[jboss-jira] [JBoss JIRA] Commented: (JBAS-7372) Base 64 encoded cookie containing '=' is getting truncated

Sangeetha Radhakrishnan (JIRA) jira-events at lists.jboss.org
Fri Oct 23 01:01:10 EDT 2009 

    [ https://jira.jboss.org/jira/browse/JBAS-7372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12491090#action_12491090 ] 

Sangeetha Radhakrishnan commented on JBAS-7372:
-----------------------------------------------

Hi Darryl,

Thanks for the work-around.  Using this work-around temporarly I have fixed the issue. I have done the following as work-around this issue:

private String convertToValidBase64Encode(String cookieParam)
	{
		switch(cookieParam.length()%4)
		{
		case 3:
			cookieParam=cookieParam+"=";
			break;
		case 2:
			cookieParam=cookieParam+"==";
			break;
		case 1:
			cookieParam=cookieParam+"===";
			break;
		default:
			System.out.println("Default: the cookieParam value is--"+cookieParam);
		}
		return cookieParam;
	}

I have tried to read the cookie from request object using the latest Tomcat Version 6.0.20 , it did not resolve my issue.  The '=' in  cookie value got truncated. 

> Base 64 encoded cookie containing '=' is getting truncated
> ----------------------------------------------------------
>
>                 Key: JBAS-7372
>                 URL: https://jira.jboss.org/jira/browse/JBAS-7372
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions: JBossAS-5.1.0.GA
>         Environment: WinXP + JBoss 5.1.0 GA
> Windows 2003 IIS 6.0 used to create cookie
>            Reporter: Sangeetha Radhakrishnan
>
> Hi,
> My application running in JBoss 5.1.0 GA has to do authentication using Base 64 encoded cookie which is created by another 3rd party application running on IIS. While reading the cookie from the request object, the '=' got truncated, as JBoss 5.1.0 GA considering it as invalid cookie character. I cann't change the  '=' to some other characters like '_' before adding the cookie, becuase the cookie was created by 3rd party appliation which is running on IIS. Even I have tried by setting the STRICT_SERVLET_COMPLIANCE=false, it is not switching the invalid cookie characters to valid cookie character if cookie is created by another application running on IIS.
> Steps to re-produce:
> 1. Write an application called 'dotNetApp1' to Create cookie called "AthuNCookie".
> 2. Deploy this application on IIS 6.0
> 3. Write a simple WebApplication called 'javaApp1' to read the "AthuNCookie" from the browser/request object.
> 4. Deploy this web application in JBoss 5.1.0 GA. 
> 5. Access "http://hostname/dotNetApp1" - this will create 'AuthNCookie" in the browser.
> 6. In the same browser, change the URL to "http://hostname:8080/javaApp1" to read the "AuthNCookie"
> Could you please let me know is JBoss patch available for this issue or any work-around also will be fine.
> In case if patch or work-around is not available, let me know Which JBoss version consider '=' as valid cookie character.
> Thank You!

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list