tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: FORM based authentication and utf-8 encoding of credentials
Date Mon, 24 Jun 2013 13:29:17 GMT
On 24/06/2013 12:52, Jan Vávra wrote:

>> Hello,
>>    I'm successfully using form based authenntication when login or
>> password contains only letters from English alphabet.

OK. That means you've got the basics set up correctly.

>> I have also written own realm.

I'd suggest testing with the default UserDatabaseRealm to rule out any
issues with your custom Realm. I suspect the issues are elsewhere but I
still do this to be sure.

>> When I create user with password with czech String "ŽežUlička.1" the
>> browser sends correctly this string as:
>> POST http://localhost:70/myapp/j_security_check HTTP/1.1
>> Content-Type: application/x-www-form-urlencoded
>> j_username=p&j_password=%C5%BDe%C5%BEUli%C4%8Dka.1

The browser is not sending that correctly. The password is UTF-8 encoded
but the Content-Type fails to specify the character set used. It it did,
Tomcat would treat the password as UTF-8.

This is a common failing of browsers and is covered in the FAQ. [1]

>> Any idea how to tell tomcat to use utf-8 in form based authentication?
>> It's tomcat 7.0.34 on Czech Windows 7 32 bit with default ansi code page
>> set as Windows-1250.

Authentication is tricky because the processing happens before any user
code runs. The best / only option is to set the characterEncoding
attribute for the Authenticator [2] to UTF-8 and hope that the browsers
are consistent in their failing to follow the specification and use
whatever encoding the page is encoded with.




To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message