APAR status
Closed as program error.
Error description
The class SSOAuthenticator (websphere.jar) converts the given
password into a byte[] using the getBytes() method of class
String. This method uses the system codepage when generating a
byte[]. The system codepage of Windows is CP1252. The
SSOAuthenticator uses the PrincipalAuthenticator to perform the
login. The implementation of this class converts the byte[]
back into a String using the StringByteConversion util class
(both classes can be found in the iwsorb.jar library). The util
class creates the String using UTF-8: String s = new
String(bytes,"UTF-8"). Thus, the password gets truncated at the
first umlaut: Example: "test " becomes "test"
Since the log file doesn't contain the current codepage and
password I've choosen to decompile some classes to find out
what's going on. Using a decompiler helps solve this problem. I
thought that the problem of umlauts is caused by different
codepages. I've decompiled and analyzed the SSOAuthenticator and
the classes invoked by the SSOAuthenticator
Local fix
n/a
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server security *
* users implementing custom login. *
****************************************************************
* PROBLEM DESCRIPTION: When using SSOAuthenticator to *
* perform custom login, login fails if *
* user's password contains characters *
* different from the plateform's code *
* pages. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
When using SSOAuthenticator to perform custom login, if the
user's password contains characters which are not in the
plateform's code pages, the fails to authenticate. The
cause is that the platform's code page is used to convert
the password into bytes.
Problem conclusion
SSOAuthenticator now encodes password strings using UTF8
instead of default encoding.
Temporary fix
Test fix provided.
Comments
APAR information |
APAR number |
PQ89840 |
Reported component name |
WEBSPHERE AE NT |
Reported component ID |
5630A2201 |
Reported release |
400 |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Submitted date |
2004-06-08 |
Closed date |
2004-06-30 |
Last modified date |
2004-06-30 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PQ91656
Modules/Macros
SRLS
Applicable component levels |
R400 PSY |
UP |
|