Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-6213

Securing web-app REALLY cause incorrect character encoding in GET/POST data

XMLWordPrintable

      Similar problem found as stated by JBAS-5976.

      I also found the problem as stated by Igor. After several days work, it is the problem of JBoss SX layer which 'touch' ServletRequest.getParameterNames() (From "AbstractJavaEEHelper" and "WebResource.deriveUsefulInfo()") and caused the encoding set according to the OS before any character encoding filter can be applied.

      I use a wrapper Request to show the calling path. Below are the stacktrace:

      at my.tomcat.hack.RequestHack.getParameterNames(RequestHack.java:420)
      at org.jboss.security.authorization.resources.WebResource.deriveUsefulInfo(WebResource.java:152)
      at org.jboss.security.authorization.resources.WebResource.toString(WebResource.java:123)
      at org.jboss.security.javaee.AbstractJavaEEHelper.authorizationAudit(AbstractJavaEEHelper.java:100)
      at org.jboss.security.plugins.javaee.WebAuthorizationHelper.hasUserDataPermission(WebAuthorizationHelper.java:183)
      at org.jboss.web.tomcat.security.JBossWebRealm.hasUserDataPermission(JBossWebRealm.java:636)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:461)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:91)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:92)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at my.tomcat.valve.RequestInspectorValve.invoke(RequestInspectorValve.java:90)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:325)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:595)

          1.
          		 JBossWebRealm->enableAuditFlag should be false by default Sub-task Closed Major Anil Saldanha (Inactive)

              anil.saldhana Anil Saldanha (Inactive)
              jimyip_jira jimyip (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: