2 Replies Latest reply on Oct 1, 2010 10:07 AM by martindolhs

    Token-based Remember-me Auth-bad cookie value?

    piotrp

      Hi,

      I followed the instructions in the documentation to set up Token-based Remember-me Authorization. The tokens are stored in the database correctly, however I'm receiving an exception:



      javax.servlet.ServletException: #{identity.login}: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value
           javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
           org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
           org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
           org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
           org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
           org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
           org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:177)
           org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:267)
           org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:380)
           org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:507)
           org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
           org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58)
           org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
           org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
      
      


      What could be a problem?


      Thanks,
      Piotr

        • 1. Re: Token-based Remember-me Auth-bad cookie value?
          piotrp

          If anyone is interested, I solved the problem by overriding default rememberMe component:



          @Name("org.jboss.seam.security.rememberMe")
          @Scope(SESSION)
          @Install(precedence = APPLICATION, classDependencies = "javax.faces.context.FacesContext")
          @BypassInterceptors
          public class MyRememberMe extends RememberMe {
               protected String generateTokenValue()
                  {
                     StringBuilder sb = new StringBuilder();
                     Random random = new Random();
                     sb.append(random.nextLong());
                     return sb.toString();
                  }
          }



          Regards,
          Piotr

          • 2. Re: Token-based Remember-me Auth-bad cookie value?
            martindolhs

            The previous Tip did not work for me. I found out that the encoded string sometimes contained a newline. This is not allowed for the cookie value. Workaround:


            @Name("org.jboss.seam.security.rememberMe")
            @Scope(SESSION)
            @Install(precedence = APPLICATION, classDependencies = "javax.faces.context.FacesContext")
            @BypassInterceptors
            public class MyRememberMe extends RememberMe {
              public String encodeToken(String username, String value) {
            
                StringBuilder sb = new StringBuilder();
                sb.append(username);
                sb.append(":");
                sb.append(value);
                return Base64.encodeBytes(sb.toString().getBytes(), Base64.DONT_BREAK_LINES);
            
              }
            }
            



            -Martin