1 Reply Latest reply on Jan 31, 2011 8:33 AM by alceu

    Cookie problem @ RememberMe (mode usernameOnly)

    dr.shizuma

      Hi,


      here are the details of my environment:


      Seam 2.2.0 GA / JBoss 5.1.0GA


      RememberMe runs in mode usernameOnly.


      I never had problems until yesterday, where a user registered with a umlaut in his nickname. I took a look at the code and saw that, running in mode usernameOnly, the cookie value doesn't get BASE64 encoded. So, as soon as the user tries to login, seam throws this error:



      Caused by: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value
              at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:389)
              at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:382)
              at org.apache.tomcat.util.http.ServerCookie.appendCookieValue(ServerCookie.java:288)
              at org.apache.catalina.connector.Response.addCookieInternal(Response.java:1026)
              at org.apache.catalina.connector.Response.addCookie(Response.java:978)
              at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:343)
              at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
              at org.ajax4jsf.webapp.FilterServletResponseWrapper.addCookie(FilterServletResponseWrapper.java:627)
              at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
              at org.jboss.seam.faces.Selector.setCookieValueIfEnabled(Selector.java:119)
              at org.jboss.seam.security.RememberMe$UsernameSelector.setCookieValueIfEnabled(RememberMe.java:70)
              at org.jboss.seam.security.RememberMe.postAuthenticate(RememberMe.java:363)
              at sun.reflect.GeneratedMethodAccessor10904.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:597)
              at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
              at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:144)
              at org.jboss.seam.Component.callComponentMethod(Component.java:2253)
              at org.jboss.seam.core.Events.raiseEvent(Events.java:85)
              at org.jboss.seam.security.Identity.postAuthenticate(Identity.java:397)
              at org.jboss.seam.security.Identity.authenticate(Identity.java:345)
              at org.jboss.seam.security.Identity.authenticate(Identity.java:332)
              at org.jboss.seam.security.Identity.login(Identity.java:259)
              at sun.reflect.GeneratedMethodAccessor10857.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:597)
              at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:335)
              at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:348)
              at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58)
              at org.jboss.el.parser.AstValue.invoke(AstValue.java:96)
              at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
              at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
              at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
              ... 53 more
      



      Is there a solution how to work around this problem w/o patching Seam? Or is there another reason for this problem?


      Many thank!

        • 1. Re: Cookie problem @ RememberMe (mode usernameOnly)
          alceu

          Hi,


          I don't remember where I read, but to solve this I had to override encodeToken method of class RememberMe:


          (...)
            @Override
              public String encodeToken(String username, String value) {
                  StringBuilder sb = new StringBuilder();
                  sb.append(username);
                  sb.append(":");
                  sb.append(value);
          
                  return Base64.encodeBytes(sb.toString().getBytes(), Base64.DONT_BREAK_LINES);
              }
          (...)
          



          Best regards,