Return-Path: X-Original-To: apmail-shiro-dev-archive@www.apache.org Delivered-To: apmail-shiro-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 98E75E553 for ; Sun, 3 Feb 2013 04:44:16 +0000 (UTC) Received: (qmail 23571 invoked by uid 500); 3 Feb 2013 04:44:16 -0000 Delivered-To: apmail-shiro-dev-archive@shiro.apache.org Received: (qmail 23521 invoked by uid 500); 3 Feb 2013 04:44:14 -0000 Mailing-List: contact dev-help@shiro.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@shiro.apache.org Delivered-To: mailing list dev@shiro.apache.org Received: (qmail 23471 invoked by uid 99); 3 Feb 2013 04:44:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Feb 2013 04:44:12 +0000 Date: Sun, 3 Feb 2013 04:44:12 +0000 (UTC) From: "Les Hazlewood (JIRA)" To: dev@shiro.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (SHIRO-415) isLoginAttempt method in BasicHttpAuthenticationFilter class fails if used in any locale other than English MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/SHIRO-415?page=3Dcom.atlassian.= jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D13569= 702#comment-13569702 ]=20 Les Hazlewood commented on SHIRO-415: ------------------------------------- Great catch - thanks for the report! =20 > isLoginAttempt method in BasicHttpAuthenticationFilter class fails if use= d in any locale other than English > -------------------------------------------------------------------------= ---------------------------------- > > Key: SHIRO-415 > URL: https://issues.apache.org/jira/browse/SHIRO-415 > Project: Shiro > Issue Type: Bug > Components: Realms=20 > Affects Versions: 1.2.1 > Environment: Eclipse, netbeans, windows 7 Turkish > Reporter: Salih Cenap Baydar > Priority: Minor > Labels: i18n > Fix For: 1.2.2 > > Original Estimate: 24h > Remaining Estimate: 24h > > In isLoginAttempt method in BasicHttpAuthenticationFilter class fails if = used in any locale other than English. This happens because at the line Str= ing authzScheme =3D getAuthzScheme().toLowerCase(); , the toLowerCase metho= ds takes i18n into consideration. If the locale of the host is Turkish the = string "BASIC" becomes "bas=C4=B1c" but not "basic" (there is the letter "= =C4=B1" -lowercase i without the dot- in Turkish) So the comparison return= s false. The method fails. > The solution is pretty easy: > The two lines of the method "isLoginAttempt" in BasicHttpAuthenticationFi= lter class should be changed as below to make sure it works always the same= : > protected boolean isLoginAttempt(String authzHeader) { > String authzScheme =3D getAuthzScheme().toLowerCase(Locale.ENGLIS= H); > return authzHeader.toLowerCase(Locale.ENGLISH).startsWith(authzSc= heme); > } =20 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrato= rs For more information on JIRA, see: http://www.atlassian.com/software/jira