[seam-issues] [JBoss JIRA] Created: (JBSEAM-4799) International characters in login name with rememberMe in usernameOnly mode causes IllegalArgumentException

[Robert Raksi (JIRA)]

International characters in login name with rememberMe in usernameOnly mode causes IllegalArgumentException
-----------------------------------------------------------------------------------------------------------

                 Key: JBSEAM-4799
                 URL: https://issues.jboss.org/browse/JBSEAM-4799
             Project: Seam 2
          Issue Type: Bug
          Components: Security
    Affects Versions: 2.2.1.Final, 2.2.0.GA
         Environment: JBoss 5.1.0.GA
            Reporter: Robert Raksi


Using non english characters in the login name with rememberMe (usernameOnly) checked in causes an exception.

I checked the source, the problem is probably caused by the username not being base64 encoded/decoded.

The exception is:

{noformat}
Caused by: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value
        at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:389)
        at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:382)
        at org.apache.tomcat.util.http.ServerCookie.appendCookieValue(ServerCookie.java:288)
        at org.apache.catalina.connector.Response.addCookieInternal(Response.java:1026)
        at org.apache.catalina.connector.Response.addCookie(Response.java:978)
        at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:343)
        at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
        at org.ajax4jsf.webapp.FilterServletResponseWrapper.addCookie(FilterServletResponseWrapper.java:629)
        at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
        at org.jboss.seam.faces.Selector.setCookieValueIfEnabled(Selector.java:119)
        at org.jboss.seam.security.RememberMe$UsernameSelector.setCookieValueIfEnabled(RememberMe.java:70)
        at org.jboss.seam.security.RememberMe.postAuthenticate(RememberMe.java:363)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
        at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:144)
        at org.jboss.seam.Component.callComponentMethod(Component.java:2253)
        at org.jboss.seam.core.Events.raiseEvent(Events.java:85)
        at org.jboss.seam.security.Identity.postAuthenticate(Identity.java:397)
        at org.jboss.seam.security.Identity.authenticate(Identity.java:345)
        at org.jboss.seam.security.Identity.authenticate(Identity.java:332)
        at org.jboss.seam.security.Identity.login(Identity.java:259)
{noformat}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira