0 Replies Latest reply on Aug 7, 2018 2:42 PM by Bernhard Ableitinger

    Wildfly/Undertow doesn't consider configured default encoding for form-based auth requests?

    Bernhard Ableitinger Newbie

      I have a webapp with form-based authentication (i.e j_security_check), running on wildfly 13. If username or password contains non-ascii characters (e.g. german umlauts 'ö'), undertow seems to use the default ISO-8859-1 encoding to parse the form data, even if the default encoding has been explicitly configured in standalone.xml:

       

      <servlet-container name="default" default-encoding="UTF-8">

                      <jsp-config/>

                      <websockets/>

      </servlet-container>

       

      as well as

       

      <http-listener name="default" socket-binding="http" max-post-size="10000000000" redirect-socket="https" enable-http2="true" url-charset="UTF-8"/>

       

      Further debugging has led me to DeploymentManagerImpl.setupSecurityHandlers(HttpHandler), which seems to have a coding flaw:

       

      if (reqEncoding == null) {

           deploymentInfo.getDefaultEncoding();

      }

       

      Not sure, but might should look like

       

      if (reqEncoding == null) {

           reqEncoding = deploymentInfo.getDefaultEncoding();

      }

       

      The workaround I have in place for now is to use a ServletExtension that explicitly sets the default request encoding on the DeploymentInfo.