Hi,
We recently had an international client experience a FailedLoginException and have traced the issue down to be the use of the £ symbol within their password.
They recently changed their pasword to include the symbol, and since then were not able to login. For reference our WebLogic Server is hosted in AUSTRALIA.
Our development environment comprises of;
JDeveloper 11.1.1.7.0, with JDK 1.7_25 and stand-alone WLS 10.3.6
A javax.security.auth.login.FailedLoginException is thrown by the Authentication.login() method in the standard WebLogic login Java routine provided as an example in Oracle's Fusion Developer's guide.
CallbackHandler handler = new URLCallbackHandler(username, password);
Subject mySubject = Authentication.login(handler);
When using UTF-8 character encoding the £ symbol is a multibyte character, so I thought maybe this was part of the issue.
String pound = "\u00a3";
byte[] bytes1 = pound.getBytes(); // windows-1252
for (byte b : bytes1) {
System.out.println(b & 0xff); // 163
}
byte[] bytes2 = pound.getBytes(StandardCharsets.UTF_8); // UTF-8
for (byte b : bytes2) {
System.out.println(b & 0xff); // 194, 163
}
So I tried specifying some specific encoding, but all combinations still hit the FailedLoginException.
String pound = "\u00a3";
byte[] passwordA = pound.getBytes();
byte[] passwordB = pound.getBytes(StandardCharsets.UTF_8);
Then I moved onto looking at potential impact by the (I assume) differing Locale settings on the international client's machine (UK) compared to that of our WebLogic server (AU).
I'm still currently investigating this area, by altering startup Locale's of the JRE's involved in the WebLogic server and the JDK compling the application but having no luck so far.
Thought I'd throw it out there and see if anyone has encountered issues regarding specific characters used in passwords failing to be authenticated?
Thanks,
Matt.