Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-18460

[GSS](7.2.z) InputStream is empty if getParameter is called in deployment with Picketlink which causes fileupload to fail with sizes over 20k

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.2.7.CR2, 7.2.7.GA
    • 7.2.z.GA
    • Security
    • None
    • +
    • Hide

      Create a test user with group membership in "user".

      Use two attached reproducers (idp.war and reproducer.war) plus IDP and SP security-domains from:
      https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/how_to_set_up_sso_with_saml_v2/index#setting_up_idp
      i'm attaching my standalone.xml with this configured also.

      Then visit: http::<hostname:port>/reproducer, login and try to upload a file. A successful file upload will indicate 1 file uploaded, but failed ones show 0 files uploaded.

      Show
      Create a test user with group membership in "user". Use two attached reproducers (idp.war and reproducer.war) plus IDP and SP security-domains from: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/how_to_set_up_sso_with_saml_v2/index#setting_up_idp i'm attaching my standalone.xml with this configured also. Then visit: http::<hostname:port>/reproducer, login and try to upload a file. A successful file upload will indicate 1 file uploaded, but failed ones show 0 files uploaded.

    Description

      This is a followup to JBEAP-18122 - https://issues.redhat.com/browse/JBEAP-18122

      The issue is that if using Picketlink authentication handlers AND you call getParameter before reading from getInputStream then the input will be empty if the file size is over 20k. Also, you need to have the one-off patch from https://issues.redhat.com/browse/JBEAP-17878 if running against 7.2.5. 7.2.7 also has these changes.

      Note this is the SAME test as in JBEAP-18122 except the request.getParameter call prior to the getInputStream.

      Attaching reproducer.

      Attachments

        1. idp.war
          2 kB
        2. reproducer.war
          147 kB
        3. reproducer.zip
          658 kB
        4. roles.properties
          0.0 kB
        5. standalone.xml
          29 kB
        6. users.properties
          0.0 kB

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-18505 [GSS](7.3.z) InputStream is empty if getParameter is called in deployment with Picketlink which causes fileupload to fail with sizes over 20k

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-18504 [GSS](7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00011 to 2.5.5.SP12-redhat-00012

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-18122 [GSS](7.2.z) File upload (multipart) with Picketlink fails with sizes over 20k (using Apache Commons FileUpload)

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified

          Activity

            People

              spyrkob Bartosz Spyrko-Smietanko
              rhn-support-cdolphy Chris Dolphy
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: