4 Replies Latest reply on Nov 19, 2008 10:49 AM by dicr

    Jboss 5.0.0.CR1 and CR2: web-app authentification cause brok

    dicr

      I write simple webapp, containing 2 files:

      WEB-INF/web.xml:

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      >
       <!--security-constraint>
       <web-resource-collection>
       <web-resource-name>all</web-resource-name>
       <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
       <role-name>user</role-name>
       </auth-constraint>
       </security-constraint-->
       <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>STAT</realm-name>
       </login-config>
       <security-role>
       <role-name>user</role-name>
       </security-role>
      </web-app>
      

      and charset test page from http://wiki.apache.org/tomcat/FAQ/CharacterEncoding#Q4:

      <%@ page contentType="text/html; charset=UTF-8" %>
      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
      <html>
       <body>
       Data posted to this form was:
       <%
       request.setCharacterEncoding("UTF-8");
       out.print(request.getParameter("mydata"));
       %>
      
       <form method="GET" action="index.jsp>
       <input type="text" name="mydata">
       <input type="submit" value="Submit" />
       <input type="reset" value="Reset" />
       </form>
       </body>
      </html>
      

      After deploying it to JBoss 5 all work fine.
      Tomcat FAQ noted:
      The following sample JSP should work on a clean Tomcat install for any input. If you set the URIEncoding="UTF-8" on the connector, it will also work with method="GET".


      But, when uncomment security-contstraint section in web.xml and pass authentication, text, posted in form start to be appear in broken charset (possibly in ISO-8859-5), but not in UTF-8.

      This error is critical for enterprise users, which use non-ASCII characters. And, I think, it appear starting from RC-releases of JBoss.

      Code:
      equest.setCharacterEncoding("UTF-8")
      can't modify character encoding after first access of the request object. I tried to use request filter servlet to specify request charset, but seems authentication modules access request object before my filter.