DO NOT REPLY [Bug 48587] New: Basic Authentication failed with multibyte username

bugzilla Thu, 21 Jan 2010 05:00:59 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=48587


           Summary: Basic Authentication failed with multibyte username
           Product: Tomcat 6
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: auth.ga...@javaforum.hu


Created an attachment (id=24876)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=24876)
Base64 and BasicAuthentication patch

I've found a potential bug in the Basic Authentication module. I have users 
and some user's username is contains national characters (encoded in UTF-8). 
The HTTP header based authentication is fails when the username or the 
password contains multibyte characters.

The root of the bug is the Base64 decoder, which decodes the Base64 stream to 
char array: converts each byte to individual char, this decode method corrupts 
the multibyte characters...

The patch converts the Base64 input to byte array instead char array, and
converts this byte array to String - with the encoding which specified in the
JVM. The patch is not beautiful :), and I've tested it only in a JBoss 5.1.0.GA
application server (it uses catalina).

More information about the issue: 
http://mail-archives.apache.org/mod_mbox/tomcat-users/201001.mbox/%3c201001211154.03045.auth.ga...@javaforum.hu%3e

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 48587] New: Basic Authentication failed with multibyte username

Reply via email to