Bug 977761
| Summary: | PLINK2-25 characterEncoding parameter not used in for Post Requests in ServiceProviderAuthenticator | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Tom Fonteyne <tfonteyn> |
| Component: | PicketLink | Assignee: | Tom Fonteyne <tfonteyn> |
| Status: | CLOSED UPSTREAM | QA Contact: | Josef Cacek <jcacek> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.1.0 | CC: | jcacek, myarboro, rdickens |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A timing issue was found in Picketlink which resulted in parameters being read from post requests in the ServiceProviderAuthenticator using the default encoding instead of the desired encoding. The issue was caused when PicketLink read its parameters before the Tomcat valve had set the encoding. To resolve this issue the encoding has been moved so that it is the very first step in the `authenticate` method.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-06-25 12:03:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 977766 | ||
resolved in PicketLink 2.1.8 Will mark this bug as resolved once the pull-request is merged. https://github.com/picketlink2/federation/pull/184 Release notes text added for inclusion in the JBoss EAP 6.2.0 Release Notes. |
PicketLink: picketlink-bindings/picketlink-tomcat-common/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/AbstractSPFormAuthenticator.java The authenticate(..) method read parameters from the request before the character encoding is set by it's super method. By the time super sets it, it's to late and application will be using the wrong encoding. 265 public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException { ... 282 String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY); 283 String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY); ... 306 return localAuthentication(request, response, loginConfig); which in turn does: 337 return super.authenticate(request, response, loginConfig); and the tomcat valve: if (characterEncoding != null) { request.setCharacterEncoding(characterEncoding); So PicketLink read its parameters before the tomcat valve has a chance to set the encoding by which time it's to late. Solution: Add: if (characterEncoding != null) { request.setCharacterEncoding(characterEncoding); } as the first action in the PicketLink authenticate(..) method