I have a webapp with form-based authentication (i.e j_security_check), running on wildfly 13. If username or password contains non-ascii characters (e.g. german umlauts 'ö'), undertow seems to use the default ISO-8859-1 encoding to parse the form data, even if the default encoding has been explicitly configured in standalone.xml:
<servlet-container name="default" default-encoding="UTF-8">
<jsp-config/>
<websockets/>
</servlet-container>
as well as
<http-listener name="default" socket-binding="http" max-post-size="10000000000" redirect-socket="https" enable-http2="true" url-charset="UTF-8"/>
Further debugging has led me to DeploymentManagerImpl.setupSecurityHandlers(HttpHandler), which seems to have a coding flaw:
if (reqEncoding == null) {
deploymentInfo.getDefaultEncoding();
}
Not sure, but might should look like
if (reqEncoding == null) {
reqEncoding = deploymentInfo.getDefaultEncoding();
}
The workaround I have in place for now is to use a ServletExtension that explicitly sets the default request encoding on the DeploymentInfo.