL: https://issues.jboss.org/browse/JBSEAM-4799
             Project: Seam 2
          Issue Type: Bug
          Components: Security
    Affects Versions: 2.2.1.Final, 2.2.0.GA
         Environment: JBoss 5.1.0.GA
            Reporter: Robert Raksi

Using non english characters in the login name with rememberMe (usernameOnly) checked in
causes an exception.

I checked the source, the problem is probably caused by the username not being base64
encoded/decoded.

The exception is:

{noformat}
Caused by: java.lang.IllegalArgumentException: Control character in cookie value, consider
BASE64 encoding your value
        at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:389)
        at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:382)
        at
org.apache.tomcat.util.http.ServerCookie.appendCookieValue(ServerCookie.java:288)
        at org.apache.catalina.connector.Response.addCookieInternal(Response.java:1026)
        at org.apache.catalina.connector.Response.addCookie(Response.java:978)
        at
org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:343)
        at
javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
        at
org.ajax4jsf.webapp.FilterServletResponseWrapper.addCookie(FilterServletResponseWrapper.java:629)
        at
javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
        at org.jboss.seam.faces.Selector.setCookieValueIfEnabled(Selector.java:119)
        at
org.jboss.seam.security.RememberMe$UsernameSelector.setCookieValueIfEnabled(RememberMe.java:70)
        at org.jboss.seam.security.RememberMe.postAuthenticate(RememberMe.java:363)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
        at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:144)
        at org.jboss.seam.Component.callComponentMethod(Component.java:2253)
        at org.jboss.seam.core.Events.raiseEvent(Events.java:85)
        at org.jboss.seam.security.Identity.postAuthenticate(Identity.java:397)
        at org.jboss.seam.security.Identity.authenticate(Identity.java:345)
        at org.jboss.seam.security.Identity.authenticate(Identity.java:332)
        at org.jboss.seam.security.Identity.login(Identity.java:259)
{noformat}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006