krishna kadire created AXIS2-6057:
-------------------------------------
Summary: Special characters are not allowed in password after
upgrade( from 1.7.9 to 1.8.2)
Key: AXIS2-6057
URL: https://issues.apache.org/jira/browse/AXIS2-6057
Project: Axis2
Issue Type: Bug
Components: admin console
Affects Versions: 1.8.2
Reporter: krishna kadire
We Migrated Axis2 from 1.7.9 to 1.8.2, now we are not able to use special
characters in "Password" parameter in axis2.xml. When we give special
characters in "Password" parameter we are getting "Invalid auth credentials!"
error. (it was not the case earlier in 1.7.9).
It's a blocker for us, as we use auto generated passwords, which we do not have
control.
I see this is because of below code in AdminActions
if (password != null &&
!password.matches(HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS)) {
log.error("login() received invalid 'password' param, redirecting
to: " + WELCOME);
return new Redirect(WELCOME).withParameter("failed", "true");
}
The following is the result when the username & password are set to :
|*Username*|*Password*|*Login status*|
|Admin|axis2|able to login|
|harsha|harsha|able to login|
|1harsha|harsha|able to login|
|1harsha|harsha!|Login fails|
so because of private static final String FILENAME_REGEX_INVALID_CHARS =
"^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]\{1,255}$";
now it is not allowing all special characters.
Is there any workaround for it?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
