Bug 61280

Summary: Support characters sets other than ISO 8859-1 in HTTP Basic authentication
Product: Tomcat 9 Reporter: Roland Illig <rillig>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: P2    
Version: unspecified   
Target Milestone: -----   
Hardware: All   
OS: All   

Description Roland Illig 2017-07-11 11:08:52 UTC 
https://tools.ietf.org/html/rfc7617

This RFC describes how to implement Basic authentication for usernames and passwords that are not restricted to characters below U+0100.

The BasicAuthenticator class should be updated to refer to RFC 7617 instead of the obsolete RFC 2617.

The character set used in BasicAuthenticator class should be made configurable.
Comment 1 Mark Thomas 2017-09-04 11:28:51 UTC 
Fixed in:
- trunk for 9.0.0.M27 onwards
- 8.5.x for 8.5.21 onwards
- 8.0.x for 8.0.47 onwards
- 7.0.x for 7.0.82 onwards

Note that it is disabled by default for all versions since browser support for RFC 7617 is very patchy.