[Bug 477776] Re: Query string authentication does not work in some cases
sulicny
steve.ulicny at proquest.com
Tue Nov 17 20:30:08 GMT 2009
Neil, we tried your patch, but experienced the same intermittent results
and now confirm that it is always when the signature is generated with a
"+". Ran across this sample code at Amazon and reversed it for the
decode and it seems to have solved our problem.
http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?Query_QueryAuth.html
(Java example)
Also at:
http://pastebin.com/mb5e64d1
*** WalrusAuthenticationHandler.java 2009-11-05 05:25:20.000000000 -0500
--- WalrusAuthenticationHandler.java.ulicny 2009-11-17 15:10:30.000000000 -0500
***************
*** 252,258 ****
//query string authentication
String accesskeyid = parameters.remove(SecurityParameter.AWSAccessKeyId.toString());
try {
! String signature = URLDecoder.decode(parameters.remove(SecurityParameter.Signature.toString()), "UTF-8");
if(signature == null) {
throw new AuthenticationException("User authentication failed. Null signature.");
}
--- 252,261 ----
//query string authentication
String accesskeyid = parameters.remove(SecurityParameter.AWSAccessKeyId.toString());
try {
! String signature = URLDecoder.decode(parameters.remove(SecurityParameter.Signature.toString()), "UTF-8")
! .replace("%20", "+")
! .replace("%2A", "*")
! .replace("~", "%7E");
if(signature == null) {
throw new AuthenticationException("User authentication failed. Null signature.");
}
--
Query string authentication does not work in some cases
https://bugs.launchpad.net/bugs/477776
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to eucalyptus in ubuntu.
More information about the Ubuntu-server-bugs
mailing list