Bug 977761 - PLINK2-25 characterEncoding parameter not used in for Post Requests in ServiceProviderAuthenticator
PLINK2-25 characterEncoding parameter not used in for Post Requests in Servic...
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: PicketLink (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Tom Fonteyne
Josef Cacek
Depends On:
Blocks: 977766
  Show dependency treegraph
Reported: 2013-06-25 05:35 EDT by Tom Fonteyne
Modified: 2013-12-15 07:45 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A timing issue was found in Picketlink which resulted in parameters being read from post requests in the ServiceProviderAuthenticator using the default encoding instead of the desired encoding. The issue was caused when PicketLink read its parameters before the Tomcat valve had set the encoding. To resolve this issue the encoding has been moved so that it is the very first step in the `authenticate` method.
Story Points: ---
Clone Of:
Last Closed: 2013-06-25 08:03:19 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Apache JIRA PLINK2-25 None None None Never

  None (edit)
Description Tom Fonteyne 2013-06-25 05:35:55 EDT


The authenticate(..) method read parameters from the request before the character encoding is set by it's super method.
By the time super sets it, it's to late and application will be using the wrong encoding.

265 public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
282 String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY);
283 String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
306 return localAuthentication(request, response, loginConfig);

which in turn does:

337 return super.authenticate(request, response, loginConfig);

and the tomcat valve:

if (characterEncoding != null) {

So PicketLink read its parameters before the tomcat valve has a chance to set the encoding by which time it's to late.



if (characterEncoding != null) {

as the first action in the PicketLink authenticate(..) method
Comment 1 Tom Fonteyne 2013-06-25 05:40:16 EDT
resolved in PicketLink 2.1.8

Will mark this bug as resolved once the pull-request is merged.

Comment 2 Russell Dickenson 2013-11-20 20:02:34 EST
Release notes text added for inclusion in the JBoss EAP 6.2.0 Release Notes.

Note You need to log in before you can comment on or make changes to this bug.