61280 – Support characters sets other than ISO 8859-1 in HTTP Basic authentication

Bug 61280 - Support characters sets other than ISO 8859-1 in HTTP Basic authentication

Summary: Support characters sets other than ISO 8859-1 in HTTP Basic authentication

Status:	RESOLVED FIXED

Alias:	None

Product:	Tomcat 9
Classification:	Unclassified
Component:	Catalina (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P2 enhancement (vote)
Target Milestone:	-----
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-07-11 11:08 UTC by Roland Illig
Modified:	2017-09-04 11:28 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Roland Illig 2017-07-11 11:08:52 UTC

https://tools.ietf.org/html/rfc7617

This RFC describes how to implement Basic authentication for usernames and passwords that are not restricted to characters below U+0100.

The BasicAuthenticator class should be updated to refer to RFC 7617 instead of the obsolete RFC 2617.

The character set used in BasicAuthenticator class should be made configurable.

Comment 1 Mark Thomas 2017-09-04 11:28:51 UTC

Fixed in:
- trunk for 9.0.0.M27 onwards
- 8.5.x for 8.5.21 onwards
- 8.0.x for 8.0.47 onwards
- 7.0.x for 7.0.82 onwards

Note that it is disabled by default for all versions since browser support for RFC 7617 is very patchy.