Merge branch 'master' of ssh://git.eclipse.org:29418/elogbook/authandauth
diff --git a/src/main/java/org/eclipse/openk/portal/auth2/util/JwtHelper.java b/src/main/java/org/eclipse/openk/portal/auth2/util/JwtHelper.java
index 95c6579..c830013 100644
--- a/src/main/java/org/eclipse/openk/portal/auth2/util/JwtHelper.java
+++ b/src/main/java/org/eclipse/openk/portal/auth2/util/JwtHelper.java
@@ -11,6 +11,8 @@
 */
 package org.eclipse.openk.portal.auth2.util;
 
+import java.io.*;
+import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import javax.ws.rs.core.MediaType;
 import org.eclipse.openk.portal.auth2.model.JwtHeader;
@@ -20,11 +22,7 @@
 import org.eclipse.openk.portal.auth2.model.KeyCloakUser;
 import com.google.gson.JsonSyntaxException;
 import com.google.gson.reflect.TypeToken;
-import java.io.BufferedReader;
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
+
 import java.lang.reflect.Type;
 import java.net.HttpURLConnection;
 import java.net.URL;
@@ -43,10 +41,16 @@
   }
 
   public static JwtToken login(String user, String password) throws PortalInternalServerError {
-    String token = sendPost(BackendConfig.getInstance().getAuthServerUrl() + "auth/realms/" +
-                    BackendConfig.getInstance().getKeycloakRealm() + "/protocol/openid-connect/token",
-            "username=" + user + "&password=" + password + "&client_id="
-                    + BackendConfig.getInstance().getKeycloakClient() + "&grant_type=password");
+    String token = null;
+    try {
+      token = sendPost(BackendConfig.getInstance().getAuthServerUrl() + "auth/realms/" +
+                      BackendConfig.getInstance().getKeycloakRealm() + "/protocol/openid-connect/token",
+              "username=" + user + "&password=" + URLEncoder.encode(password, "UTF-8") + "&client_id="
+                      + BackendConfig.getInstance().getKeycloakClient() + "&grant_type=password");
+    } catch (UnsupportedEncodingException e) {
+      logger.error( "Unsupported Encoding Exception: ", e);
+      throw new PortalInternalServerError(e.getMessage());
+    }
     return getJwtTokenFromJson(token);
   }
 
@@ -162,24 +166,25 @@
   private static String sendPost(String targetUrl, String urlParameters) throws PortalInternalServerError {
     logger.info("sendPost");
 
-    HttpURLConnection con = getHttpConnection(targetUrl);
+   HttpURLConnection con = getHttpConnection(targetUrl);
     StringBuilder response = new StringBuilder(); // or StringBuffer if Java version 5+
 
     try (AutoCloseable conc = con::disconnect) {
       con.setRequestMethod("POST");
-      con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
+      con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=utf-8");
       con.setRequestProperty("Accept", MediaType.APPLICATION_JSON);
-      con.setRequestProperty("Content-Length", Integer.toString(urlParameters.getBytes().length));
+      con.setRequestProperty("Content-Length", Integer.toString(urlParameters.getBytes(StandardCharsets.UTF_8.name()).length));
+
       con.setInstanceFollowRedirects(false);
       con.setDoOutput(true);
       // Send request
       try (DataOutputStream wr = new DataOutputStream(con.getOutputStream())) {
-        wr.writeBytes(urlParameters);
+        wr.write(urlParameters.getBytes(StandardCharsets.UTF_8.name()));
       }
       // Get Response
       InputStream is = con.getInputStream();
 
-      try (BufferedReader rd = new BufferedReader(new InputStreamReader(is, "UTF-8"))) {
+      try (BufferedReader rd = new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8.name()))) {
         String line;
         while ((line = rd.readLine()) != null) {
           response.append(line);
diff --git a/src/main/java/org/eclipse/openk/portal/controller/InputDataValuator.java b/src/main/java/org/eclipse/openk/portal/controller/InputDataValuator.java
index b288a75..fc094a5 100644
--- a/src/main/java/org/eclipse/openk/portal/controller/InputDataValuator.java
+++ b/src/main/java/org/eclipse/openk/portal/controller/InputDataValuator.java
@@ -40,8 +40,6 @@
         LoginCredentials obj;
         try {
             obj = JsonGeneratorBase.getGson().fromJson(credentials, LoginCredentials.class);
-            checkWhitelistChars(obj.getPassword());
-            checkWhitelistChars(obj.getPassword());
         } catch (Exception e) { // NOSONAR
             obj = null;
         }
@@ -51,7 +49,7 @@
         }
     }
 
-    private void checkWhitelistChars(String txt) throws PortalBadRequest {
+    private void checkWhitelistChars(String txt) throws PortalBadRequest { // NOSONAR 24.09.2018: There's a great possibility that we need a whitebox-charecter check for security reasons again. Because of this, we leave this code
         checkWhitelistChars(txt, false);
     }