[arquillian-issues] [JBoss JIRA] (ARQ-630) The default charset is used to encode the HTTP BASIC AUTH credentials string into a sequence of bytes. ISO-8859-1 should be used for Tomcat

Aslak Knutsen (JIRA) jira-events at lists.jboss.org
Thu Feb 23 07:50:41 EST 2012 

     [ https://issues.jboss.org/browse/ARQ-630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Aslak Knutsen updated ARQ-630:
------------------------------

    Fix Version/s: tomcat_1.0.0.CR3
                       (was: tomcat_1.0.0.Final)

    
> The default charset is used to encode the HTTP BASIC AUTH credentials string into a sequence of bytes. ISO-8859-1 should be used for Tomcat
> -------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ARQ-630
>                 URL: https://issues.jboss.org/browse/ARQ-630
>             Project: Arquillian
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Tomcat Containers
>         Environment: Win 7 32-bit (Locale: en_IN, file.encoding = Cp1252), Apache Tomcat 7.0.14
>            Reporter: Vineet Reynolds
>            Assignee: Vineet Reynolds
>             Fix For: tomcat_1.0.0.CR3
>
>
> Tomcat decodes the Authorization HTTP header containing the HTTP BASIC authentication credentials, using the ISO-8859-1 charset. On the contrary, Arquillian uses {{Charset.defaultCharset}} to encode the supplied credentials, before Base64 encoding the resulting byte array. This can result in a 401 error, when accessing the manager application on Tomcat; the failure will occur when the credentials contain characters that are encoded differently in ISO-8859-1 and the default charset of the environment. For example, if the default charset is UTF-8, then credentials containing _ö_ will not be accepted by Tomcat as _ö_ is encoded as 0xC3 0xB6 in UTF-8 and 0xF6 in ISO-8859-1.
> The suggested fix is to use ISO-8859-1 in {{CommonTomcatManager.constructHttpBasicAuthHeader()}} as listed:
> {code:java}
>       // Set up an authorization header with our credentials
>       String credentials = configuration.getUser() + ":" + configuration.getPass();
>       return "Basic "
>                 + new String(Base64.encodeBase64(credentials.getBytes(Charset.forName("ISO-8859-1"))), Charset.defaultCharset());
> {code}
> instead of the existing
> {code:java}
>       // Set up an authorization header with our credentials
>       String credentials = configuration.getUser() + ":" + configuration.getPass();
>       return "Basic "
>                 + new String(Base64.encodeBase64(credentials.getBytes(Charset.defaultCharset())), Charset.defaultCharset());
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the arquillian-issues mailing list