I have a webapp with form-based authentication (i.e j_security_check), running on wildfly 13. If username or password contains non-ascii characters (e.g. german umlauts 'ö'), undertow seems to use the default ISO-8859-1 encoding to parse the form data, even if the default encoding has been explicitly configured in standalone.xml:

<servlet-container name="default" default-encoding="UTF-8">

                <jsp-config/>

                <websockets/>

</servlet-container>

as well as

<http-listener name="default" socket-binding="http" max-post-size="10000000000" redirect-socket="https" enable-http2="true" url-charset="UTF-8"/>

Further debugging has led me to DeploymentManagerImpl.setupSecurityHandlers(HttpHandler), which seems to have a coding flaw:

if (reqEncoding == null) {

     deploymentInfo.getDefaultEncoding();

}

Not sure, but might should look like

if (reqEncoding == null) {

     reqEncoding = deploymentInfo.getDefaultEncoding();

}

The workaround I have in place for now is to use a ServletExtension that explicitly sets the default request encoding on the DeploymentInfo.