Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-6213

Securing web-app REALLY cause incorrect character encoding in GET/POST data

    XMLWordPrintable

Details

    Description

      Similar problem found as stated by JBAS-5976.

      I also found the problem as stated by Igor. After several days work, it is the problem of JBoss SX layer which 'touch' ServletRequest.getParameterNames() (From "AbstractJavaEEHelper" and "WebResource.deriveUsefulInfo()") and caused the encoding set according to the OS before any character encoding filter can be applied.

      I use a wrapper Request to show the calling path. Below are the stacktrace:

      at my.tomcat.hack.RequestHack.getParameterNames(RequestHack.java:420)
      at org.jboss.security.authorization.resources.WebResource.deriveUsefulInfo(WebResource.java:152)
      at org.jboss.security.authorization.resources.WebResource.toString(WebResource.java:123)
      at org.jboss.security.javaee.AbstractJavaEEHelper.authorizationAudit(AbstractJavaEEHelper.java:100)
      at org.jboss.security.plugins.javaee.WebAuthorizationHelper.hasUserDataPermission(WebAuthorizationHelper.java:183)
      at org.jboss.web.tomcat.security.JBossWebRealm.hasUserDataPermission(JBossWebRealm.java:636)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:461)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:91)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:92)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at my.tomcat.valve.RequestInspectorValve.invoke(RequestInspectorValve.java:90)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:325)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:595)

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBAS-5976 Securing web-app cause incorrect character encoding in GET/POST data

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              anil.saldhana Anil Saldanha (Inactive)
              jimyip_jira jimyip (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: