Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-18654

Users with umlauts in passwords can´t authenticate against APS REST API from certain browsers

    Details

    • Bug Priority:
      Category 2
    • ACT Numbers:

      00930024

      Description

      Summary
      Users with umlauts in their passwords cannot authenticate against the APS REST API in browsers like Firefox, Internet Explorer or Safari.

      Steps to reproduce
      1. Via Identity Management->Users create a new user "umlaut@alfresco.com" with password "Passwörd"
      2. Via Identity Management->Capabilities give the new user the "REST access" and "tenant admin" capability
      3. In a problematic browser (e.g. Firefox), call the API URL http://localhost:9999/activiti-app/api/enterprise/admin/tenants which should list the tenants for this APS environment
      4. Authenticate as the user created in step 1

      Current behaviour
      Authentication will not work and the response seen in network console is a 401 with message "Bad credentials"

      Expected behaviour
      Authentication will work fine

      Supporting evidence

      • Reproduced in latest APS 1.6.4.2 environment
      • Reproduced also with api-explorer in Firefox using umlaut password
      • Customer analyzed the root cause:

      "The BasicAuthenticationFilter of Spring security uses utf-8 to decode user passwords, but several browsers (all, except Google Chrome) seem to use iso-8859-1 to encode the password for basic authentication, which breaks authentication for umlauts (and many more special characters) in passwords.

      This is described here: https://github.com/spring-projects/spring-security/issues/2969

      A workaround for this used by the customer: https://github.com/spring-projects/spring-security/pull/3966#issuecomment-242123838"

        Attachments

          Structure

            Activity

              People

              • Assignee:
                djohnson Doug Johnson
                Reporter:
                dkoch Dennis Koch
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Structure Helper Panel