You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Luis Arias (JIRA)" <ji...@apache.org> on 2009/02/06 16:30:00 UTC

[jira] Created: (JSEC-56) rememberMe cookie value is sometimes sent without appropriate base64 padding

rememberMe cookie value is sometimes sent without appropriate base64 padding
----------------------------------------------------------------------------

                 Key: JSEC-56
                 URL: https://issues.apache.org/jira/browse/JSEC-56
             Project: JSecurity
          Issue Type: Bug
          Components: Web
            Reporter: Luis Arias


I experienced this issue this morning (easily visible with Firebug).  I am supplying a patch with a fix and unit test.  It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JSEC-56) rememberMe cookie value is sometimes sent without appropriate base64 padding

Posted by "Luis Arias (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Luis Arias updated JSEC-56:
---------------------------

    Issue Type: Improvement  (was: Bug)

> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
>                 Key: JSEC-56
>                 URL: https://issues.apache.org/jira/browse/JSEC-56
>             Project: JSecurity
>          Issue Type: Improvement
>          Components: Web
>            Reporter: Luis Arias
>         Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug).  I am supplying a patch with a fix and unit test.  It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSEC-56) rememberMe cookie value is sometimes sent without appropriate base64 padding

Posted by "Luis Arias (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671258#action_12671258 ] 

Luis Arias commented on JSEC-56:
--------------------------------

Hopefully it will save others some time and effort !  Currently I'm not using the patched version because I'm using jsecurity through the grails plugin, so instead I have implemented that padding routine in a tomcat valve.  Looking forward to 1.0 ! :)

> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
>                 Key: JSEC-56
>                 URL: https://issues.apache.org/jira/browse/JSEC-56
>             Project: JSecurity
>          Issue Type: Improvement
>          Components: Web
>    Affects Versions: 0.9
>            Reporter: Luis Arias
>             Fix For: 1.0
>
>         Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug).  I am supplying a patch with a fix and unit test.  It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSEC-56) rememberMe cookie value is sometimes sent without appropriate base64 padding

Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671196#action_12671196 ] 

Les Hazlewood commented on JSEC-56:
-----------------------------------

This is greatly appreciated.  Thanks for the contribution!

> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
>                 Key: JSEC-56
>                 URL: https://issues.apache.org/jira/browse/JSEC-56
>             Project: JSecurity
>          Issue Type: Improvement
>          Components: Web
>    Affects Versions: 0.9
>            Reporter: Luis Arias
>             Fix For: 1.0
>
>         Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug).  I am supplying a patch with a fix and unit test.  It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JSEC-56) rememberMe cookie value is sometimes sent without appropriate base64 padding

Posted by "Luis Arias (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Luis Arias updated JSEC-56:
---------------------------

    Attachment: base64padding_problem.patch

You'll notice in the test case that the only difference with the getRememberedPrincipals test is there is a missing = at the end of the cookie value.

> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
>                 Key: JSEC-56
>                 URL: https://issues.apache.org/jira/browse/JSEC-56
>             Project: JSecurity
>          Issue Type: Bug
>          Components: Web
>            Reporter: Luis Arias
>         Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug).  I am supplying a patch with a fix and unit test.  It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (JSEC-56) rememberMe cookie value is sometimes sent without appropriate base64 padding

Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood resolved JSEC-56.
-------------------------------

    Resolution: Fixed
      Assignee: Les Hazlewood

Couldn't add the patch directly due to the source being changed previously, but I added the corresponding logic and added Luis's name to the @author tags

> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
>                 Key: JSEC-56
>                 URL: https://issues.apache.org/jira/browse/JSEC-56
>             Project: JSecurity
>          Issue Type: Improvement
>          Components: Web
>    Affects Versions: 0.9
>            Reporter: Luis Arias
>            Assignee: Les Hazlewood
>             Fix For: 1.0
>
>         Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug).  I am supplying a patch with a fix and unit test.  It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Moved: (KI-46) rememberMe cookie value is sometimes sent without appropriate base64 padding

Posted by "Alan Cabrera (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/KI-46?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alan Cabrera moved JSEC-56 to KI-46:
------------------------------------

        Fix Version/s:     (was: 1.0)
          Component/s:     (was: Web)
    Affects Version/s:     (was: 0.9)
                  Key: KI-46  (was: JSEC-56)
              Project: Ki  (was: JSecurity)

> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
>                 Key: KI-46
>                 URL: https://issues.apache.org/jira/browse/KI-46
>             Project: Ki
>          Issue Type: Improvement
>            Reporter: Luis Arias
>            Assignee: Les Hazlewood
>         Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug).  I am supplying a patch with a fix and unit test.  It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JSEC-56) rememberMe cookie value is sometimes sent without appropriate base64 padding

Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood updated JSEC-56:
------------------------------

        Fix Version/s: 1.0
    Affects Version/s: 0.9

> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
>                 Key: JSEC-56
>                 URL: https://issues.apache.org/jira/browse/JSEC-56
>             Project: JSecurity
>          Issue Type: Improvement
>          Components: Web
>    Affects Versions: 0.9
>            Reporter: Luis Arias
>             Fix For: 1.0
>
>         Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug).  I am supplying a patch with a fix and unit test.  It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSEC-56) rememberMe cookie value is sometimes sent without appropriate base64 padding

Posted by "Luis Arias (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JSEC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12675806#action_12675806 ] 

Luis Arias commented on JSEC-56:
--------------------------------

Cool thanks Les !!

> rememberMe cookie value is sometimes sent without appropriate base64 padding
> ----------------------------------------------------------------------------
>
>                 Key: JSEC-56
>                 URL: https://issues.apache.org/jira/browse/JSEC-56
>             Project: JSecurity
>          Issue Type: Improvement
>          Components: Web
>    Affects Versions: 0.9
>            Reporter: Luis Arias
>            Assignee: Les Hazlewood
>             Fix For: 1.0
>
>         Attachments: base64padding_problem.patch
>
>
> I experienced this issue this morning (easily visible with Firebug).  I am supplying a patch with a fix and unit test.  It might be better to be safe to encode the remember me cookie value as ascii hex instead of base64 instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.