JBoss的5截断一个base64 cookie字符串的结尾= [英] JBoss 5 truncates trailing = of a base64 cookie string

问题描述

升级从JBoss的4到JBoss 5之后，我发现最讨厌的回归。它截断一个base64 cookie值的后等号（=）。

After upgrading from JBoss 4 to JBoss 5, I've noticed the most annoying regression. It truncates the trailing equal sign ('=') of a base64 cookie value.

我花了这么多时间来了解这个问题是不是我的code，但JBoss的，我用Google搜索它，发现它是一个众所周知的问题。

It took me so much time to understand that the problem wasn't my code but JBoss', I googled it and find out it's a known issue .

建议的解决办法是计算字符串的长度和填充它尾随等号（一个长度为4复数）。

The suggested work around is to calculate the string length and pad it with trailing equal signs (to a length that is multiplicity of 4).

由于我们的应用程序可以在多个应用服务器（如WebLogic中，WebSpehere）我非常不愿意添加特定的这个版本的JBoss这块code的。运行

As our application can run on several application servers (e.g. WebLogic, WebSpehere) I am very reluctant to add this piece of code specific for this version of JBoss.

有没有人遇到这样的？您能否提供一个更聪明的解决方法吗？

Did anybody encounter this? Can you suggest a smarter workaround?

的编辑：在首位cookie字符串的感谢@skaffman我明白我的问题，我不应该使用的base64。有在底座64上的变体称为的base64网址应用于这种串（饼干，网址...）。例如图书馆阿帕奇codeC支持其基础实施64这种变异。

edit: thanks to @skaffman I understood my problem, I shouldn't have used base64 for cookie string in the first place. There is a variant on base 64 called base64 url that should be used for such strings (cookies, urls...). The library Apache codec for example supports this variant in its base 64 implementation.

推荐答案

你有没有在如何控制你的cookies创建和连接codeD /德codeD？如果是这样，则可以切换到一个替代编码机制，其中一个不使用可与cookie规范冲突字符。例如， Apache的共享codeC 包括的六角类，它可以连接code和去code二进制数据和从一个十六进制字符串。它会比用base64的等效数据更大，但可能并不重要。

Do you have control over how your cookies are created and encoded/decoded? If so, then you could switch to an alternative encoding mechanism, one which doesn't use characters which may clash with the cookie specification. For example, Apache Commons Codec includes a Hex class which can encode and decode binary data to and from a hex string. It'd be larger than the equivalent data in base64, but that may not matter.

另外，你可以用玩曲奇 API一点。的Javadoc <一个href=\"http://java.sun.com/javaee/6/docs/api/javax/servlet/http/Cookie.html#setValue%28java.lang.String%29\"相对=nofollow> Cookie.setValue（）说：

Alternatively, you could play with the Cookie API a bit. The javadoc for Cookie.setValue() says:

随着版本0饼干，数值应
  不能包含空格，括号，
  括号等号，逗号
  双引号，斜杠，问题
  痕，在招牌，冒号和
  分号。空值可能不
  表现在所有浏览器相同的方式。

With Version 0 cookies, values should not contain white space, brackets, parentheses, equals signs, commas, double quotes, slashes, question marks, at signs, colons, and semicolons. Empty values may not behave the same way on all browsers.

所以从技术上来说，base64编码是不符合的版本0的cookie，这可能是默认兼容。你可以尝试调用 setVersion（1）上的Cookie，并查看是否有差别，但然后运行的浏览器兼容性问题的风险。

So technically, base64 encoding is not compatible with version 0 cookies, which may be the default. You could try calling setVersion(1) on the cookie, and see if that makes a difference, although then you run the risk of browser compatibility issues.

这篇关于JBoss的5截断一个base64 cookie字符串的结尾=的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！