tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Auth Gábor <>
Subject Re: Basic Authentication Failed with multibyte username
Date Thu, 21 Jan 2010 14:16:02 GMT

Mark Thomas wrote:
>        OCTET          = <any 8-bit sequence of data>
>        CTL            = <any US-ASCII control character
>                         (octets 0 - 31) and DEL (127)>
> So actually, Tomcat is correct in the current treatment of credentials.
> Therefore, not a bug.

Yes, but the UTF-8 encoded text is contains any 8-bit sequence of data except 
control characters, so IMHO the UTF-8 encoded text is TEXT.
> Also André's comments regarding ISO-8859-1 were right if considering the
> actual user name and password rather than the header.

Yes, thats right. The default header encoding is ISO-8859-1.

> Supporting other encodings would be a useful enhancement but the default
> will have to be ISO-8859-1 to remain spec compliant. What the browsers
> will do for user names and passwords in other encodings is not defined
> so it will be a case of YMMV.

I've found some information about this issue:

So... this is the real chaos... :)

By the way, my users are not use HTML browsers, they are using JAX-WS in their 
client program, and the JAX-WS sends authentication data in UTF-8 (like 
Opera), because the default encoding is UTF-8 in the client JVM (and the 
server too).

Gábor Auth

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message