[arquillian-issues] [JBoss JIRA] (ARQ-630) The default charset is used to encode the HTTP BASIC AUTH credentials string into a sequence of bytes. ISO-8859-1 should be used for Tomcat
Aslak Knutsen (JIRA)
jira-events at lists.jboss.org
Thu Feb 23 07:50:41 EST 2012
[ https://issues.jboss.org/browse/ARQ-630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aslak Knutsen updated ARQ-630:
------------------------------
Fix Version/s: tomcat_1.0.0.CR3
(was: tomcat_1.0.0.Final)
> The default charset is used to encode the HTTP BASIC AUTH credentials string into a sequence of bytes. ISO-8859-1 should be used for Tomcat
> -------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: ARQ-630
> URL: https://issues.jboss.org/browse/ARQ-630
> Project: Arquillian
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Tomcat Containers
> Environment: Win 7 32-bit (Locale: en_IN, file.encoding = Cp1252), Apache Tomcat 7.0.14
> Reporter: Vineet Reynolds
> Assignee: Vineet Reynolds
> Fix For: tomcat_1.0.0.CR3
>
>
> Tomcat decodes the Authorization HTTP header containing the HTTP BASIC authentication credentials, using the ISO-8859-1 charset. On the contrary, Arquillian uses {{Charset.defaultCharset}} to encode the supplied credentials, before Base64 encoding the resulting byte array. This can result in a 401 error, when accessing the manager application on Tomcat; the failure will occur when the credentials contain characters that are encoded differently in ISO-8859-1 and the default charset of the environment. For example, if the default charset is UTF-8, then credentials containing _ö_ will not be accepted by Tomcat as _ö_ is encoded as 0xC3 0xB6 in UTF-8 and 0xF6 in ISO-8859-1.
> The suggested fix is to use ISO-8859-1 in {{CommonTomcatManager.constructHttpBasicAuthHeader()}} as listed:
> {code:java}
> // Set up an authorization header with our credentials
> String credentials = configuration.getUser() + ":" + configuration.getPass();
> return "Basic "
> + new String(Base64.encodeBase64(credentials.getBytes(Charset.forName("ISO-8859-1"))), Charset.defaultCharset());
> {code}
> instead of the existing
> {code:java}
> // Set up an authorization header with our credentials
> String credentials = configuration.getUser() + ":" + configuration.getPass();
> return "Basic "
> + new String(Base64.encodeBase64(credentials.getBytes(Charset.defaultCharset())), Charset.defaultCharset());
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the arquillian-issues
mailing list