[jboss-jira] [JBoss JIRA] Commented: (JBAS-7372) Base 64 encoded cookie containing '=' is getting truncated
Sangeetha Radhakrishnan (JIRA)
jira-events at lists.jboss.org
Thu Oct 15 08:38:05 EDT 2009
[ https://jira.jboss.org/jira/browse/JBAS-7372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12490005#action_12490005 ]
Sangeetha Radhakrishnan commented on JBAS-7372:
-----------------------------------------------
Darryl,
Thanks for the reply. Could you please let me know is it possible to intercept the JBoss request? Now I am trying to change the invalid cookie characters created by ASP.NET is before JBoss creates request object, I am planning to intercept the request either try to modify the AuthNCookie (adding \" begninig aswellas at the end) or to create another valid cookie from AuthNCookie which my application can use it for authentication.
Do you know any reference link to do the above.
Cookie created by (ASP.NET) application:
1. C0jlJ6NUwMp9z+C74zlEFuObMKeu7QQeDb5mLuOjJrne4QGhSIaABHaeS8CxrRGWexwBKrjnSkCt/QNdoSNs38HHq09BzGHkLHVFWZKe4dqBWZEpBNYlWEafpdGbv+kCIP7w574Sv84O+t16zNqsueAA94lROtqsD8Y4+wjqeXXaEpqcFWHJqGRlvehPwEfRucBHsMyTyO4AAAAAAAAAAA==
2. PuwwS7rS/sYPKC5Cfn6bL78qsSTGXnQciN+5k0Q+Iz1+FQ7fL5qIYo6iOBYS0jEnzBfTigFyp5bPciaYOWNh4vo4XHij3eR8GYW/+gj7OswtYxfLuNVmX2VzUath+EDbfLgZ9W+cf5jznchmAB5yRvLFQVXTmuN2kLFZPWc0eehdxAHapA+4dYmXVp5N1uCo5uOLXvn57K8sAAAAAAAAAAA=
Cookie received using Servlet API:
1. C0jlJ6NUwMp9z+C74zlEFuObMKeu7QQeDb5mLuOjJrne4QGhSIaABHaeS8CxrRGWexwBKrjnSkCt/QNdoSNs38HHq09BzGHkLHVFWZKe4dqBWZEpBNYlWEafpdGbv+kCIP7w574Sv84O+t16zNqsueAA94lROtqsD8Y4+wjqeXXaEpqcFWHJqGRlvehPwEfRucBHsMyTyO4AAAAAAAAAAA
2. PuwwS7rS/sYPKC5Cfn6bL78qsSTGXnQciN+5k0Q+Iz1+FQ7fL5qIYo6iOBYS0jEnzBfTigFyp5bPciaYOWNh4vo4XHij3eR8GYW/+gj7OswtYxfLuNVmX2VzUath+EDbfLgZ9W+cf5jznchmAB5yRvLFQVXTmuN2kLFZPWc0eehdxAHapA+4dYmXVp5N1uCo5uOLXvn57K8sAAAAAAAAAAA
Thanks!
> Base 64 encoded cookie containing '=' is getting truncated
> ----------------------------------------------------------
>
> Key: JBAS-7372
> URL: https://jira.jboss.org/jira/browse/JBAS-7372
> Project: JBoss Application Server
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: JBossAS-5.1.0.GA
> Environment: WinXP + JBoss 5.1.0 GA
> Windows 2003 IIS 6.0 used to create cookie
> Reporter: Sangeetha Radhakrishnan
>
> Hi,
> My application running in JBoss 5.1.0 GA has to do authentication using Base 64 encoded cookie which is created by another 3rd party application running on IIS. While reading the cookie from the request object, the '=' got truncated, as JBoss 5.1.0 GA considering it as invalid cookie character. I cann't change the '=' to some other characters like '_' before adding the cookie, becuase the cookie was created by 3rd party appliation which is running on IIS. Even I have tried by setting the STRICT_SERVLET_COMPLIANCE=false, it is not switching the invalid cookie characters to valid cookie character if cookie is created by another application running on IIS.
> Steps to re-produce:
> 1. Write an application called 'dotNetApp1' to Create cookie called "AthuNCookie".
> 2. Deploy this application on IIS 6.0
> 3. Write a simple WebApplication called 'javaApp1' to read the "AthuNCookie" from the browser/request object.
> 4. Deploy this web application in JBoss 5.1.0 GA.
> 5. Access "http://hostname/dotNetApp1" - this will create 'AuthNCookie" in the browser.
> 6. In the same browser, change the URL to "http://hostname:8080/javaApp1" to read the "AuthNCookie"
> Could you please let me know is JBoss patch available for this issue or any work-around also will be fine.
> In case if patch or work-around is not available, let me know Which JBoss version consider '=' as valid cookie character.
> Thank You!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list