CalDAV bug?

[kluss0]

One of my Mac users encountered an interesting bug in the CalDAV server. If the users password contains a : and a ) then authentication succeeds, but it throws an error. The api-log shows the following:

Code: Select all

2008-01-11 16:20:27,921 ERROR [RestServlet.sendError:31] Sending error
A00008 error parsing HTTP authentication header
        at com.scalix.api.rest.CheckAuthInterceptor.preHandle(CheckAuthInterceptor.java:60)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:829)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:774)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:460)
        at com.scalix.api.PlatformDispatcherServlet.service(PlatformDispatcherServlet.java:74)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.springframework.web.filter.AbstractRequestLoggingFilter.doFilterInternal(AbstractRequestLoggingFilter.java:133)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
        at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: problem reading credentials from http authorization header
        at com.scalix.api.auth.Credentials.fromHttpAuthorization(Credentials.java:46)
        at com.scalix.api.rest.CheckAuthInterceptor.authenticateAccount(CheckAuthInterceptor.java:78)
        at com.scalix.api.rest.CheckAuthInterceptor.preHandle(CheckAuthInterceptor.java:53)
        ... 24 more


It's very easy to reproduce. Just create a password that looks like a smiley emoticon : - )

[kluss0]

I just opened a bug for this. It's at https://bugzilla.scalix.com/show_bug.cgi?id=16436