tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Auth Gábor <auth.ga...@javaforum.hu>
Subject Re: Basic Authentication Failed with multibyte username
Date Thu, 21 Jan 2010 14:16:02 GMT
Hi,

Mark Thomas wrote:
>        OCTET          = <any 8-bit sequence of data>
>        CTL            = <any US-ASCII control character
>                         (octets 0 - 31) and DEL (127)>
> 
> So actually, Tomcat is correct in the current treatment of credentials.
> Therefore, not a bug.

Yes, but the UTF-8 encoded text is contains any 8-bit sequence of data except 
control characters, so IMHO the UTF-8 encoded text is TEXT.
 
> Also André's comments regarding ISO-8859-1 were right if considering the
> actual user name and password rather than the header.

Yes, thats right. The default header encoding is ISO-8859-1.

> Supporting other encodings would be a useful enhancement but the default
> will have to be ISO-8859-1 to remain spec compliant. What the browsers
> will do for user names and passwords in other encodings is not defined
> so it will be a case of YMMV.

I've found some information about this issue:
http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http-
basic-auth-username 

So... this is the real chaos... :)

By the way, my users are not use HTML browsers, they are using JAX-WS in their 
client program, and the JAX-WS sends authentication data in UTF-8 (like 
Opera), because the default encoding is UTF-8 in the client JVM (and the 
server too).

Gábor Auth

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message