[seam-issues] [JBoss JIRA] Assigned: (SEAMSECURITY-14) RememberMe fails to add Cookie because of invalid Base64 encoding

Shane Bryzak (JIRA) jira-events at lists.jboss.org
Fri Jun 25 08:46:46 EDT 2010 

     [ https://jira.jboss.org/browse/SEAMSECURITY-14?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shane Bryzak reassigned SEAMSECURITY-14:
----------------------------------------

    Assignee: Shane Bryzak


> RememberMe fails to add Cookie because of invalid Base64 encoding
> -----------------------------------------------------------------
>
>                 Key: SEAMSECURITY-14
>                 URL: https://jira.jboss.org/browse/SEAMSECURITY-14
>             Project: Seam Security
>          Issue Type: Bug
>            Reporter: Florian Specker
>            Assignee: Shane Bryzak
>
> RememberMe.encodeToken() uses Base64 to encode Cookie values before actually adding the Cookie. For long usernames, a newline char (\n) is inserted, preventing the Cookie from being added.
> JBREM-806 addressed the same issue for JBoss remoting:
> [..]
> ---------
> Solution: org.jboss.util.Base64.encodeBytes() takes an optional "options" parameter, which, among other things, can indicate that Base64 encoded strings should not be broken into lines:
> change
>          String encoded = Base64.encodeBytes(buffer.toString().getBytes());
> to
>          String encoded = Base64.encodeBytes(buffer.toString().getBytes(), Base64.DONT_BREAK_LINES);
> [..]
> As a workaround, I subclassed RememberMe and overwrote encodeToken():
>     @Override
>     protected String encodeToken(String username, String value) {
>         StringBuilder sb = new StringBuilder();
>         sb.append(username);
>         sb.append(":");
>         sb.append(value);
>         // do not break lines - this results in invalid cookies
>         return Base64.encodeBytes(sb.toString().getBytes(), Base64.DONT_BREAK_LINES);
>     }

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list