[jboss-jira] [JBoss JIRA] Resolved: (JBAS-5976) Securing web-app cause incorrect character encoding in GET/POST data

Remy Maucherat (JIRA) jira-events at lists.jboss.org
Thu Sep 18 21:12:20 EDT 2008 

     [ https://jira.jboss.org/jira/browse/JBAS-5976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Remy Maucherat resolved JBAS-5976.
----------------------------------

    Resolution: Cannot Reproduce Bug


Better resolution.

I tried to reproduce it with a simple GET (http://127.0.0.1:8080/test.jsp?mydata=%E5%8F%B6) with URIEncoding="UTF-8" on the Connector (I am using GET) and BASIC protection (first access to the server, so it produces a 401). Your claim was that this scenario did not work. Unsurprisingly, both JBoss Web and AS CR 2 work as expected.

If you insist this does not work, please post a ready to run WAR (really ready to run, including a jboss-web.xml which could use the admin user from the jmx-console realm), with the usage scenario and URL(s) that I should access (with expected result).

> Securing web-app cause incorrect character encoding in GET/POST data
> --------------------------------------------------------------------
>
>                 Key: JBAS-5976
>                 URL: https://jira.jboss.org/jira/browse/JBAS-5976
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Web (Tomcat) service
>    Affects Versions: JBossAS-5.0.0.CR1, JBossAS-5.0.0.CR2
>         Environment: Fedora Linux 10
> JDK 1.6.0
> Firefox 3.0.1
>            Reporter: Igor A Tarasov
>            Assignee: Remy Maucherat
>            Priority: Critical
>         Attachments: index.jsp, web.xml
>
>
> Simple test page from Tomcat FAQ (http://wiki.apache.org/tomcat/FAQ/CharacterEncoding#Q4) work right in non-secure web-app.
> After apply BASIC web authentication, character encoding of posted data is broken.
> After authentication, request.setCharactEncoding("UTF-8") in request filter does no effect too.
> No matter which login module in use, org.jboss.security.auth.spi.UsersRolesLoginModule or my own login module.
> Seems that authentication cause access the Request object in app server _before_ it can be accessed in user request filter. 
> After that, setting request.setCharacterEncoding not work.
> Insecure web-application work fine and non-ASCII characters appear correctly.
> This bug starts in CR-releases of JBoss 5.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list