-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gábor,
On 1/21/2010 9:16 AM, Auth Gábor wrote: > Mark Thomas wrote: >> OCTET = <any 8-bit sequence of data> >> CTL = <any US-ASCII control character >> (octets 0 - 31) and DEL (127)> >> >> So actually, Tomcat is correct in the current treatment of credentials. >> Therefore, not a bug. > > Yes, but the UTF-8 encoded text is contains any 8-bit sequence of data except > control characters, so IMHO the UTF-8 encoded text is TEXT. Sure, UTF-8 encoded text is TEXT, but you may not get the String value you expect. André is correct in that non-Latin characters appear to be unsupported by the HTTP Authenticate header. Now, there /are/ things that can be done to accommodate you. See below. The patch you posted probably will only work when the platform encoding is set to UTF-8. Instead, an encoding setting would probably have to be provided to the BasicAuthenticator to allow the Base64-encoded header value to use the desired encoding. Actually, the code as it looks right now does have a bug: the platform default encoding is used to decode Base-64 decoded bytes in the Authenticate header. Instead, it should probably be ASCII or maybe ISO-8859-1. >> Also André's comments regarding ISO-8859-1 were right if considering the >> actual user name and password rather than the header. > > Yes, thats right. The default header encoding is ISO-8859-1. It's ASCII, though ISO-8859-1 is backward-compatible (as is UTF-8). > I've found some information about this issue: > http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http- > basic-auth-username Nice that someone looked at actual behavior of the browsers. It would be pretty trivial to add a settable charset to the BasicAuthenticator, and also to allow things like RFC 2047 charset-in-value decoding, though I don't think that's appropriate because the Bas64 value has already been decoded. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktYuooACgkQ9CaO5/Lv0PAQZQCgoWiesTSQ/aX+oeRmF8Qvv+u3 73oAniYbXKfEIGdnIVyEHpZNgJ82ZjsI =qPwi -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org