Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 17700 invoked from network); 21 Jan 2010 11:24:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 21 Jan 2010 11:24:47 -0000 Received: (qmail 5072 invoked by uid 500); 21 Jan 2010 11:24:43 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 5006 invoked by uid 500); 21 Jan 2010 11:24:43 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 4995 invoked by uid 99); 21 Jan 2010 11:24:43 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jan 2010 11:24:43 +0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [81.103.221.47] (HELO mtaout01-winn.ispmail.ntl.com) (81.103.221.47) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jan 2010 11:24:33 +0000 Received: from know-smtpout-3.server.virginmedia.net ([62.254.123.3]) by mtaout01-winn.ispmail.ntl.com (InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id <20100121112412.UMMV4204.mtaout01-winn.ispmail.ntl.com@know-smtpout-3.server.virginmedia.net> for ; Thu, 21 Jan 2010 11:24:12 +0000 Received: from [12.42.129.178] (helo=s2-laptop.local) by know-smtpout-3.server.virginmedia.net with esmtpa (Exim 4.63) (envelope-from ) id 1NXv92-0004FX-HL for users@tomcat.apache.org; Thu, 21 Jan 2010 11:24:12 +0000 Message-ID: <4B58395A.4060009@apache.org> Date: Thu, 21 Jan 2010 06:24:10 -0500 From: Mark Thomas User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Basic Authentication Failed with multibyte username References: <201001211154.03045.auth.gabor@javaforum.hu> <4B583694.1070201@ice-sa.com> In-Reply-To: <4B583694.1070201@ice-sa.com> X-Enigmail-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Cloudmark-Analysis: v=1.1 cv=W3tOLUehizD4qj6VhtReFuw5MKb8d+XqjIxlDsIazEA= c=1 sm=0 a=zL-oSMo6FNEA:10 a=Ajq5yDwOria83hGtDwoA:9 a=Oh41zoR0BJhbz2gynCzueCXU-rIA:4 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117 X-Virus-Checked: Checked by ClamAV on apache.org On 21/01/2010 06:12, Andr� Warnier wrote: > Auth G�bor wrote: >> Hi, >> >> I've found a potential bug in the Basic Authentication module. I have >> users and some user's username is contains national characters >> (encoded in UTF-8). The HTTP header based authentication is fails when >> the username or the password contains multibyte characters. >> >> The root of the bug is the Base64 decoder, which decodes the Base64 >> stream to char array: converts each byte to individual char, this >> decode method corrupts the multibyte characters... >> > Hi. > Before declaring that this is a bug, I suggest that you read the other > thread entitled "mod_jk codepage in header values". > The main point is : according to the HTTP RFCs, a HTTP header value is > supposed to contain /only/ US-ASCII characters. Some byte values in > UTF-8 encoding are /not/ valid US-ASCII characters, so strictly speaking > and according to the RFC, HTTP headers which would contain them are > invalid. > It's a pain, but it's (probably) not a bug. In this case I think it is a bug. The authorisation header is base64 encoded so it is automatically compliant with RFC2616. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org