[Geoserver-devel] [jira] Created: (GEOS-1183) Admin password with ampersand (or other special XML characters) breaks deploy

Admin password with ampersand (or other special XML characters) breaks deploy
-----------------------------------------------------------------------------

                 Key: GEOS-1183
                 URL: http://jira.codehaus.org/browse/GEOS-1183
             Project: GeoServer
          Issue Type: Bug
          Components: Configuration
    Affects Versions: 1.5.1
         Environment: Red Hat Linux Enterprise 3, Tomcat 5.5.23
            Reporter: Ryan Hofschneider
            Assignee: Andrea Aime
            Priority: Minor

If you change the admin password using /config/loginEdit.do the password gets saved to geoserver/data/services.xml without properly encoding the password for XML.

This means that if the password contains any special XML characters (e.g., ampersand, less-than, etc.) and the application server is restarted, the app server will not be able to deploy Geoserver, as Geoserver fails with the following error messages:

[Fatal Error] :61:24: The entity name must immediately follow the '&' in the entity reference.
29 Jun 22:08:16 ERROR [context.ContextLoader] - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'applicationState' defined in URL [file:/home/hofschnr/tomcat/webapps/geose
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'data' defined in URL [jar:file:/home/hofschnr/tomcat/webapps/geoserver/WEB
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'config' defined in URL [jar:file:/home/hofschnr/tomcat/webapps/geoserver/W
java.lang.RuntimeException: Error reading : java.io.FileReader@anonymised.com
    at org.geoserver.util.ReaderUtils.parse(ReaderUtils.java:72)
    at org.vfny.geoserver.global.xml.XMLConfigReader.loadServices(XMLConfigReader.java:221)
    at org.vfny.geoserver.global.xml.XMLConfigReader.load(XMLConfigReader.java:187)
    at org.vfny.geoserver.global.xml.XMLConfigReader.<init>(XMLConfigReader.java:153)
    at org.vfny.geoserver.global.Config.setApplicationContext(Config.java:69)
<snip>

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira