[jboss-jira] [JBoss JIRA] Commented: (JBAS-5976) Securing web-app cause incorrect character encoding in GET/POST data

Igor A Tarasov (JIRA) jira-events at lists.jboss.org
Thu Sep 18 20:03:20 EDT 2008 

    [ https://jira.jboss.org/jira/browse/JBAS-5976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12430346#action_12430346 ] 

Igor A Tarasov commented on JBAS-5976:
--------------------------------------

5) This is not my example - it is taken from official Tomcat FAQ (http://wiki.apache.org/tomcat/FAQ/CharacterEncoding#Q4) for testing GET and POST character encoding issues.

> Securing web-app cause incorrect character encoding in GET/POST data
> --------------------------------------------------------------------
>
>                 Key: JBAS-5976
>                 URL: https://jira.jboss.org/jira/browse/JBAS-5976
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Web (Tomcat) service
>    Affects Versions: JBossAS-5.0.0.CR1, JBossAS-5.0.0.CR2
>         Environment: Fedora Linux 10
> JDK 1.6.0
> Firefox 3.0.1
>            Reporter: Igor A Tarasov
>            Assignee: Remy Maucherat
>            Priority: Critical
>         Attachments: index.jsp, web.xml
>
>
> Simple test page from Tomcat FAQ (http://wiki.apache.org/tomcat/FAQ/CharacterEncoding#Q4) work right in non-secure web-app.
> After apply BASIC web authentication, character encoding of posted data is broken.
> After authentication, request.setCharactEncoding("UTF-8") in request filter does no effect too.
> No matter which login module in use, org.jboss.security.auth.spi.UsersRolesLoginModule or my own login module.
> Seems that authentication cause access the Request object in app server _before_ it can be accessed in user request filter. 
> After that, setting request.setCharacterEncoding not work.
> Insecure web-application work fine and non-ASCII characters appear correctly.
> This bug starts in CR-releases of JBoss 5.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list