krishna kadire created AXIS2-6057:
-------------------------------------

             Summary: Special characters are not allowed in password after 
upgrade( from 1.7.9 to 1.8.2)
                 Key: AXIS2-6057
                 URL: https://issues.apache.org/jira/browse/AXIS2-6057
             Project: Axis2
          Issue Type: Bug
          Components: admin console
    Affects Versions: 1.8.2
            Reporter: krishna kadire


We Migrated Axis2 from 1.7.9 to 1.8.2, now we are not able to use special 
characters in  "Password" parameter in axis2.xml. When we give special 
characters in "Password" parameter we are getting "Invalid auth credentials!" 
error. (it was not the case earlier in 1.7.9).

 

It's a blocker for us, as we use auto generated passwords, which we do not have 
control.

 

I see this is because of below code in AdminActions

 

  if (password != null && 
!password.matches(HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS)) {

            log.error("login() received invalid 'password' param, redirecting 
to: " + WELCOME);

            return new Redirect(WELCOME).withParameter("failed", "true");

        }

 

The following is the result when the username & password are set to :
|*Username*|*Password*|*Login status*|
|Admin|axis2|able to login|
|harsha|harsha|able to login|
|1harsha|harsha|able to login|
|1harsha|harsha!|Login fails|

 

so because of     private static final String FILENAME_REGEX_INVALID_CHARS = 
"^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]\{1,255}$";

now it is not allowing all special characters.

 

Is there any workaround for it?

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to