Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-16353

Multivaluedmap is always empty on form based parameters

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 26.1.0.Final
    • Security, Web (Undertow)
    • None
    • Hide

      Using legacy security (not Elytron) this works just fine but that means staying on WF24.

      Show
      Using legacy security (not Elytron) this works just fine but that means staying on WF24.
    • ---
    • ---

      The bug is that in jax-rs methods like the two below the multivaluedMap and the form.asMap()
      are always empty if you play with the security settings.

      @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
      public Response multivaluedMap(MultivaluedMap<String, String> multivaluedMap)

      @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
      public Response form(Form form)

      However if declared like this they work:
      @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
      public Response form(@FormParam("name") String value)

      You can also get a hold of the values if you inject HttpServletRequest klike this
      @Context private HttpServletRequest servletRequest;
      and call servletRequest.getParameterMap()

      To repoduce do like this:

      start a clean server (wilfdly-26 or jboss-eap7.4) and deploy the war

      #run the test
      $ bash ./runtest.sh
            multivaluedmap value='VALUE'
                      form value='VALUE'
                 formparam value='VALUE'
                  injected value='VALUE'

      1. create the keystore in $JBOSS_HOME/standalone/configuration
        $ keytool -genkeypair -alias sso -keyalg RSA -keysize 2048 -validity 7300 -keystore sso.ks -dname "CN=localhost" -keypass qwerty -storepass qwerty
      1. cli commands for jboss eap 7.4
        /subsystem=undertow/application-security-domain=other:add(security-domain=ApplicationDomain)
        /subsystem=elytron/key-store=CoordKS:add(relative-to=jboss.server.config.dir,path=sso.ks,credential-reference={clear-text=qwerty})
        /subsystem=undertow/application-security-domain=other/setting=single-sign-on:add(key-store=CoordKS,key-alias=sso,credential-reference={clear-text=qwerty},path="/",secure=true,http-only=true)
        reload
      1. cli commands for wildfly 26.1
        /subsystem=elytron/key-store=CoordKS:add(relative-to=jboss.server.config.dir,path=sso.ks,credential-reference={clear-text=qwerty})
        /subsystem=undertow/application-security-domain=other/setting=single-sign-on:add(key-store=CoordKS,key-alias=sso,credential-reference={clear-text=qwerty},path="/",secure=true,http-only=true)
        reload

      #run the test  again
      $ bash ./runtest.sh
      expected output
            multivaluedmap value='null'
                      form value='null'
                 formparam value='VALUE'
                  injected value='VALUE'

      Note that in web.xml the url-pattern under security-constraint does not even have to match the path used.
      Also note that if you play the security-constraint / login-config in web.xml you get different results.
      Java8 have been used throughout.

       

        1. multivaluedmaptest.zip
          7 kB

              fjuma1@redhat.com Farah Juma
              pjn@ismobile.com Peter Jonsson (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: