tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Basic Authentication Failed with multibyte username
Date Thu, 21 Jan 2010 11:12:20 GMT
Auth Gábor wrote:
> Hi,
> I've found a potential bug in the Basic Authentication module. I have users 
> and some user's username is contains national characters (encoded in UTF-8). 
> The HTTP header based authentication is fails when the username or the 
> password contains multibyte characters.
> The root of the bug is the Base64 decoder, which decodes the Base64 stream to 
> char array: converts each byte to individual char, this decode method corrupts 
> the multibyte characters...
Before declaring that this is a bug, I suggest that you read the other 
thread entitled "mod_jk codepage in header values".
The main point is : according to the HTTP RFCs, a HTTP header value is 
supposed to contain /only/ US-ASCII characters. Some byte values in 
UTF-8 encoding are /not/ valid US-ASCII characters, so strictly speaking 
and according to the RFC, HTTP headers which would contain them are invalid.
It's a pain, but it's (probably) not a bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message