UTF-8 in JDBC principal name? by glassfish-2 Apr 12, 2010; 03:40pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message I have a webapp on Glassfish v2 with form-based login to a MySQL JDBC realm. It works fine, [i]except[/i] that principal names containing non-ASCII characters (e.g. 'härdröcker') are refused to log in. Everything else works fine, and I have set up most parameters for UTF-8. The principal name is stored correctly in the user DB. Is there a magic setting somewhere that I have missed? Or doesn't Glassfish v2 support UTF-8 characters in user names in JDBC realms? (By the way, the same problem occurs for passwords, too). [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=396453 Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 12, 2010; 08:07pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message I have observed that server.log gets an audit warning when I log in as (the existing) user 'åäö'. It is interesting to note that now Glassfish beleives that the user name is 'åäö' . [#|2010-04-12T16:28:26.112+0200|INFO|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=27;_ThreadName=httpSSLWorkerThread-8181-1;åäö;|SEC5046: Audit: Authentication refused for [åäö].|#] [#|2010-04-12T16:28:26.112+0200|WARNING|sun-appserver2.1|javax.enterprise.system.container.web|_ThreadID=27;_ThreadName=httpSSLWorkerThread-8181-1;_RequestID=597e49cc-6474-4ed7-92a5-6d2fa747490d;|Web login failed: Login failed: javax.security.auth.login.LoginException: Security Exception|#] [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=396498 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 13, 2010; 03:59pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message Strangely enough, I now get the same message in server.log, but now shown correcty: [#|2010-04-13T12:16:08.475+0200|INFO|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=27;_ThreadName=httpSSLWorkerThread-8181-1;åäö;|SEC5046: Audit: Authentication refused for [åäö].|#] Still refused login, though. :-( [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=396658 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 15, 2010; 01:15pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message did u change anything between the previous post and this one ?. Strings are used to represent the username within the JDBCRealm. does your form specify the UTF-8 encoding
[Message sent by forum member 'kumarjayanti'] http://forums.java.net/jive/thread.jspa?messageID=397067 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 15, 2010; 01:26pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message No, I did not change anything. But the garbled log entry [i]may[/i] be caused by the text editor that viewed server.log; it probably didn't realize that the file was coded UTF-8. So that may be a red herring. No, adding enctype="UTF-8" to my login
does not help. All my s send UTF-8, because my web.xml specifies                  *.jsp          UTF-8           so I don't have to specify page encoding in [i]each[/i] JSP. [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=397069 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 16, 2010; 04:53pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message Could you please let us know what MySQL datatype you have configured for the username column? If you are using text types, then could you cross check this post :http://bugs.mysql.com/bug.php?id=43055 Also, it would be good if you could verify if the issue occurs with GF v3 ? Thanks Nithya [Message sent by forum member 'nitkal'] http://forums.java.net/jive/thread.jspa?messageID=397357 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 16, 2010; 05:25pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message For the username column, I use VARCHAR(255) with InnoDB and DEFAULT CHARACTER SET = utf8, like many other text fields in my database. Works fine all the way through JPA. So my guess is that the problem is in Glassfish, not MySQL. I can't run v3 right now, but it would be good to know if it is solved in v3. [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=397366 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 20, 2010; 05:52pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message Are you using BASIC auth method? Can you check if the issue happens with FORM based login? [Message sent by forum member 'nitkal'] http://forums.java.net/jive/thread.jspa?messageID=398017 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 21, 2010; 05:31pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message Sorry, seems that you have mentioned FORM login. We tried a similar test case and are not able to reproduce the issue in v2 or v3. Does your configuration contain any specific steps other than the usual? [Message sent by forum member 'nitkal'] http://forums.java.net/jive/thread.jspa?messageID=398203 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 21, 2010; 06:11pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message Nope, I use FORM-based authentication. Sorry, should have mentioned that. [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=398207 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 21, 2010; 06:24pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message ...and here's how I set up the security realm: sudo -u www-data \   $GLASSFISH_HOME/bin/asadmin create-auth-realm \     --classname com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm \     --property