tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Vávra <va...@602.cz>
Subject Re: FORM based authentication and utf-8 encoding of credentials
Date Mon, 24 Jun 2013 11:52:16 GMT
Well, it is custom created and managed xml file.
But the core of problem is in the string credentials in method public 
Principal authenticate(String username, String credentials).
If the string was encoded properly (in java as utf-16) the 
credentials.length would be equal to 11 but its real length is 14. And 
that corresponds to the fact that in credentials is stored some form of 
utf-8 encoding.
Utf-8 encoding string "ŽežUlička.1" has length 14. +1 for each letter: 
Ž,ž,č.

Jan.
> Where do you store your login/password : DB ? xml file ? encrypted in xml file ?
>
>
>
> ________________________________________
> De : Jan Vávra [vavra@602.cz]
> Envoyé : lundi 24 juin 2013 13:36
> À : Tomcat Users List
> Objet : FORM based authentication and utf-8 encoding of credentials
>
> Hello,
>    I'm successfully using form based authenntication when login or
> password contains only letters from English alphabet. I have also
> written own realm.
>
> When I create user with password with czech String "ŽežUlička.1" the
> browser sends correctly this string as:
>
> POST http://localhost:70/myapp/j_security_check HTTP/1.1
> Content-Type: application/x-www-form-urlencoded
>
> j_username=p&j_password=%C5%BDe%C5%BEUli%C4%8Dka.1
>
> The first letter "Ž" is really encoded in the utf-8 as bytes in hexa C5, BD.
> But in the method public Principal authenticate(String username, String
> credentials) the parameter credentials has first two bytes C3, 85.
>
> In my login.jsp I have these relevant parts:
> <%
>     request.setCharacterEncoding("UTF-8");
> %>
> <html>
>     <head>
>       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
> ...
> <form method="POST" action="j_security_check" accept-charset="utf-8">
>
> and also tomcat is telling in the http response header:
> Content-Type: text/html;charset=UTF-8
>
>
> But nothing of it forced Tomcat to translate password correctly from
> utf-8 string.
> Even the manual reencoding in authenticate(.) doesn't help:
> credentials = new String(credentials.getBytes(),"utf-8")
> Because the received bytes of first letter are C3, 85 instead of
> expected C5, BD.
>
> Any idea how to tell tomcat to use utf-8 in form based authentication?
> It's tomcat 7.0.34 on Czech Windows 7 32 bit with default ansi code page
> set as Windows-1250.
>
> Thanks
> Jan.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message