You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2014/07/15 17:10:05 UTC
[jira] [Resolved] (HTTPCLIENT-1528) UTF-8 characters in user names
not supported in Basic Authentication
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1528.
-------------------------------------------
Resolution: Invalid
Non-ASCII characters in Basic auth credentials are illegal. If you still want to force HttpClient to use a different charset for auth credentials you need configure it with 'http.auth.credential-charset' parameter in 4.2 or by using a custom instance of BasicSchemeFactory in 4.3.
Oleg
> UTF-8 characters in user names not supported in Basic Authentication
> --------------------------------------------------------------------
>
> Key: HTTPCLIENT-1528
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1528
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.6
> Reporter: Christoph Pohl
>
> If you try to use UTF-8 characters like the Euro sign ("€") in user names, httpclient does not compose the correct Base64-encoded basic authentication header. Suppose the following piece of code:
> CredentialsProvider credsProvider = new BasicCredentialsProvider();
> credsProvider.setCredentials(new AuthScope(post, port), new UsernamePasswordCredentials("€uro", "Admin1234"));
> httpClient = new DefaultHttpClient(new ThreadSafeClientConnManager());
> httpClient.setCredentialsProvider(credsProvider);
> ...which results an Authentication header "Basic P1VSTzpBZG1pbjEyMzQ=" (equals to decoded "?URO:Admin1234"). However, browsers like Google Chrome correctly encode "Basic 4oKsdXJvOkFkbWluMTIzNA==" (equals to decoded "€uro:Admin1234").
> Sorry if this bug has been reported already.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org