On 19.01.2018 09:10, Mark Thomas wrote:
On 18/01/18 21:04, Norbert Harrer wrote:
Hi.
Which character encoding of user / password for the Basic Authentication
Header is tomcat accepting?
A pretty simple question, but I didn't find a clear answer after
googling for quite a while.
I know that there is no clear definition what should be used. For
example browsers do it differently.
An example:
User: test
Password: 123ö (german umlaut o with two dots at the end)
Firefox sends ISO-8859-1:
Authorization: Basic dGVzdDoxMjP2
Chrome sends UTF-8:
Authorization: Basic dGVzdDoxMjPDtg==
After trying it it seems tomcat accepts ISO-8859-1. Can this be configured?
To a limited extend. See the following:
https://bz.apache.org/bugzilla/show_bug.cgi?id=61280
http://tomcat.markmail.org/thread/wotey6yz64obije7
http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Basic_Authenticator_Valve/Attributes
...
Thanks Mark.
So if I understood the documents (and after studying
BasicAuthenticator.java in Tomcat 7 and 8) it is as follows:
Tomcat 7 uses ISO-8859-1 hardcoded
Tomcat 8 implements RFC 7617, in which the server can ask the client to
send the credential in UTF-8. This must be enabled via the Basic
Authenticator Valve. Otherwise ISO-8859-1 is used.
I wonder why Chrome is blindly sending UTF-8 instead of respecting RFC 7617.
Regards,
Norbert
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org