JAAS Extra Spaces in Username

Tue, 26 Aug 2025 16:46:29 -0700 

Hi Guys,
We are seeing a strange issue with user logins. If a user includes extra spaces in their username the login process is successful, but the request username from request.getRemoteUser() still has the extra space which is causing issues with our internal processes. 


Ideally we'd like to change the setup to fail the login if extra spaces 
are included. I've included our current config, and appreciate any help 
in addressing this.



This is all using Tomcat 9 with Java 11 and I have included our config 
below.


Thanks

Zoran

/META-INF/context.xml

<Resource
        name="jdbc/appDB"
        type="javax.sql.DataSource"
        auth="Container"
        driverClassName="org.mariadb.jdbc.Driver"
url="jdbc:mariadb://localhost:3306/app_db?useEncoding=true&amp;characterEncoding=UTF-8&amp;zeroDateTimeBehavior=convertToNull"
        username="user"
        password="password"
        maxActive="100"
        maxIdle="30"
        maxWait="10000"
        removeAbandoned="true"
        removeAbandonedTimeout="60"
        logAbandoned="true"
        testOnBorrow="true"
        validationQuery="select count(*) from tableXX"
    />

<Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.DataSourceRealm"
               dataSourceName="jdbc/appDB"
               localDataSource="true"
               roleNameCol="status"
               userCredCol="password"
               userNameCol="user_name"
               userRoleTable="users"
               userTable="users"
        >

            <CredentialHandler 
className="org.apache.catalina.realm.MessageDigestCredentialHandler"

                algorithm="SHA"
                iterations="1"
                saltLength="0"
            />
        </Realm>
    </Realm>

/WEB-INF/web.xml

    <security-constraint>
        <display-name>Admin Console</display-name>
        <web-resource-collection>
            <web-resource-name>Restricted Access</web-resource-name>
            <!-- Define the context-relative URL(s) to be protected -->
            <description/>
            <url-pattern>/protected/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>

            <!-- Anyone with one of the listed roles may access this 
area -->

            <role-name>1</role-name>
        </auth-constraint>
    </security-constraint>

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>App</realm-name>
        <form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-error.jsp</form-error-page>
        </form-login-config>
    </login-config>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to