Search code examples
cookiesuser-roleskie-workbenchtomcat8.5

java.lang.IllegalArgumentException:An invalid character [34] was present in the Cookie value


This is how my tomcat-users file looks like:

<tomcat-users>
  <role rolename="admin"/>
  <role rolename="analyst"/> 
  <role rolename="user"/>
  <role rolename="kie-server"/>
  <role rolename="developer"/>
  <role rolename="manager"/>

  <user username="w" password="w" roles="admin"/>
  <user username="k" password="k" roles="kie-server"/>  
  <user username="u" password="u" roles="user,developer,analyst"/>
</tomcat-users>

After entering correct credentials in the KIE IDE WORKBENCH, I get the following exception:

java.lang.IllegalArgumentException: An invalid character [34] was present in the Cookie value
        org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateCookieValue(Rfc6265CookieProcessor.java:182)
        org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:115)
        org.apache.catalina.connector.Response.generateCookieString(Response.java:1019)
        org.apache.catalina.connector.Response.addCookie(Response.java:967)
        org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)
        org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:61)

Solution

  • CookieProcessor is a new configuration element, introduced in Tomcat 8.0.15. The CookieProcessor element allows different cookie parsing configuration in each web application, or globally in the default conf/context.xml file.

    According to official docs at Apache Tomcat 8 Configuration Reference Version 8.0.47 :

    The standard implementation of CookieProcessor is: org.apache.tomcat.util.http.LegacyCookieProcessor. Note that it is anticipated that this will change to org.apache.tomcat.util.http.Rfc6265CookieProcessor in a future Tomcat 8 release.

    Later..

    According to official docs at Apache Tomcat 8 Configuration Reference Version 8.5.23

    The standard implementation of CookieProcessor is org.apache.tomcat.util.http.Rfc6265CookieProcessor

    To resolve this issue: add this line in conf/context.xml at location %CATALINA_HOME% (i.e. C:\apache-tomcat-8.5.20\conf\context.xml in my case):

    <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />

    This is how it looks like after adding:

    <?xml version="1.0" encoding="UTF-8"?>
    
    <Context reloadable="true">
        <WatchedResource>WEB-INF/web.xml</WatchedResource>
        <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
        <Transaction factory="bitronix.tm.BitronixUserTransactionObjectFactory"/>
        <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />    
    </Context>