glassfish
  1. glassfish
  2. GLASSFISH-5039

form login with non-ascii characters fails

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 9.1pe
    • Fix Version/s: not determined
    • Component/s: security
    • Labels:
      None
    • Environment:

      Operating System: Windows XP
      Platform: All

    • Issuezilla Id:
      5,039

      Description

      Hello,

      It seems, that at the form based authenticator is bug.
      If you try to put non-ascii characters (Chinese, arabish, russian alphabet) into
      password field, and use jdbcrealm, properly configured including jdbc
      connection, the login everytime fails. Login field itself could be ascii or
      non-ascii, doesn't matter.
      We discussed that here http://forums.java.net/jive/thread.jspa?threadID=40977
      and it looks like there really is missing charset in getBytes. As monzillo writes:

      it gets the password as a String from a
      parameter of the httpservletrequest, and then the realm calls String.getBytes()
      without specifying a character set to use in the encoding. As such, the
      platform's default char set is used in the encoding, which apparently does not
      match the charset used used by your browser when you entered the password and it
      created the request.

      I set charset to UTF8 in realm configuration, but it's not used.
      I tried also use MD5 hashing, but it's not working either.
      (Probably both ends on this same line - String.getBytes(), which should take
      charset field from realm config?)

      Please let me know about fix, and how to use it as patch, since we cannot wait
      until release, thanks a lot

        Activity

        Hide
        miira added a comment -

        we managed that to work with:

        realm
        digest algorithm MD5
        Encoding Base64
        charset utf-8

        and in java register code change password to be base64 encoded in addition.
        I hope, this will help anyone.

        However, without base64 it's not working.

        Show
        miira added a comment - we managed that to work with: realm digest algorithm MD5 Encoding Base64 charset utf-8 and in java register code change password to be base64 encoded in addition. I hope, this will help anyone. However, without base64 it's not working.
        Hide
        sanandal added a comment -

        "Reclassifying as P4 because this issue is not deemed "must fix" for this v2.1
        release whose primary release driver is SailFin.
        This issue will be scrubbed after this release and will be given the right
        priority for the next release."

        Show
        sanandal added a comment - "Reclassifying as P4 because this issue is not deemed "must fix" for this v2.1 release whose primary release driver is SailFin. This issue will be scrubbed after this release and will be given the right priority for the next release."
        Hide
        Tom Mueller added a comment -

        Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

        Show
        Tom Mueller added a comment - Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

          People

          • Assignee:
            JeffTancill
            Reporter:
            miira
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: