-
1. Re: can username be UTF-8
javatwo,
I do not know if JBoss has any limitations of character encoding, but there are a few things about your question that I may be able to help with.
Note: assuming you are using Tomcat...
First, if you created a filter with url-pattern = 'j_security_check', it will never be executed. This is because, Tomcat's org.apache.catalina.authenticators.FormAuthenticator in the request pipeline will intercept the request as part of container managed security. If this does not make sense let me know and I will explain further.
Second, there can be many reasons why login failed. Can you provide some TRACE loggin of org.jboss.security and org.jboss.web.tomcat.security loggers.
cgriffith -
2. Re: can username be UTF-8
Thanks for reply, j2ee_junkie.
Right now I am using a filter to set request encoding to UTF-8 for all requests in order to support chinese characters. It works great except Form login. The username is created in UTF-8 and stored in database.
The related part in login-config.xml
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName">java:/DefaultDS</module-option>
<module-option name="principalsQuery">
select password from User where username=?
</module-option>
So I suspect the FORM login need to go through a filter to set its encoding to UTF-8. Otherwise, the server side would assume iso-8859-1 encoding, and it would find the username in database table. Is there a way to print out the username when tomcat query the databse.
I looked the logging directory, I could not find logging of the packages you mentioned.
Thanks for ideas. Have a nice day! -
3. Re: can username be UTF-8
javatwo,
As I mentioned below, the filter is useless during FORM login. All that login stuff happens in the container level. Filters are at the web-app/servlet level.
I am not speaking from experience, but what about the web-app.xml's locale-encoding-mapping-list configuration. In any case, the solution is probably not found in a JBoss configuration. Submitting of form values is servlet container specific.
cegriff -
4. Re: can username be UTF-8
"j2ee_junkie" wrote:
javatwo,
As I mentioned below, the filter is useless during FORM login. All that login stuff happens in the container level. Filters are at the web-app/servlet level.
I am not speaking from experience, but what about the web-app.xml's locale-encoding-mapping-list configuration. In any case, the solution is probably not found in a JBoss configuration. Submitting of form values is servlet container specific.
cegriff
HI j2ee_junkie,
Thanks again.
Where is the web-app.xml? I am using JSF, and have web.xml and faces-config.xml. That might solve the problem if web-app.xml has a place to set encoding.
Form login will go through web container before going to JAAS. There should be a place to let the web container know the form encoding.
Regards, -
5. Re: can username be UTF-8
I am sorry for the error. I meant web.xml's web-app element. The schema (found at http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd) has a locale-encoding-mapping element that seems to be what your looking for. However, I have never used this myself. Please keep me posted of it's use.
later, cgriffith -
6. Re: can username be UTF-8
I looked at the document, the locale-encoding-mapping is for response, not for request. So the web container still does not know the request encoding coming from the client machine. One thing I do not understand: the default is iso8859, but I think the default should be UTF-8.
Thanks! -
7. Re: can username be UTF-8
I'm having the same issue. Even thought my login jsp sets the encoding to utf-8, it seems that it is ignored. Therefore, any username with wide characters can't login. The only way I got this working was by adding a URIEncoding=utf-8 to the server.xml for Tomcat, and use a "GET" versus a "POST".
When a user with username = "??c" tries to loggin, I see the following in the request (using ieHTTPHeaders) :
POST /zpm/j_security_check HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://localhost:8080/zpm/pricelab_frameset.jsp
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts; SV1; .NET CLR 2.0.50727)
Host: localhost:8080
Content-Length: 44
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=229F4125F6F48356925F7F4BA46DFC0B
j_username=%DA%88%D0%B4c&j_password=password
You can see that the username is not what was entered.
This is using JBOSS 4.0.1 sp1. -
-
9. Re: can username be UTF-8
I am seeing the same behaviour as previously described. Text fields in my form-login.jsp posting to j_security_check do not correctly follow encoding type. I am using a ? character or (ALT-0153) in my password and it gets garbled. I have set my web.xml to include the locale-encoding-mapping-list as follows but it doesn't seem to have an effect.
<locale-encoding-mapping-list> <locale-encoding-mapping> <locale>en</locale> <encoding>UTF-8</encoding> </locale-encoding-mapping> <locale-encoding-mapping> <locale>en_US</locale> <encoding>UTF-8</encoding> </locale-encoding-mapping> </locale-encoding-mapping-list>
Thoughts? -
10. Re: can username be UTF-8
Has there been any solution to this problem?
I have run into as well using JBoss 4.0.3SP1 (and 4.0.4GA).
In my Web Applications, I can login with English usernames and passwords just fine.
But when I try to login with a Russian or Chineese username, the login always fails.
From the tracing I've done, it seems the username is getting converted to ISO-8859-1, and that's why it's failing.
I've done all the "standard" things to make our pages UTF-8, and this does work on every page except the login page. Something about "j_security_check" is ignoring UTF-8 and forcing a conversion to "ISO-8859-1".
Any thoughts? Pointers?
Robert Pappas -
11. Re: can username be UTF-8
http://jira.jboss.com/jira/browse/JBAS-3445
Jira issue is to write a test case to test this.
Are you able to submit a junit test case (that maybe utilizes apache common httpclient to make calls on your test application). If yes, then you can attach it as a zip in the JIRA issue? That way, we can resolve this issue faster if exists. -
12. Re: can username be UTF-8
Well, even if I create a JUnit test case...would that really help if you guys don't have the same JBoss configuration as I do on the back-end? (Unless I zip up my whole WAR and my JBoss config and send that too?)
Here are some more details on the simplest way to reproduce this problem:
1) I've created a simple WAR with a login page and just one JSP page that is protected using J2EE (JEE) declaritive security in web.xml. Here is the relevant section of my web.xml file:<login-config> <auth-method>FORM</auth-method> <realm-name>Example Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/oops.jsp</form-error-page> </form-login-config> </login-config> <security-constraint> <display-name>Security Constraint for "customers"</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/pages/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>customers</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-role> <role-name>customers</role-name> </security-role>
2) My login.jsp page is just a standard j_security_check form with the fields "j_username" and "j_password"
3) I'm using the standard JBoss login-config.xml, which defaults to the application-policy of "other" (since I don't specify one in my WAR), which uses users.properties and roles.properties for usernames and passwords and roles. I've also reproduced this problem when I try to use a Database or LDAP server for user authentication. So the authentication mechanism is probably not the issue. But using properties-based authentication is the easiest way to reproduce this problem.
4) I setup a user with an English name and English password in "users.properties" and "roles.properties". And I also setup a user with a Russian name and Russian password in the same properties files. (Russian, or Chineese, or any name and password that requires wide characters)
5) I run my site, and I try to access the protected page. The login page is displayed. I can login as the English user, but not the Russian user.
Does this help any? =)
If you need a JUnit test, I can see what I can come up with for that too.
Thanks!
Robert Pappas -
13. Re: can username be UTF-8
My Solution:
I am a chinese and I am writing a website for chinese. every page in my web site is of utf-8. I use form-based authentication and org.jboss.security.auth.spi.DatabaseServerLoginModule to authenticate my users. When some of my users create their accounts with chinese characters in their login id, they can't login because DatabaseServerLoginModule can't get the correctly-encoded username. So I debug into jboss authentication module. I tried to filter all request to use UTF-8 ,but I failed because authectiation request can't be filtered by the filters defined in /WEB-INF/web.xml. I find that the DatabaseServerLoginModule can't get the encoded username corretly only because the username can't be correctly fechted from request by org.apache.catalina.authenticator.FormAuthenticator. So I need to configure org.apache.catalina.authenticator.FormAuthenticator in order to get utf-8 encoded username.
i find the configuration here:
http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
I add a context.xml to /WEB-INF/ and deploy to my jboss server. Now the username can be fetched correctly now and my users can use chinese characters in their login id;
my context.xml:
my jboss is 4.20.GA -
14. Re: can username be UTF-8
<Context> <Valve className="org.apache.catalina.authenticator.FormAuthenticator" characterEncoding="UTF-8" /> </Context>