diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/util/BasicAuthorizationProvider.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/util/BasicAuthorizationProvider.java
index 031470e00e5..ebdf21b49b4 100644
--- a/log4j-core/src/main/java/org/apache/logging/log4j/core/util/BasicAuthorizationProvider.java
+++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/util/BasicAuthorizationProvider.java
@@ -17,13 +17,16 @@
package org.apache.logging.log4j.core.util;
import java.net.URLConnection;
+import java.nio.charset.Charset;
+import java.util.Base64;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.status.StatusLogger;
-import org.apache.logging.log4j.util.Base64Util;
import org.apache.logging.log4j.util.LoaderUtil;
import org.apache.logging.log4j.util.PropertiesUtil;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
/**
* Provides the Basic Authorization header to a request.
*/
@@ -35,6 +38,11 @@ public class BasicAuthorizationProvider implements AuthorizationProvider {
public static final String CONFIG_USER_NAME = "log4j2.configurationUserName";
public static final String CONFIG_PASSWORD = "log4j2.configurationPassword";
public static final String PASSWORD_DECRYPTOR = "log4j2.passwordDecryptor";
+ /*
+ * Properties used to specify the encoding in HTTP Basic Authentication
+ */
+ private static final String BASIC_AUTH_ENCODING = "log4j2.configurationAuthorizationEncoding";
+ private static final String SPRING_BASIC_AUTH_ENCODING = "logging.auth.encoding";
private static final Logger LOGGER = StatusLogger.getLogger();
@@ -47,6 +55,11 @@ public BasicAuthorizationProvider(final PropertiesUtil props) {
() -> props.getStringProperty(CONFIG_PASSWORD));
final String decryptor = props.getStringProperty(PREFIXES, AUTH_PASSWORD_DECRYPTOR,
() -> props.getStringProperty(PASSWORD_DECRYPTOR));
+ // Password encoding
+ Charset passwordCharset = props.getCharsetProperty(BASIC_AUTH_ENCODING);
+ if (passwordCharset == null) {
+ props.getCharsetProperty(SPRING_BASIC_AUTH_ENCODING, UTF_8);
+ }
if (decryptor != null) {
try {
final Object obj = LoaderUtil.newInstanceOf(decryptor);
@@ -58,7 +71,13 @@ public BasicAuthorizationProvider(final PropertiesUtil props) {
}
}
if (userName != null && password != null) {
- authString = "Basic " + Base64Util.encode(userName + ":" + password);
+ /*
+ * https://datatracker.ietf.org/doc/html/rfc7617#appendix-B
+ *
+ * If the user didn't specify a charset to use, we fallback to UTF-8
+ */
+ authString = "Basic "
+ + Base64.getEncoder().encodeToString((userName + ":" + password).getBytes(passwordCharset));
}
}
diff --git a/src/changelog/.2.x.x/change_basic_auth_encoding.xml b/src/changelog/.2.x.x/change_basic_auth_encoding.xml
new file mode 100644
index 00000000000..82b2abc303d
--- /dev/null
+++ b/src/changelog/.2.x.x/change_basic_auth_encoding.xml
@@ -0,0 +1,10 @@
+
+
+
+
+ Change default encoding of HTTP Basic Authentication to UTF-8 and add `log4j2.configurationAuthorizationEncoding` property to overwrite it.
+
+
diff --git a/src/site/_release-notes/_2.x.x.adoc b/src/site/_release-notes/_2.x.x.adoc
index f9edde47b76..cbfc9a1a745 100644
--- a/src/site/_release-notes/_2.x.x.adoc
+++ b/src/site/_release-notes/_2.x.x.adoc
@@ -47,6 +47,7 @@ The module name of four bridges (`log4j-slf4j-impl`, `log4j-slf4j2-impl`, `log4j
=== Changed
* Change the order of evaluation of `FormattedMessage` formatters. Messages are evaluated using `java.util.Format` only if they don't comply to the `java.text.MessageFormat` or `ParameterizedMessage` format. (https://github.com/apache/logging-log4j2/issues/1223[1223])
+* Change default encoding of HTTP Basic Authentication to UTF-8 and add `log4j2.configurationAuthorizationEncoding` property to overwrite it. (https://github.com/apache/logging-log4j2/issues/1961[1961])
* Fix MDC pattern converter causing issues for `%notEmpty` (https://github.com/apache/logging-log4j2/issues/1922[1922])
* Fix `NotSerializableException` when `Logger` is serialized with a `ReusableMessageFactory` (https://github.com/apache/logging-log4j2/issues/1884[1884])
* Update `co.elastic.clients:elasticsearch-java` to version `8.11.0` (https://github.com/apache/logging-log4j2/pull/1953[1953])
diff --git a/src/site/markdown/log4j-spring-cloud-config-client.md b/src/site/markdown/log4j-spring-cloud-config-client.md
index 0c6ff24117d..b36bbf4c731 100644
--- a/src/site/markdown/log4j-spring-cloud-config-client.md
+++ b/src/site/markdown/log4j-spring-cloud-config-client.md
@@ -66,7 +66,8 @@ the alternatives may be used in any configuration location.
|----------|---------|---------|---------|
| log4j2.configurationUserName | log4j2.config.username | logging.auth.username | User name for basic authentication |
| log4j2.configurationPassword | log4j2.config.password | logging.auth.password | Password for basic authentication |
-| log4j2.authorizationProvider | log4j2.config.authorizationProvider | logging.auth.authorizationProvider | Class used to create HTTP Authorization header |
+| log4j2.configurationAuthorizationEncoding | | logging.auth.encoding | Encoding for basic authentication (defaults to UTF-8) |
+| log4j2.configurationAuthorizationProvider | log4j2.config.authorizationProvider | logging.auth.authorizationProvider | Class used to create HTTP Authorization header |
```
log4j2.configurationUserName=guest
diff --git a/src/site/xdoc/manual/configuration.xml.vm b/src/site/xdoc/manual/configuration.xml.vm
index 69c0b0e76c5..515a15f1148 100644
--- a/src/site/xdoc/manual/configuration.xml.vm
+++ b/src/site/xdoc/manual/configuration.xml.vm
@@ -2127,6 +2127,14 @@ public class AwesomeTest {
"https, file, jar". To completely prevent accessing the configuration via a URL specify a value of "_none".
+
+ | log4j2.configurationAuthorizationEncoding |
+ LOG4J_CONFIGURATION_AUTHORIZATION_ENCODING |
+ UTF-8 |
+
+ The encoding used in Basic Authentication (cf. RFC 7617).
+ |
+
log4j2.Configuration.authorizationProvider
|