Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Description
Tomcat decodes the Authorization HTTP header containing the HTTP BASIC authentication credentials, using the ISO-8859-1 charset. On the contrary, Arquillian uses Charset.defaultCharset to encode the supplied credentials, before Base64 encoding the resulting byte array. This can result in a 401 error, when accessing the manager application on Tomcat; the failure will occur when the credentials contain characters that are encoded differently in ISO-8859-1 and the default charset of the environment. For example, if the default charset is UTF-8, then credentials containing ö will not be accepted by Tomcat as ö is encoded as 0xC3 0xB6 in UTF-8 and 0xF6 in ISO-8859-1.
The suggested fix is to use ISO-8859-1 in CommonTomcatManager.constructHttpBasicAuthHeader() as listed:
// Set up an authorization header with our credentials String credentials = configuration.getUser() + ":" + configuration.getPass(); return "Basic " + new String(Base64.encodeBase64(credentials.getBytes(Charset.forName("ISO-8859-1"))), Charset.defaultCharset());
instead of the existing
// Set up an authorization header with our credentials String credentials = configuration.getUser() + ":" + configuration.getPass(); return "Basic " + new String(Base64.encodeBase64(credentials.getBytes(Charset.defaultCharset())), Charset.defaultCharset());