portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r475514 - /portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
Date Thu, 16 Nov 2006 01:09:07 GMT
Author: ate
Date: Wed Nov 15 17:09:06 2006
New Revision: 475514

URL: http://svn.apache.org/viewvc?view=rev&rev=475514
Log:
Fixing a very obscure problem when using PostgreSQL (with default UTF-8 encoding)
The PersistenceBrokerSSOProvider uses xor to scramble passwords which can result in UTF-8
0x00 characters.
Java uses a non-standard UTF-8 encoding which can lead to:
  org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
See: http://en.wikipedia.org/wiki/UTF-8#Java
Solved by encoding the resulting xored password in Base64
Now finally all testcases work with PostgreSQL again

Modified:
    portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java

Modified: portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java?view=diff&rev=475514&r1=475513&r2=475514
==============================================================================
--- portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
(original)
+++ portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
Wed Nov 15 17:09:06 2006
@@ -65,6 +65,7 @@
 import org.apache.ojb.broker.query.QueryFactory;
 
 // HTTPClient imports
+import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.httpclient.Cookie;
 import org.apache.commons.httpclient.Header;
 import org.apache.commons.httpclient.HttpClient;
@@ -1421,12 +1422,17 @@
     
     private String scramble(String pwd)
     {
-    	return new String( xor(pwd.toCharArray(), scrambler));
+        // xor-ing persistent String values is dangerous because of the (uncommon) way Java
encodes UTF-8 0x00 (and some other characters).
+        // See: http://en.wikipedia.org/wiki/UTF-8#Java
+        // On some database platforms, like PostgreSQL this can lead to something like:
+        //   org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding
"UTF8": 0x00
+        // To prevent this, the resulting xored password is encoded in Base64
+        return new String( Base64.encodeBase64(new String( xor(pwd.toCharArray(), scrambler)
).getBytes() ) );
     }
     
     private String unscramble(String pwd)
     {
-    	return new String(xor(pwd.toCharArray(),scrambler));
+        return new String(xor(Base64.decodeBase64(pwd.getBytes()).toString().toCharArray(),scrambler));
     }
     
     private char[] xor(char[] a, char[]b)



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message