Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Special character encoding issues with SingleSignOutFilter #16

Open
dpcasady opened this issue Jan 6, 2017 · 12 comments
Open

Special character encoding issues with SingleSignOutFilter #16

dpcasady opened this issue Jan 6, 2017 · 12 comments
Assignees
@guillermocalvo

Comments

@dpcasady
Copy link
Contributor

dpcasady commented Jan 6, 2017

The Grails default UTF-8 characterEncodingFilter no longer encodes special characters correctly in an app with the Spring Security CAS plugin.

I believe this is due to the SingleSignOutFilter's registration order being set to Ordered.HIGHEST_PRECEDENCE and thus being first in the filter chain instead of the encoding filter. Not that this is the solution, but by setting the SingleSignOutFilter's order to Ordered.HIGHEST_PRECEDENCE + 1, and customizing characterEncodingFilter with order Ordered.HIGHEST_PRECEDENCE seems to fix the problem.

This is most easily demonstrated by submitting a post request to a controller with special characters, e.g. ™, ®, etc. in it.
@flparedes
Copy link

I have the same problem, please fix this problem asap.

@sdelamo
Copy link
Contributor

sdelamo commented Oct 9, 2017
edited
Loading

@dpcasady could you submit a sample app so that I can fix it, create a test for it and release a new version?

@dpcasady
Copy link
Contributor Author

dpcasady commented Oct 12, 2017
edited
Loading

Here's a sample app:
https://github.com/dpcasady/grails-cas-encoding

Run the app and send some post data to it with special characters:

curl -dstring=® http://localhost:8080/application

The ApplicationController will echo the string param. With spring security cas, you'll see:

string: ®

If you disable spring security cas, you'll see string: ®.

@robertoschwald
Copy link

robertoschwald commented Nov 7, 2019
edited
Loading

This issue breaks UTF-8 completely in Grails 3.3.x.

Workaround:
In resources.groovy, reconfigure the registration bean to ensure the SSO filter comes after the characterEncodingFilter.

  singleSignOutFilterRegistrationBean(FilterRegistrationBean) {
    name = 'CAS Single Sign Out Filter'
    filter = ref('singleSignOutFilter')
    order = FilterRegistrationBean.REQUEST_WRAPPER_FILTER_MAX_ORDER + 11
  }

Ordered.HIGHEST_PRECEDENCE + 1 does not work, since CharacterEncodingFilter has order FilterRegistrationBean.REQUEST_WRAPPER_FILTER_MAX_ORDER + 10 in Grails 3.3.x

I really hope this will be fixed soon. This issue is open since 2017 and nobody took care so far.

@coig-prometeo-it
Copy link

Workaround update for grails 5.1.7. This work form me

import org.springframework.boot.web.servlet.FilterRegistrationBean
import org.springframework.boot.web.reactive.filter.OrderedWebFilter

...

singleSignOutFilterRegistrationBean( FilterRegistrationBean ) {
    name = 'CAS Single Sign Out Filter'
    filter = ref( 'singleSignOutFilter' )
    order = OrderedWebFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER + 11
}

@funcoleto
Copy link

A dia de hoy sigue sin arreglarse, la ñ pasa a ser à e igual que las letras acentuadas..

@guillermocalvo
Copy link
Contributor

I've checked out the provided sample app grails-cas-encoding and ran it locally. It seems to work totally fine as it is (no need to disable spring security cas):

$ curl -si -dstring=® http://localhost:8080/application

HTTP/1.1 200
X-Application-Context: application:development
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Date: Mon, 15 Jan 2024 09:56:47 GMT

string: ®

The controller returns a valid UTF-8 response, echoing the ® character. Both payload and headers look good to me.

Maybe your CLI application was not handling the response properly? 🤔

@funcoleto
Copy link

with sample app grails-cas-encoding

curl -si -dstring=® http://localhost:8080/application
HTTP/1.1 200
X-Application-Context: application:development
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Date: Mon, 15 Jan 2024 10:34:52 GMT

string: ®

It's the same problem..

@guillermocalvo
Copy link
Contributor

@funcoleto I believe the app is returning the correct response, but your command line application is not interpreting UTF-8 correctly.

Could you please run this test locally and tell us the response you get?

curl -s -dstring=`echo 'wq4=' | base64 -d` http://localhost:8080/application | base64

@funcoleto
Copy link

curl -s -dstring=echo 'wq4=' | base64 -d http://localhost:8080/application | base64
c3RyaW5nOiDDgsKuCg==

@guillermocalvo
Copy link
Contributor

@funcoleto Thanks for your help!

That's not the same response I get when I run it locally 🤔 Could you tell me which OS / JDK version are you using to run the app?

@funcoleto
Copy link

% grails --version
Grails Version: 6.1.1
JVM Version: 11.0.16

% sw_vers
ProductName: macOS
ProductVersion: 12.3.1
BuildVersion: 21E258

with java 17 is the some problem..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@guillermocalvo guillermocalvo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@sdelamo @guillermocalvo @dpcasady @robertoschwald @flparedes @coig-prometeo-it @funcoleto