Hi, Mark Thomas wrote: > OCTET = <any 8-bit sequence of data> > CTL = <any US-ASCII control character > (octets 0 - 31) and DEL (127)> > > So actually, Tomcat is correct in the current treatment of credentials. > Therefore, not a bug.
Yes, but the UTF-8 encoded text is contains any 8-bit sequence of data except control characters, so IMHO the UTF-8 encoded text is TEXT. > Also André's comments regarding ISO-8859-1 were right if considering the > actual user name and password rather than the header. Yes, thats right. The default header encoding is ISO-8859-1. > Supporting other encodings would be a useful enhancement but the default > will have to be ISO-8859-1 to remain spec compliant. What the browsers > will do for user names and passwords in other encodings is not defined > so it will be a case of YMMV. I've found some information about this issue: http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http- basic-auth-username So... this is the real chaos... :) By the way, my users are not use HTML browsers, they are using JAX-WS in their client program, and the JAX-WS sends authentication data in UTF-8 (like Opera), because the default encoding is UTF-8 in the client JVM (and the server too). Gábor Auth --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