jaas-context=jdbcRealm:datasource-jndi=jdbc/fpdb:user-table=users:user-name-column=username:password-column=password:digest-algorithm=md5:group-table=users_roles:group-name-column=rolename fp-realm [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=398213 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 22, 2010; 06:15pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message We find when the encoding is MD5, there is an issue if the passwords contain Unicode characters. With usernames with Unicode characters and passwords with just ASCII chars, there does not seem to be any issue. Can you please confirm? Thanks Nithya [Message sent by forum member 'nitkal'] http://forums.java.net/jive/thread.jspa?messageID=398456 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Apr 22, 2010; 07:52pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message As I said, the problem occurs for [i]both[/i] usernames and passwords containing non-ASCII characters. If either contains non-ASCII characters, authentication fails. (I could understand that MD5-encoding could be tricky with passwords, but not usernames, since I don't MD5-encode those). I haven't (yet) tried to refactor my application to not store password MD5-encoded. [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=398485 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Sep 08, 2010; 09:04pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message I have now upgraded to Glassfish 3. No luck. The problem remains; the name of a principal may [i]only[/i] contain 7-bit ASCII characters. (For example, "übergeek" won't work.) Otherwise the user can't login. Isn't this a bug?? [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=482103 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Sep 13, 2010; 02:21pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message And, btw, I use MySQL 5.1, where that bug is fixed. [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=482486 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Sep 24, 2010; 07:49pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message I am running glassfish v3. I have a UTF8 mysql db providing the auth data for the security realm. I have a cyrliic username as a principal. I CAN log in from a SOAP service (by using programatic login in the WebService bean, the un/pw being passed in the soap header). The mysql logs show the cyrillic principal name being correctly set in the JAAS auth query. Using form-based login in a webapp i CANNOT login - the username in the mysql logs in garbled.   It seems the problem lies in the encoding of the data (all utf8ed forms/pages) being passed from the weapp to JAAS. Using BASIC authentication i CAN login with Chrome, but CANNOT with Firefox due to the different way they handle Unicode in this method. Hope this gives you a clue.  I am trying to find out how i can get the unicode principal name passed correctly from the webapp to JAAS.  Zip so far. [Message sent by forum member 'andrewmp'] http://forums.java.net/jive/thread.jspa?messageID=483626 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Sep 24, 2010; 08:14pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message Always good to narrow the problem down, thanks! I have taken the liberty to open a bug issue in https://glassfish.dev.java.net/issues/show_bug.cgi?id=13389 Voting for the issue will probably increase the attention to it. [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=483629 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Oct 01, 2010; 08:54pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message Ok - I have now identified the issue. I created my own custom ServerAuthModule for FORM login. I got it running to find the same problem.  The issue was that the HttpServletRequest passed into the SAM has a null characterset.  Thus the incoming bytes were assumed to be latin1.  The funny characters you see will be one unicode character for each byte of input data (as latin1 is a single byte charset). I set the encoding to "UTF-8" on the HttpServletRequest in my custom SAM before reading any data and things look ok. The only problem now is to discover if it is possible to feed a parameters/setting to the default web-app security handler to get it to set the character set.  If not i will have to use my home-rolled SAM.   I wonder if it is just a well hidden setting or a bug. [Message sent by forum member 'andrewmp'] http://forums.java.net/jive/thread.jspa?messageID=484129 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... Re: UTF-8 in JDBC principal name? by glassfish-2 Oct 04, 2010; 07:34pm :: Rate this Message: - Use ratings to moderate (?) Reply | Print | View Threaded | Show Only this Message Did you get it to work with a call to request.setCharacterEncoding("utf-8") in your homebrew ServerAuthModule? That's funny, because I do the utmost to ensure that all requests have UTF-8 set in all requests: + in web.xml I specify                *.jsp          UTF-8           + I also have a filter mapped to handle all URLs, including /j_security_check . It calls request.setCharacterEncoding("utf-8") before chain.doFilter(req, res). I have tried to figure out (in SunGlassFish Enterprise Server v3 Reference Manual) if [b]asadmin create-auth-realm[/b] has any parameter that specified character set encoding, but it appears that it can't be specified. I guess that would be the Right Way to feed this setting to the security handler? Hope this helps... [Message sent by forum member 'tmpsa'] http://forums.java.net/jive/thread.jspa?messageID=484283