Bug 61280 - Support characters sets other than ISO 8859-1 in HTTP Basic authentication
Summary: Support characters sets other than ISO 8859-1 in HTTP Basic authentication
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: unspecified
Hardware: All All
: P2 enhancement (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-11 11:08 UTC by Roland Illig
Modified: 2017-09-04 11:28 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Roland Illig 2017-07-11 11:08:52 UTC
https://tools.ietf.org/html/rfc7617

This RFC describes how to implement Basic authentication for usernames and passwords that are not restricted to characters below U+0100.

The BasicAuthenticator class should be updated to refer to RFC 7617 instead of the obsolete RFC 2617.

The character set used in BasicAuthenticator class should be made configurable.
Comment 1 Mark Thomas 2017-09-04 11:28:51 UTC
Fixed in:
- trunk for 9.0.0.M27 onwards
- 8.5.x for 8.5.21 onwards
- 8.0.x for 8.0.47 onwards
- 7.0.x for 7.0.82 onwards

Note that it is disabled by default for all versions since browser support for RFC 7617 is very patchy.