Well, it is custom created and managed xml file.
But the core of problem is in the string credentials in method public
Principal authenticate(String username, String credentials).
If the string was encoded properly (in java as utf-16) the
credentials.length would be equal to 11 but its real length is 14. And
that corresponds to the fact that in credentials is stored some form of
utf-8 encoding.
Utf-8 encoding string "ŽežUlička.1" has length 14. +1 for each letter:
Ž,ž,č.
Jan.
Where do you store your login/password : DB ? xml file ? encrypted in xml file ?
________________________________________
De : Jan Vávra [va...@602.cz]
Envoyé : lundi 24 juin 2013 13:36
À : Tomcat Users List
Objet : FORM based authentication and utf-8 encoding of credentials
Hello,
I'm successfully using form based authenntication when login or
password contains only letters from English alphabet. I have also
written own realm.
When I create user with password with czech String "ŽežUlička.1" the
browser sends correctly this string as:
POST http://localhost:70/myapp/j_security_check HTTP/1.1
Content-Type: application/x-www-form-urlencoded
j_username=p&j_password=%C5%BDe%C5%BEUli%C4%8Dka.1
The first letter "Ž" is really encoded in the utf-8 as bytes in hexa C5, BD.
But in the method public Principal authenticate(String username, String
credentials) the parameter credentials has first two bytes C3, 85.
In my login.jsp I have these relevant parts:
<%
request.setCharacterEncoding("UTF-8");
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...
<form method="POST" action="j_security_check" accept-charset="utf-8">
and also tomcat is telling in the http response header:
Content-Type: text/html;charset=UTF-8
But nothing of it forced Tomcat to translate password correctly from
utf-8 string.
Even the manual reencoding in authenticate(.) doesn't help:
credentials = new String(credentials.getBytes(),"utf-8")
Because the received bytes of first letter are C3, 85 instead of
expected C5, BD.
Any idea how to tell tomcat to use utf-8 in form based authentication?
It's tomcat 7.0.34 on Czech Windows 7 32 bit with default ansi code page
set as Windows-1250.
Thanks
Jan.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
