Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.2.7.CR2, 7.2.7.GA
Affects Version/s: 7.2.z.GA
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
+
Target Release:

7.2.z.GA
Git Pull Request:
https://github.com/jbossas/redhat-picketlink-bindings/pull/68
Steps to Reproduce:

Hide

Create a test user with group membership in "user".

Use two attached reproducers (idp.war and reproducer.war) plus IDP and SP security-domains from:
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/how_to_set_up_sso_with_saml_v2/index#setting_up_idp
i'm attaching my standalone.xml with this configured also.

Then visit: http::<hostname:port>/reproducer, login and try to upload a file. A successful file upload will indicate 1 file uploaded, but failed ones show 0 files uploaded.

Show
Create a test user with group membership in "user". Use two attached reproducers (idp.war and reproducer.war) plus IDP and SP security-domains from: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/how_to_set_up_sso_with_saml_v2/index#setting_up_idp i'm attaching my standalone.xml with this configured also. Then visit: http::<hostname:port>/reproducer, login and try to upload a file. A successful file upload will indicate 1 file uploaded, but failed ones show 0 files uploaded.

SFDC Cases Counter:
SFDC Cases Links:

This is a followup to ~~JBEAP-18122~~ - https://issues.redhat.com/browse/JBEAP-18122

The issue is that if using Picketlink authentication handlers AND you call getParameter before reading from getInputStream then the input will be empty if the file size is over 20k. Also, you need to have the one-off patch from https://issues.redhat.com/browse/JBEAP-17878 if running against 7.2.5. 7.2.7 also has these changes.

Note this is the SAME test as in ~~JBEAP-18122~~ except the request.getParameter call prior to the getInputStream.

Attaching reproducer.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

idp.war
2020/01/14 12:36 PM
2 kB
Chris Dolphy
reproducer.war
2020/01/14 12:36 PM
147 kB
Chris Dolphy
Hide
reproducer.zip
2020/01/14 12:36 PM
658 kB
Chris Dolphy
Extracting archive...
Show
reproducer.zip
2020/01/14 12:36 PM
658 kB
Chris Dolphy
roles.properties
2020/01/14 12:37 PM
0.0 kB
Chris Dolphy
standalone.xml
2020/01/14 12:37 PM
29 kB
Chris Dolphy
users.properties
2020/01/14 12:37 PM
0.0 kB
Chris Dolphy

is cloned by

JBEAP-18505 [GSS](7.3.z) InputStream is empty if getParameter is called in deployment with Picketlink which causes fileupload to fail with sizes over 20k

Verified

is incorporated by

JBEAP-18504 [GSS](7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00011 to 2.5.5.SP12-redhat-00012

Closed

relates to

JBEAP-18122 [GSS](7.2.z) File upload (multipart) with Picketlink fails with sizes over 20k (using Apache Commons FileUpload)

Verified

Assignee:: Bartosz Spyrko-Smietanko

Reporter:: Chris Dolphy

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2020/01/14 12:35 PM

Updated:: 2023/03/22 8:10 AM

Resolved:: 2020/01/27 10:05 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates