tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Auth Gábor <>
Subject Re: Basic Authentication Failed with multibyte username
Date Thu, 21 Jan 2010 11:23:35 GMT

André Warnier wrote:
>> I've found a potential bug in the Basic Authentication module. I have
>> users and some user's username is contains national characters (encoded
>> in UTF-8). The HTTP header based authentication is fails when the
>> username or the password contains multibyte characters.
>> The root of the bug is the Base64 decoder, which decodes the Base64
>> stream to char array: converts each byte to individual char, this decode
>> method corrupts the multibyte characters... 
> Before declaring that this is a bug, I suggest that you read the other
> thread entitled "mod_jk codepage in header values".

  I've read that.

> The main point is : according to the HTTP RFCs, a HTTP header value is
> supposed to contain /only/ US-ASCII characters. Some byte values in
> UTF-8 encoding are /not/ valid US-ASCII characters, so strictly speaking
> and according to the RFC, HTTP headers which would contain them are
>  invalid. It's a pain, but it's (probably) not a bug.

Hmm... the Basic Authorization header like this:
Authorization: BASIC w7pzZXJfMDA3MjpqZWxzem8xMkFB                                        

Where do you see non US-ASCII character in the header? :)

Gábor Auth

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message