[jboss-jira] [JBoss JIRA] Created: (JBAS-5976) Securing web-app cause incorrect character encoding in GET/POST data

[Igor (JIRA)]

Securing web-app cause incorrect character encoding in GET/POST data
--------------------------------------------------------------------

                 Key: JBAS-5976
                 URL: https://jira.jboss.org/jira/browse/JBAS-5976
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Web (Tomcat) service
    Affects Versions: JBossAS-5.0.0.CR2, JBossAS-5.0.0.CR1
         Environment: Fedora Linux 10
JDK 1.6.0
Firefox 3.0.1
            Reporter: Igor
            Assignee: Remy Maucherat
            Priority: Critical


Simple test page from Tomcat FAQ (http://wiki.apache.org/tomcat/FAQ/CharacterEncoding#Q4) work right in non-secure web-app.
After apply BASIC web authentication, character encoding of posted data is broken.

After authentication, request.setCharactEncoding("UTF-8") in request filter does no effect too.
No matter which login module in use, org.jboss.security.auth.spi.UsersRolesLoginModule or my own login module.
Seems that authentication cause access the Request object in app server _before_ it can be accessed in user request filter. 
After that, setting request.setCharacterEncoding not work.

Insecure web-application work fine and non-ASCII characters appear correctly.
This bug starts in CR-releases of JBoss 5.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira