top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

usernames being case insensitive in tomcat

+1 vote
559 views

I have observed using tomcat 7.027 and 6.026 an issue with BASIC authentication. My intent was to have both user names and passwords be case sensitive.
I know of nothing I did that would change that. The database table is plain vanilla. Passwords are case sensitive,but upper or lower case usernames work. Is there any way to prevent this?
Operating systems are windows 7 and windows Server 2008R2 both 64 bit.

posted Aug 27, 2013 by Abhay Kulkarni

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button
Have you checked to see if your database is causing this behavior? Perhaps connect directly to the DB and issue the same queries that Tomcat would issue. Then check to see if those are case insensitive.
This was my guess as well. Would you have some kind of procedure in the DB that forces upper or lower to the username value?

1 Answer

+1 vote

I checked my script and assumed that since I had made no specification for case insensitive that it would be case sensitive. It wasn't. I will go see why MYSQL is doing that and make the change there. Thank you every so much.

answer Aug 27, 2013 by anonymous
Similar Questions
+2 votes

I have 2 servers, one is running 5.5.25a and the other 5.0.77. They both have the same collation and character set:

mysql> SELECT COLLATION(VERSION());
+----------------------+
| COLLATION(VERSION()) |
+----------------------+
| utf8_general_ci |
+----------------------+
1 row in set (0.00 sec)

mysql> show variables like '%_server';
+----------------------+----------+
| Variable_name | Value |
+----------------------+----------+
| character_set_server | utf8 |
| collation_server | utf8_bin |
+----------------------+----------+
2 rows in set (0.00 sec)

Yet the 5.5.25a server is case sensitive as you would expect, but the 5.0.77 is not. How can I make the 5.0.77 server case sensitive?

0 votes

I have written a PKI proxy servlet to support a tool that needs access to my customer's secured web site, but the application does not support client certificate security. The Servlet works great when called from a browser, where the proxy uses a B2B certificate for access and forwards the response to the browser as expected. That seemed like a good prototype, however, when I went to test against the tool I found that it was not making a GET request, but rather a CONNECT request. I extended my code to accept the CONNECT, however the request never seems to get past the front door Tomcat. None of my code is ever called, so I have to assume that I have a setting wrong in Tomcat.

Everything I can find online discusses how you should not have a Tunneling proxy in your infrastructure, but this is all in a secured environment, not on the internet, so this is not an issue and has been approved. Is there something I am missing?

0 votes

Is it true that current servlet-based websocket implementation will be deprecated due to the implementation of the JSR-356. We are currently implementing a Tomcat 7-based websocket server implementation that we hoped could scale up to at least 50K concurrent connections [or more], but are concerned if there are any known issues and/or limitations with the websocket implementation in Tomcat 7.

We are currently trying to test how high Tomcat 7 will scale with regards to the maximum number of concurrent websocket connections, but have already hit some problems with only 200 concurrent connections. Perhaps it's our multi-threaded client, or Tomcat configuration - not sure at this point. We have the Tomcat Connector configured with maxConnections=50000 and maxThreads=1000, so 200 concurrent connections shouldn't be a problem.

If anyone could elaborate on the Tomcat 7 servlet websocket implementation stability from a highly concurrent aspect that would be great. Additionally, if anyone has achieved 10(s) of 1000(s) of concurrent websocket connections with Tomcat 7, can you share how Tomcat was configured, what OS it was running on, and what client library you used in testing this?

...