[
https://issues.apache.org/jira/browse/AXIS2-6057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
krishna kadire updated AXIS2-6057:
----------------------------------
Description:
We Migrated Axis2 from 1.7.9 to 1.8.2, now we are not able to use special
characters in "Password" parameter in axis2.xml. When we give special
characters in "Password" parameter we are getting "Invalid auth credentials!"
error. (it was not the case earlier in 1.7.9).
It's a blocker for us, as we use auto generated passwords, which we do not have
control.
I see this is because of below code in AdminActions
if (password != null &&
!password.matches(HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS))
{ log.error("login() received invalid 'password' param, redirecting
to: " + WELCOME); return new
Redirect(WELCOME).withParameter("failed", "true"); }
The following is the result when the username & password are set to :
|*Username*|*Password*|*Login status*|
|Admin|axis2|able to login|
|harsha|harsha|able to login|
|1harsha|harsha|able to login|
|1harsha|harsha!|Login fails|
so because of
private static final String HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS =
"^[a-zA-Z0-9.\\-\\/+=@,:\\\\ ]*$";
now it is not allowing all special characters.
Is there any workaround for it?
was:
We Migrated Axis2 from 1.7.9 to 1.8.2, now we are not able to use special
characters in "Password" parameter in axis2.xml. When we give special
characters in "Password" parameter we are getting "Invalid auth credentials!"
error. (it was not the case earlier in 1.7.9).
It's a blocker for us, as we use auto generated passwords, which we do not have
control.
I see this is because of below code in AdminActions
if (password != null &&
!password.matches(HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS)) {
log.error("login() received invalid 'password' param, redirecting
to: " + WELCOME);
return new Redirect(WELCOME).withParameter("failed", "true");
}
The following is the result when the username & password are set to :
|*Username*|*Password*|*Login status*|
|Admin|axis2|able to login|
|harsha|harsha|able to login|
|1harsha|harsha|able to login|
|1harsha|harsha!|Login fails|
so because of private static final String FILENAME_REGEX_INVALID_CHARS =
"^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]\{1,255}$";
now it is not allowing all special characters.
Is there any workaround for it?
> Special characters are not allowed in password after upgrade( from 1.7.9 to
> 1.8.2)
> ----------------------------------------------------------------------------------
>
> Key: AXIS2-6057
> URL: https://issues.apache.org/jira/browse/AXIS2-6057
> Project: Axis2
> Issue Type: Bug
> Components: admin console
> Affects Versions: 1.8.2
> Reporter: krishna kadire
> Priority: Blocker
>
> We Migrated Axis2 from 1.7.9 to 1.8.2, now we are not able to use special
> characters in "Password" parameter in axis2.xml. When we give special
> characters in "Password" parameter we are getting "Invalid auth credentials!"
> error. (it was not the case earlier in 1.7.9).
>
> It's a blocker for us, as we use auto generated passwords, which we do not
> have control.
>
> I see this is because of below code in AdminActions
>
> if (password != null &&
> !password.matches(HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS))
> { log.error("login() received invalid 'password' param,
> redirecting to: " + WELCOME); return new
> Redirect(WELCOME).withParameter("failed", "true"); }
>
> The following is the result when the username & password are set to :
> |*Username*|*Password*|*Login status*|
> |Admin|axis2|able to login|
> |harsha|harsha|able to login|
> |1harsha|harsha|able to login|
> |1harsha|harsha!|Login fails|
>
> so because of
> private static final String HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS =
> "^[a-zA-Z0-9.\\-\\/+=@,:\\\\ ]*$";
> now it is not allowing all special characters.
>
> Is there any workaround for it?
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
