[jira] [Commented] (SLING-5625) Unable to impersonate user with surrogate pair character

Mon, 26 Sep 2016 21:32:06 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-5625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15525035#comment-15525035
 ] 

Christanto commented on SLING-5625:
-----------------------------------

Also you can simplify the whole implementation simply by encoding the whole 
string and remove the for loop:

{code:java}
StringBuilder builder = new StringBuilder(value.length() * 2);
builder.append('"');
builder.append(URLEncoder.encode(value, "UTF-8"));
builder.append('"');
{code}

> Unable to impersonate user with surrogate pair character
> --------------------------------------------------------
>
>                 Key: SLING-5625
>                 URL: https://issues.apache.org/jira/browse/SLING-5625
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.3.12
>            Reporter: Christanto
>            Assignee: Antonio Sanso
>             Fix For: Auth Core 1.3.16
>
>
> When trying to impersonate to a user having surrogate pair character (e.g. 
> "中文test"), SlingAuthenticator throws an error:
> {code}
> 23.03.2016 10:34:37.637 *ERROR* [qtp1315207446-3359] 
> org.apache.felix.http.jetty Exception while processing request to 
> /home/users/I/ (java.lang.IllegalArgumentException: Illegal character in 
> cookie value)
> java.lang.IllegalArgumentException: Illegal character in cookie value
>       at 
> org.eclipse.jetty.server.Response.isQuoteNeededForCookie(Response.java:405)
>       at org.eclipse.jetty.server.Response.addSetCookie(Response.java:353)
>       at org.eclipse.jetty.server.Response.addCookie(Response.java:239)
>       at 
> javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:56)
>       at 
> org.apache.sling.auth.core.impl.SlingAuthenticator.sendSudoCookie(SlingAuthenticator.java:1225)
>       at 
> org.apache.sling.auth.core.impl.SlingAuthenticator.setSudoCookie(SlingAuthenticator.java:1344)
>       at 
> org.apache.sling.auth.core.impl.SlingAuthenticator.getResolver(SlingAuthenticator.java:777)
>       at 
> org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:495)
>       at 
> org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:449)
>       at 
> org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:121)
>       at 
> org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:421)
>       at 
> org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:57)
>       at 
> org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:124)
>       at 
> org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:61)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
> {code}
> This is due to the implementation of SlingAuthenticator#quoteCookieValue() 
> that cannot handle surrogate pair character.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to