java.lang.IllegalArgumentException:An invalid character [34] was present in the Cookie value

Question

This is how my tomcat-users file looks like:

<tomcat-users>
  <role rolename="admin"/>
  <role rolename="analyst"/> 
  <role rolename="user"/>
  <role rolename="kie-server"/>
  <role rolename="developer"/>
  <role rolename="manager"/>

  <user username="w" password="w" roles="admin"/>
  <user username="k" password="k" roles="kie-server"/>  
  <user username="u" password="u" roles="user,developer,analyst"/>
</tomcat-users>

After entering correct credentials in the KIE IDE WORKBENCH, I get the following exception:

java.lang.IllegalArgumentException: An invalid character [34] was present in the Cookie value
        org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateCookieValue(Rfc6265CookieProcessor.java:182)
        org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:115)
        org.apache.catalina.connector.Response.generateCookieString(Response.java:1019)
        org.apache.catalina.connector.Response.addCookie(Response.java:967)
        org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)
        org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:61)

Answer 1

CookieProcessor is a new configuration element, introduced in Tomcat 8.0.15. The CookieProcessor element allows different cookie parsing configuration in each web application, or globally in the default conf/context.xml file.

According to official docs at Apache Tomcat 8 Configuration Reference Version 8.0.47 :

The standard implementation of CookieProcessor is: org.apache.tomcat.util.http.LegacyCookieProcessor. Note that it is anticipated that this will change to org.apache.tomcat.util.http.Rfc6265CookieProcessor in a future Tomcat 8 release.

Later..

According to official docs at Apache Tomcat 8 Configuration Reference Version 8.5.23

The standard implementation of CookieProcessor is org.apache.tomcat.util.http.Rfc6265CookieProcessor

To resolve this issue: add this line in conf/context.xml at location %CATALINA_HOME% (i.e. C:\apache-tomcat-8.5.20\conf\context.xml in my case):

<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />

This is how it looks like after adding:

<?xml version="1.0" encoding="UTF-8"?>

<Context reloadable="true">
    <WatchedResource>WEB-INF/web.xml</WatchedResource>
    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
    <Transaction factory="bitronix.tm.BitronixUserTransactionObjectFactory"/>
    <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />    
</Context>