From 6b3d0eac4024a724f86b6f4cbe64be139ef8bda1 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Sat, 18 Apr 2009 07:35:34 +0000 Subject: [PATCH] SEC-1111: Fix for "java.io.CharConversionException: Not an ISO 8859-1 character". Use response.getWriter() instead of printing to ServletOutputStream. --- .../DefaultLoginPageGeneratingFilter.java | 2 +- ...DefaultLoginPageGeneratingFilterTests.java | 22 +++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/web/src/main/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilter.java index 8ae3b65c48..2874b8cfe1 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilter.java @@ -77,7 +77,7 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter { String loginPageHtml = generateLoginPageHtml(request); response.setContentType("text/html;charset=UTF-8"); response.setContentLength(loginPageHtml.length()); - response.getOutputStream().print(loginPageHtml); + response.getWriter().write(loginPageHtml); return; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java index d1f1b25905..ae23c1bb09 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java @@ -2,15 +2,22 @@ package org.springframework.security.web.authentication; import static org.mockito.Mockito.mock; +import java.io.IOException; +import java.util.Locale; + import javax.servlet.FilterChain; +import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.junit.Test; +import org.springframework.context.support.MessageSourceAccessor; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.security.web.FilterChainOrder; import org.springframework.security.web.authentication.AbstractProcessingFilter; import org.springframework.security.web.authentication.AuthenticationProcessingFilter; @@ -57,4 +64,19 @@ public class DefaultLoginPageGeneratingFilterTests { return "unused"; } } + + /* SEC-1111 */ + @Test + public void handlesNonIso8859CharsInErrorMessage() throws Exception { + DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new AuthenticationProcessingFilter()); + MockHttpServletRequest request = new MockHttpServletRequest("GET", "/spring_security_login"); + request.addParameter("login_error", "true"); + MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); + String message = messages.getMessage( + "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials", Locale.KOREA); + System.out.println("Message: " + message); + request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, new BadCredentialsException(message)); + + filter.doFilter(request, new MockHttpServletResponse(), chain); + } }