[jira] [Commented] (AXIS2-6057) Special characters are not allowed in password after upgrade( from 1.7.9 to 1.8.2)

Sun, 27 Oct 2024 13:52:13 -0700 


    [ 
https://issues.apache.org/jira/browse/AXIS2-6057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893296#comment-17893296
 ] 

Robert Lazarski commented on AXIS2-6057:
----------------------------------------

This check on password has been removed in git and will be released soon as 
2.0.0, which will be jakarta ee10 compliant. 

> Special characters are not allowed in password after upgrade( from 1.7.9 to 
> 1.8.2)
> ----------------------------------------------------------------------------------
>
>                 Key: AXIS2-6057
>                 URL: https://issues.apache.org/jira/browse/AXIS2-6057
>             Project: Axis2
>          Issue Type: Bug
>          Components: admin console
>    Affects Versions: 1.8.2
>            Reporter: krishna kadire
>            Assignee: Robert Lazarski
>            Priority: Blocker
>             Fix For: 2.0.0
>
>
> We Migrated Axis2 from 1.7.9 to 1.8.2, now we are not able to use special 
> characters in  "Password" parameter in axis2.xml. When we give special 
> characters in "Password" parameter we are getting "Invalid auth credentials!" 
> error. (it was not the case earlier in 1.7.9).
>  
> It's a blocker for us, as we use auto generated passwords, which we do not 
> have control.
>  
> I see this is because of below code in AdminActions
>  
>   if (password != null && 
> !password.matches(HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS))
> {             log.error("login() received invalid 'password' param, 
> redirecting to: " + WELCOME);             return new 
> Redirect(WELCOME).withParameter("failed", "true");         }
>  
> The following is the result when the username & password are set to :
> |*Username*|*Password*|*Login status*|
> |Admin|axis2|able to login|
> |harsha|harsha|able to login|
> |1harsha|harsha|able to login|
> |1harsha|harsha!|Login fails|
>  
> so because of  
>     private static final String HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS = 
> "^[a-zA-Z0-9.\\-\\/+=@,:\\\\ ]*$";
> now it is not allowing all special characters.
>  
> Is there any workaround for it?
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to