[jboss-jira] [JBoss JIRA] (WFLY-6823) Doesn't work using non-ASCII chars for username and/or password for BASIC authentication.

Jan Kalina (JIRA) issues at jboss.org
Mon Oct 16 07:36:00 EDT 2017 

    [ https://issues.jboss.org/browse/WFLY-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13476190#comment-13476190 ] 

Jan Kalina edited comment on WFLY-6823 at 10/16/17 7:35 AM:
------------------------------------------------------------

Source for reference: https://github.com/undertow-io/undertow/blob/7a2a32d7d47ca584566b3f7d05a1389c5aa0e111/core/src/main/java/io/undertow/security/impl/BasicAuthenticationMechanism.java#L233

-Need to note, when passwords are stored in hashes on the server, there would have to be stored hash for every supported encoding.-

-Just note, in Undertow (EAP) is this supported only by BASIC mechanism - not by DIGEST mechanism, so this would be new feature.-

Edit: sorry, I have overlooked this is aimed to BASIC - for that one this is possible


was (Author: honza889):
Source for reference: https://github.com/undertow-io/undertow/blob/7a2a32d7d47ca584566b3f7d05a1389c5aa0e111/core/src/main/java/io/undertow/security/impl/BasicAuthenticationMechanism.java#L233

Need to note, when passwords are stored in hashes on the server, there would have to be stored hash for every supported encoding.

Just note, in Undertow (EAP) is this supported only by BASIC mechanism - not by DIGEST mechanism, so this would be new feature.

> Doesn't work using non-ASCII chars for username and/or password for BASIC authentication.
> -----------------------------------------------------------------------------------------
>
>                 Key: WFLY-6823
>                 URL: https://issues.jboss.org/browse/WFLY-6823
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Hynek Švábek
>
> Doesn't work using non-ASCII chars for username and/or password for BASIC authentication.
> We noticed it when we looked on JIra issue https://issues.jboss.org/browse/JBEAP-3603.
> We JBoss EAP 7 expects encoded UTF-8 strings in code. But we didn't find any information about it in specification.
> It works with Chrome and Opera, but it doesn't work with Firefox.
> Since there is no documentation for this username/password limitation it can affect customers who want to use non-ASCII credentials.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list