eclipse-ee4j/jaxb-istack-commons

Impossible to use a password with #

Tomas-Kraus opened this issue · 2 comments

I want to use wsimport against an HTTPS WSDL which requires authetification. However, the password that my provider sets up contains the '#' character and it seems wsimport is using java.net.URL to parse the auth file. If I escape the # character with %23 in the auth file, then I get a too many attempts error

Environment

Win7 64bits JDK1.7.0_65

Affected Versions

[2.2.4]

Source: javaee/metro-jax-ws#1160
Author: glassfishrobot

Auth file text is being processed in com.sun.istack.tools.DefaultAuthenticator#parseLine(String) method.

  1. new URL(text) is tried 1st - this parses RFC 2396 URL strings.
  2. own more fault tolerant code is used when new URL(text) fails with MalformedURLException.

The only limitation of this code is, that plain text password shall not start with '#' character. This causes new URL(text) to produce mismatched content without throwing MalformedURLException exception.
Encoded password may contain %23 sequence anywhere.

I was not able to reproduce the problem. Added jUnit test to make sure passwords with '#' are being parsed properly.