'[jira] [Assigned] (AXIS2-6057) Special characters are not allowed in password after upgrade( from 1.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sandesha-dev
Subject:    [jira] [Assigned] (AXIS2-6057) Special characters are not allowed in password after upgrade( from 1.
From:       "Robert Lazarski (Jira)" <jira () apache ! org>
Date:       2023-07-07 14:49:00
Message-ID: JIRA.13542629.1688624073000.137487.1688741340047 () Atlassian ! JIRA
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/AXIS2-6057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Robert Lazarski reassigned AXIS2-6057:
--------------------------------------

    Assignee: Robert Lazarski

> Special characters are not allowed in password after upgrade( from 1.7.9 to 1.8.2)
> ----------------------------------------------------------------------------------
> 
> Key: AXIS2-6057
> URL: https://issues.apache.org/jira/browse/AXIS2-6057
> Project: Axis2
> Issue Type: Bug
> Components: admin console
> Affects Versions: 1.8.2
> Reporter: krishna kadire
> Assignee: Robert Lazarski
> Priority: Blocker
> 
> We Migrated Axis2 from 1.7.9 to 1.8.2, now we are not able to use special \
> characters in   "Password" parameter in axis2.xml. When we give special characters \
> in "Password" parameter we are getting "Invalid auth credentials!" error. (it was \
> not the case earlier in 1.7.9). 
> It's a blocker for us, as we use auto generated passwords, which we do not have \
> control. 
> I see this is because of below code in AdminActions
> 
> if (password != null && !password.matches(HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS))
> {                        log.error("login() received invalid 'password' param, \
> redirecting to: " + WELCOME);                        return new \
> Redirect(WELCOME).withParameter("failed", "true");                } 
> The following is the result when the username & password are set to :
> > *Username*|*Password*|*Login status*|
> > Admin|axis2|able to login|
> > harsha|harsha|able to login|
> > 1harsha|harsha|able to login|
> > 1harsha|harsha!|Login fails|
> 
> so because of   
> private static final String HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS = \
> "^[a-zA-Z0-9.\\-\\/+=@,:\\\\ ]*$"; now it is not allowing all special characters.
> 
> Is there any workaround for it?
> 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic