On 21/01/2010 05:54, Auth Gábor wrote: > Hi, > > I've found a potential bug in the Basic Authentication module. I have users > and some user's username is contains national characters (encoded in UTF-8). > The HTTP header based authentication is fails when the username or the > password contains multibyte characters.
That sounds like a bug to me. > The root of the bug is the Base64 decoder, which decodes the Base64 stream to > char array: converts each byte to individual char, this decode method > corrupts > the multibyte characters... And that sounds like the root cause. > It works, because the byte[] to String conversion supports the multibyte > conversion and uses the encoding of the JVM. > > What do you think about it? I haven't tested it or looked at the detail of the base 64 decoding but on the basis it works for you then... Great! Many thanks. Please create a Bugzilla entry and add your patch to it. Patches sent to the mailing list are too easy to forget. Before you do, I have have one improvement suggestion. Using the platform default encoding to convert bytes to String is something that itself has caused bugs in the past and I can see it doing so here too. I'd suggest adding a characterEncoding attribute to the BasicAuthenticator (like there is for FormAuthenticator). Don't forget to include documenting this new attribute in your patch. The tricky question is what should the default be. I see the options as ISO-8859-1 or UTF-8. I'd use UTF-8 since that will work for most input including all ISO-8859-1 input. Thanks again for the patch. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
