[jboss-jira] [JBoss JIRA] (ELY-1525) When SSO is enabled, multipart form and form enconding stop working.

Darran Lofthouse (Jira) issues at jboss.org
Tue Jul 9 05:39:00 EDT 2019 

    [ https://issues.jboss.org/browse/ELY-1525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13757079#comment-13757079 ] 

Darran Lofthouse commented on ELY-1525:
---------------------------------------

Thinking about this further we may need to revisit how mechanisms are obtaining their request parameters - we only make use of this FormDataParser if a mechanism requires the parameters the majority of our mechanisms however only use headers so don't use the parameters.

Our FORM implementation only kicks in if a submission to j_security_check is detected so in that case it is correct we completely take over the parsing of the input stream.  

The Keycloak case I believe is slightly different, I suspect it does need access to request parameters but I think the question is does it really need access to the multi part submission data in the same way a POST submission for FORM authentication would?  [~pcraveiro] Do you have any thoughts on the parameter handling requirements?

Another consideration is is there a way for us to read the input stream but then reset it for subsequent servlets to be able to read it.  

I think avoid reading unnecessarily is the better option but the reset if possible may be one solution.


> When SSO is enabled, multipart form and form enconding stop working.
> --------------------------------------------------------------------
>
>                 Key: ELY-1525
>                 URL: https://issues.jboss.org/browse/ELY-1525
>             Project: WildFly Elytron
>          Issue Type: Bug
>    Affects Versions: 1.1.6.Final, 1.2.1.Final
>            Reporter: Estevão Freitas
>            Assignee: Darran Lofthouse
>            Priority: Critical
>             Fix For: 1.10.0.CR3
>
>         Attachments: 0001-ELY-1525-Initialize-FormParserFactory-with-FormEncod.patch, ely-1515-reproducer.zip
>
>
> I developed a JSF application with "h:inputFile" component and it requires a form with " enctype="multipart/form-data" ".
> I use this tutorial for SSO: https://docs.jboss.org/author/display/WFLY/Web+Single+Sign-On .
> When I execute the last step: " /subsystem=undertow/application-security-domain=other/setting=single-sign-on:add(key-store=example-keystore, key-alias=localhost, domain=localhost, credential-reference=clear-text=secret}) ", all commandButtons stop working.
> If I remove the "h:inputFile" component and " enctype="multipart/form-data" " from form all buttons works again, but all words with accents are corrupted.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list