[Bug 477776] Re: Query string authentication does not work in some cases

sulicny steve.ulicny at proquest.com
Tue Nov 17 20:30:08 GMT 2009


Neil, we tried your patch, but experienced the same intermittent results
and now confirm that it is always when the signature is generated with a
"+".  Ran across this sample code at Amazon and reversed it for the
decode and it seems to have solved our problem.

http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?Query_QueryAuth.html
(Java example)

Also at:
http://pastebin.com/mb5e64d1


*** WalrusAuthenticationHandler.java    2009-11-05 05:25:20.000000000 -0500
--- WalrusAuthenticationHandler.java.ulicny     2009-11-17 15:10:30.000000000 -0500
***************
*** 252,258 ****
                                //query string authentication
                                String accesskeyid = parameters.remove(SecurityParameter.AWSAccessKeyId.toString());
                                try {
!                                       String signature = URLDecoder.decode(parameters.remove(SecurityParameter.Signature.toString()), "UTF-8");
                                        if(signature == null) {
                                                throw new AuthenticationException("User authentication failed. Null signature.");
                                        }
--- 252,261 ----
                                //query string authentication
                                String accesskeyid = parameters.remove(SecurityParameter.AWSAccessKeyId.toString());
                                try {
!                                       String signature = URLDecoder.decode(parameters.remove(SecurityParameter.Signature.toString()), "UTF-8")
!                                       .replace("%20", "+")
!                                       .replace("%2A", "*")
!                                       .replace("~", "%7E");
                                        if(signature == null) {
                                                throw new AuthenticationException("User authentication failed. Null signature.");
                                        }

-- 
Query string authentication does not work in some cases
https://bugs.launchpad.net/bugs/477776
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to eucalyptus in ubuntu.



More information about the Ubuntu-server-bugs mailing list