You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Christanto (JIRA)" <ji...@apache.org> on 2016/03/23 11:46:25 UTC

[jira] [Created] (SLING-5625) Unable to impersonate user with surrogate pair character

Christanto created SLING-5625:
---------------------------------

             Summary: Unable to impersonate user with surrogate pair character
                 Key: SLING-5625
                 URL: https://issues.apache.org/jira/browse/SLING-5625
             Project: Sling
          Issue Type: Bug
          Components: Authentication
    Affects Versions: Auth Core 1.3.12
            Reporter: Christanto


When trying to impersonate to a user having surrogate pair character (e.g. "中文test"), SlingAuthenticator throws an error:
{code}
23.03.2016 10:34:37.637 *ERROR* [qtp1315207446-3359] org.apache.felix.http.jetty Exception while processing request to /home/users/I/ (java.lang.IllegalArgumentException: Illegal character in cookie value)
java.lang.IllegalArgumentException: Illegal character in cookie value
	at org.eclipse.jetty.server.Response.isQuoteNeededForCookie(Response.java:405)
	at org.eclipse.jetty.server.Response.addSetCookie(Response.java:353)
	at org.eclipse.jetty.server.Response.addCookie(Response.java:239)
	at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:56)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.sendSudoCookie(SlingAuthenticator.java:1225)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.setSudoCookie(SlingAuthenticator.java:1344)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.getResolver(SlingAuthenticator.java:777)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:495)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:449)
	at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:121)
	at org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:421)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:57)
	at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:124)
	at org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:61)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
{code}

This is due to the implementation of SlingAuthenticator#quoteCookieValue() that cannot handle surrogate pair character.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)