Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: JBossAS-5.0.0.GA
Affects Version/s: JBossAS-5.0.0.CR1, JBossAS-5.0.0.CR2
Component/s: Security, Web (Tomcat) service
Labels:
- authentication
- character
- encoding
- request
- utf-8

Affects:

Compatibility/Configuration
Forum Reference:
http://community.jboss.org/thread/39328?tstart=0

SFDC Cases Counter:
SFDC Cases Links:

Similar problem found as stated by ~~JBAS-5976~~.

I also found the problem as stated by Igor. After several days work, it is the problem of JBoss SX layer which 'touch' ServletRequest.getParameterNames() (From "AbstractJavaEEHelper" and "WebResource.deriveUsefulInfo()") and caused the encoding set according to the OS before any character encoding filter can be applied.

I use a wrapper Request to show the calling path. Below are the stacktrace:

at my.tomcat.hack.RequestHack.getParameterNames(RequestHack.java:420)
at org.jboss.security.authorization.resources.WebResource.deriveUsefulInfo(WebResource.java:152)
at org.jboss.security.authorization.resources.WebResource.toString(WebResource.java:123)
at org.jboss.security.javaee.AbstractJavaEEHelper.authorizationAudit(AbstractJavaEEHelper.java:100)
at org.jboss.security.plugins.javaee.WebAuthorizationHelper.hasUserDataPermission(WebAuthorizationHelper.java:183)
at org.jboss.web.tomcat.security.JBossWebRealm.hasUserDataPermission(JBossWebRealm.java:636)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:461)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:91)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:92)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at my.tomcat.valve.RequestInspectorValve.invoke(RequestInspectorValve.java:90)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:325)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)

relates to

JBAS-5976 Securing web-app cause incorrect character encoding in GET/POST data

Closed

JBossWebRealm->enableAuditFlag should be false by default

Closed

Anil Saldanha (Inactive)

Assignee:: Anil Saldanha (Inactive)

Reporter:: jimyip (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2008/11/19 5:13 AM

Updated:: 2008/12/14 4:14 PM

Resolved:: 2008/12/14 4:14 PM

Details

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates