tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eugène Adell <Eugene.Ad...@d2-si.eu>
Subject RE:FORM based authentication and utf-8 encoding of credentials
Date Mon, 24 Jun 2013 11:42:50 GMT

Where do you store your login/password : DB ? xml file ? encrypted in xml file ?



________________________________________
De : Jan Vávra [vavra@602.cz]
Envoyé : lundi 24 juin 2013 13:36
À : Tomcat Users List
Objet : FORM based authentication and utf-8 encoding of credentials

Hello,
  I'm successfully using form based authenntication when login or
password contains only letters from English alphabet. I have also
written own realm.

When I create user with password with czech String "ŽežUlička.1" the
browser sends correctly this string as:

POST http://localhost:70/myapp/j_security_check HTTP/1.1
Content-Type: application/x-www-form-urlencoded

j_username=p&j_password=%C5%BDe%C5%BEUli%C4%8Dka.1

The first letter "Ž" is really encoded in the utf-8 as bytes in hexa C5, BD.
But in the method public Principal authenticate(String username, String
credentials) the parameter credentials has first two bytes C3, 85.

In my login.jsp I have these relevant parts:
<%
   request.setCharacterEncoding("UTF-8");
%>
<html>
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...
<form method="POST" action="j_security_check" accept-charset="utf-8">

and also tomcat is telling in the http response header:
Content-Type: text/html;charset=UTF-8


But nothing of it forced Tomcat to translate password correctly from
utf-8 string.
Even the manual reencoding in authenticate(.) doesn't help:
credentials = new String(credentials.getBytes(),"utf-8")
Because the received bytes of first letter are C3, 85 instead of
expected C5, BD.

Any idea how to tell tomcat to use utf-8 in form based authentication?
It's tomcat 7.0.34 on Czech Windows 7 32 bit with default ansi code page
set as Windows-1250.

Thanks
Jan.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message