Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
1.8.2
-
None
Description
We Migrated Axis2 from 1.7.9 to 1.8.2, now we are not able to use special characters in "Password" parameter in axis2.xml. When we give special characters in "Password" parameter we are getting "Invalid auth credentials!" error. (it was not the case earlier in 1.7.9).
It's a blocker for us, as we use auto generated passwords, which we do not have control.
I see this is because of below code in AdminActions
if (password != null && !password.matches(HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS))
{ log.error("login() received invalid 'password' param, redirecting to: " + WELCOME); return new Redirect(WELCOME).withParameter("failed", "true"); }
The following is the result when the username & password are set to :
| Username | Password | Login status |
| Admin | axis2 | able to login |
| harsha | harsha | able to login |
| 1harsha | harsha | able to login |
| 1harsha | harsha! | Login fails |
so because of
private static final String HTTP_PARAM_VALUE_REGEX_WHITELIST_CHARS = "^[a-zA-Z0-9.\\-\\/+=@,:\\\\ ]*$";
now it is not allowing all special characters.
Is there any workaround for it?