Christopher Schultz wrote:
I'm surprised that nobody else has noticed that the control
characters
in question were already posted by Itay... it's just that nobody
bothered to read the error message properly :)
And we are quite flabbergasted that you did not peruse the thread
carefully, or you would have no doubt noticed that even prior to the
actual data showing the Base64 wrapping in its full glory, the reason
had been given beforehand.
I did read the thread carefully, and nowhere was it explained why this
error message was being emitted:
SEVERE: Exception in the filter chain
javax.servlet.ServletException: #{identity.login}:
java.lang.IllegalArgumentException: Control character in cookie value,
consider BASE64 encoding your value
Itay showed it here:
*After encoding:*
Base64.encodeBytes(sb.toString().getBytes()) =
aXRheS5zYWhhckBnbWFpbC5jb206LTMzY2RmYjZmOjEyNTZhOTBjOWFjOi04MDAwOjM2Nzg1NzQ1
Base64.encodeBytes(sb.toString().getBytes()).getBytes()
[97, 88, 82, 104, 101, 83, 53, 122, 89, 87, 104, 104, 99, 107, 66,
110, 98,
87, 70, 112, 98, 67, 53, 106, 98, 50, 48, 54, 76, 84, 77, 122, 89,
50, 82,
109, 89, 106, 90, 109, 79, 106, 69, 121, 78, 84, 90, 104, 79, 84,
66, 106,
79, 87, 70, 106, 79, 105, 48, 52, 77, 68, 65, 119, 79, 106, 77, 50,
78, 122,
103, 49, 78, 122, 81, 49, 10, 78, 106, 99, 48, 79, 68, 99, 49, 79,
68, 89,
53, 77, 122, 103, 61]
Note the "10" between the 49 and 78 towards the end.
It was wrapped as André mentioned, and then when Itay did this:
But look like problem is fixed. I extended the encodeToken method
and change
it to be
return Base64.encodeBytes(sb.toString().getBytes(),
Base64.DONT_BREAK_LINES);
And now it works (like a charm)! but i'm not sure it solve all the
scenarios/possibilities.
This confirmed it for me.
I never saw any JSP code with the text "#{identity.login}" in it
anywhere.
But all is well now, since Itay added the magical no-wrap parameter
in
his call.
Well, you may have solved /a/ problem, but you either didn't solve the
originally-reported one, or there were really two problems originally
reported. It's not clear to me if they are a single issue or two.
Maybe #{identity.login} is a seam artifact?
Anyway an interesting dialog as always on tomcat_user. Thanks.
Regards,
Dave
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksf+q0ACgkQ9CaO5/Lv0PCJLwCfSV86+GS4htSUowQKjQPmSq86
4+8AoItHPDj02Mo+KaDx/kA9pNV1kjoJ
=8ox5
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
