You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Luis Arias (JIRA)" <ji...@apache.org> on 2009/02/06 16:30:00 UTC
[jira] Created: (JSEC-56) rememberMe cookie value is sometimes sent
without appropriate base64 padding
rememberMe cookie value is sometimes sent without appropriate base64 padding
----------------------------------------------------------------------------
Key: JSEC-56
URL: https://issues.apache.org/jira/browse/JSEC-56
Project: JSecurity
Issue Type: Bug
Components: Web
Reporter: Luis Arias
I experienced this issue this morning (easily visible with Firebug). I am supplying a patch with a fix and unit test. It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JSEC-56) rememberMe cookie value is sometimes sent
without appropriate base64 padding
Posted by "Luis Arias (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Luis Arias updated JSEC-56:
---------------------------
Issue Type: Improvement (was: Bug)
> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
> Key: JSEC-56
> URL: https://issues.apache.org/jira/browse/JSEC-56
> Project: JSecurity
> Issue Type: Improvement
> Components: Web
> Reporter: Luis Arias
> Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug). I am supplying a patch with a fix and unit test. It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSEC-56) rememberMe cookie value is sometimes
sent without appropriate base64 padding
Posted by "Luis Arias (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671258#action_12671258 ]
Luis Arias commented on JSEC-56:
--------------------------------
Hopefully it will save others some time and effort ! Currently I'm not using the patched version because I'm using jsecurity through the grails plugin, so instead I have implemented that padding routine in a tomcat valve. Looking forward to 1.0 ! :)
> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
> Key: JSEC-56
> URL: https://issues.apache.org/jira/browse/JSEC-56
> Project: JSecurity
> Issue Type: Improvement
> Components: Web
> Affects Versions: 0.9
> Reporter: Luis Arias
> Fix For: 1.0
>
> Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug). I am supplying a patch with a fix and unit test. It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSEC-56) rememberMe cookie value is sometimes
sent without appropriate base64 padding
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671196#action_12671196 ]
Les Hazlewood commented on JSEC-56:
-----------------------------------
This is greatly appreciated. Thanks for the contribution!
> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
> Key: JSEC-56
> URL: https://issues.apache.org/jira/browse/JSEC-56
> Project: JSecurity
> Issue Type: Improvement
> Components: Web
> Affects Versions: 0.9
> Reporter: Luis Arias
> Fix For: 1.0
>
> Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug). I am supplying a patch with a fix and unit test. It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JSEC-56) rememberMe cookie value is sometimes sent
without appropriate base64 padding
Posted by "Luis Arias (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Luis Arias updated JSEC-56:
---------------------------
Attachment: base64padding_problem.patch
You'll notice in the test case that the only difference with the getRememberedPrincipals test is there is a missing = at the end of the cookie value.
> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
> Key: JSEC-56
> URL: https://issues.apache.org/jira/browse/JSEC-56
> Project: JSecurity
> Issue Type: Bug
> Components: Web
> Reporter: Luis Arias
> Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug). I am supplying a patch with a fix and unit test. It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (JSEC-56) rememberMe cookie value is sometimes
sent without appropriate base64 padding
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood resolved JSEC-56.
-------------------------------
Resolution: Fixed
Assignee: Les Hazlewood
Couldn't add the patch directly due to the source being changed previously, but I added the corresponding logic and added Luis's name to the @author tags
> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
> Key: JSEC-56
> URL: https://issues.apache.org/jira/browse/JSEC-56
> Project: JSecurity
> Issue Type: Improvement
> Components: Web
> Affects Versions: 0.9
> Reporter: Luis Arias
> Assignee: Les Hazlewood
> Fix For: 1.0
>
> Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug). I am supplying a patch with a fix and unit test. It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Moved: (KI-46) rememberMe cookie value is sometimes sent
without appropriate base64 padding
Posted by "Alan Cabrera (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KI-46?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alan Cabrera moved JSEC-56 to KI-46:
------------------------------------
Fix Version/s: (was: 1.0)
Component/s: (was: Web)
Affects Version/s: (was: 0.9)
Key: KI-46 (was: JSEC-56)
Project: Ki (was: JSecurity)
> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
> Key: KI-46
> URL: https://issues.apache.org/jira/browse/KI-46
> Project: Ki
> Issue Type: Improvement
> Reporter: Luis Arias
> Assignee: Les Hazlewood
> Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug). I am supplying a patch with a fix and unit test. It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JSEC-56) rememberMe cookie value is sometimes sent
without appropriate base64 padding
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood updated JSEC-56:
------------------------------
Fix Version/s: 1.0
Affects Version/s: 0.9
> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
> Key: JSEC-56
> URL: https://issues.apache.org/jira/browse/JSEC-56
> Project: JSecurity
> Issue Type: Improvement
> Components: Web
> Affects Versions: 0.9
> Reporter: Luis Arias
> Fix For: 1.0
>
> Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug). I am supplying a patch with a fix and unit test. It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSEC-56) rememberMe cookie value is sometimes
sent without appropriate base64 padding
Posted by "Luis Arias (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12675806#action_12675806 ]
Luis Arias commented on JSEC-56:
--------------------------------
Cool thanks Les !!
> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
> Key: JSEC-56
> URL: https://issues.apache.org/jira/browse/JSEC-56
> Project: JSecurity
> Issue Type: Improvement
> Components: Web
> Affects Versions: 0.9
> Reporter: Luis Arias
> Assignee: Les Hazlewood
> Fix For: 1.0
>
> Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug). I am supplying a patch with a fix and unit test. It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.