|Applies To||RSA ClearTrust 5.5 Runtime Java API|
RSA ClearTrust 5.0.1 Runtime Java API
RSA ClearTrust 5.5.2 Runtime Java API
|Issue||Token decrypt failure in API-based applications in ClearTrust|
A J2EE application that parses a request and submits a token for validation experiences token decryption failures from the Auth server. The results of these token validation attempts are inconsistent - some succeed, while some fail decryption.
|Cause||If the character set of a token contains characters (e.g. " ", "/") that are not URL encoded, they cannot be transmitted via HTTP. If a token contains such a special character and is not URL decoded, it will fail decryption during token validation. Because a token is a hashed value, this may appear as a random occurrence.|
|Resolution||Upon extracting the value of the CTSESSION token, it must be URL decoded (java.net.URLDecoder) prior to use in an RTAPI call. Similarly, if a token is modified by an application, it must be URL encoded prior to responding to the client browser.|
|Legacy Article ID||a19704|