diff --git a/servlet/security-form-based/src/main/webapp/WEB-INF/web.xml b/servlet/security-form-based/src/main/webapp/WEB-INF/web.xml index 7bf9cb0c5..3a9f4459e 100644 --- a/servlet/security-form-based/src/main/webapp/WEB-INF/web.xml +++ b/servlet/security-form-based/src/main/webapp/WEB-INF/web.xml @@ -54,7 +54,7 @@ SecurityConstraint - /* + *.jsp g1 diff --git a/servlet/security-form-based/src/main/webapp/form.html b/servlet/security-form-based/src/main/webapp/form.html new file mode 100644 index 000000000..8137de605 --- /dev/null +++ b/servlet/security-form-based/src/main/webapp/form.html @@ -0,0 +1,21 @@ + + + + Sample form + + +

Example

+

+ Submit your data, you must see your data after login.

+

This example make a test with a single parameter. + If you submit more parameters, only one (the last in the post body) is corrupted

+ +

You must be logged out to test the bug, because the bug is in the authenticator

+ +
+ + + +
+ + \ No newline at end of file diff --git a/servlet/security-form-based/src/main/webapp/receive.jsp b/servlet/security-form-based/src/main/webapp/receive.jsp new file mode 100644 index 000000000..d256b4d88 --- /dev/null +++ b/servlet/security-form-based/src/main/webapp/receive.jsp @@ -0,0 +1,33 @@ +<%@page + contentType="text/html; charset=UTF-8" + language="java" + pageEncoding="UTF-8" + import="java.nio.charset.StandardCharsets" +%><% + +String param = request.getParameter("name"); +if (param == null) { + param = ""; +} +int paramLength = param.length(); +byte[] paramData = param.getBytes(StandardCharsets.UTF_8); +int paramDataLength = paramData.length; +%> + + + +Receiving parameters via post + + + +

Here you should see the data you entered in the previous form.

+

the bug makes the last parameter to contain a lot of junk (zeros) at the end

+ + +Hello <%= param %>
+paramLegnth <%= paramLength %>
+paramDataLength <%= paramDataLength %> + + + + diff --git a/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java b/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java index ec0893939..131b8c3a4 100644 --- a/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java +++ b/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java @@ -22,6 +22,7 @@ import com.gargoylesoftware.htmlunit.html.HtmlPage; import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput; + /** * @author Arun Gupta */ @@ -32,8 +33,8 @@ public class FormTest { @ArquillianResource private URL base; + private WebClient webClient; - private HtmlForm loginForm; @Deployment(testable = false) public static WebArchive createDeployment() { @@ -44,26 +45,27 @@ public static WebArchive createDeployment() { .addAsWebResource(new File(WEBAPP_SRC, "index.jsp")) .addAsWebResource(new File(WEBAPP_SRC, "loginerror.jsp")) .addAsWebResource(new File(WEBAPP_SRC, "loginform.jsp")) + .addAsWebResource(new File(WEBAPP_SRC, "form.html")) + .addAsWebResource(new File(WEBAPP_SRC, "receive.jsp")) .addAsWebInfResource(new File(WEBAPP_SRC + "/WEB-INF", "web.xml")) .addAsWebInfResource(new File(WEBAPP_SRC + "/WEB-INF", "glassfish-web.xml")); } @Before public void setup() throws IOException { - WebClient webClient = new WebClient(); - HtmlPage page = webClient.getPage(base + "/index.jsp"); - loginForm = page.getForms().get(0); + webClient = new WebClient(); } @After public void tearDown() { - WebClient webClient = loginForm.getPage().getWebClient(); webClient.getCookieManager().clearCookies(); webClient.close(); } @Test public void testGetWithCorrectCredentials() throws Exception { + HtmlPage loginPage = webClient.getPage(base + "/index.jsp"); + HtmlForm loginForm = loginPage.getForms().get(0); loginForm.getInputByName("j_username").setValueAttribute("u1"); loginForm.getInputByName("j_password").setValueAttribute("p1"); HtmlSubmitInput submitButton = loginForm.getInputByName("submitButton"); @@ -74,6 +76,8 @@ public void testGetWithCorrectCredentials() throws Exception { @Test public void testGetWithIncorrectCredentials() throws Exception { + HtmlPage page = webClient.getPage(base + "/index.jsp"); + HtmlForm loginForm = page.getForms().get(0); loginForm.getInputByName("j_username").setValueAttribute("random"); loginForm.getInputByName("j_password").setValueAttribute("random"); HtmlSubmitInput submitButton = loginForm.getInputByName("submitButton"); @@ -81,4 +85,28 @@ public void testGetWithIncorrectCredentials() throws Exception { assertEquals("Form-Based Login Error Page", page2.getTitleText()); } + @Test + public void testMaintainPostParamsAfterAuth() throws Exception { + + String PARAM_VALUE = "example"; + String PARAM_LENGTH = Integer.toString(PARAM_VALUE.length()); + + // Unauthenticated page + HtmlPage unauthenticatedPage = webClient.getPage(base + "/form.html"); + HtmlForm unauthenticatedForm = unauthenticatedPage.getForms().get(0); + unauthenticatedForm.getInputByName("name").setValueAttribute(PARAM_VALUE); + HtmlSubmitInput unauthenticatedSubmitButton = unauthenticatedForm.getInputByValue("Submit"); + + // we request an protected page, so we are presented the login page. + HtmlPage loginPage = unauthenticatedSubmitButton.click(); + HtmlForm loginForm = loginPage.getForms().get(0); + loginForm.getInputByName("j_username").setValueAttribute("u1"); + loginForm.getInputByName("j_password").setValueAttribute("p1"); + HtmlSubmitInput submitButton = loginForm.getInputByName("submitButton"); + + HtmlPage receivePage = submitButton.click(); + assertEquals(PARAM_LENGTH, receivePage.getElementById("paramLength").getTextContent()); + assertEquals(PARAM_LENGTH, receivePage.getElementById("arrayLength").getTextContent()); + assertEquals(PARAM_VALUE, receivePage.getElementById("param").getTextContent()); + } }