On 21/01/2010 06:12, André Warnier wrote: > Auth Gábor wrote: >> Hi, >> >> I've found a potential bug in the Basic Authentication module. I have >> users and some user's username is contains national characters >> (encoded in UTF-8). The HTTP header based authentication is fails when >> the username or the password contains multibyte characters. >> >> The root of the bug is the Base64 decoder, which decodes the Base64 >> stream to char array: converts each byte to individual char, this >> decode method corrupts the multibyte characters... >> > Hi. > Before declaring that this is a bug, I suggest that you read the other > thread entitled "mod_jk codepage in header values". > The main point is : according to the HTTP RFCs, a HTTP header value is > supposed to contain /only/ US-ASCII characters. Some byte values in > UTF-8 encoding are /not/ valid US-ASCII characters, so strictly speaking > and according to the RFC, HTTP headers which would contain them are > invalid. > It's a pain, but it's (probably) not a bug.
In this case I think it is a bug. The authorisation header is base64 encoded so it is automatically compliant with RFC2616. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
