From 69d8b8780226e81dbc0aaf85ef2021f0b226cb71 Mon Sep 17 00:00:00 2001
From: Alberto Fernandez <infjaf@gmail.com>
Date: Fri, 26 Jan 2018 19:30:44 +0100
Subject: [PATCH 1/2] First attemp to reproduce parameter corruption in Payara

See https://github.com/payara/Payara/issues/2318 for mor details.

I've reproduced the bug in Payara 4.1.2.174, but this first version on
Arquillian works as expected.
---
 .../src/main/webapp/WEB-INF/web.xml           |  2 +-
 .../src/main/webapp/form.html                 | 20 ++++++++++
 .../src/main/webapp/receive.jsp               | 33 ++++++++++++++++
 .../servlet/security/form/based/FormTest.java | 38 ++++++++++++++++---
 4 files changed, 87 insertions(+), 6 deletions(-)
 create mode 100644 servlet/security-form-based/src/main/webapp/form.html
 create mode 100644 servlet/security-form-based/src/main/webapp/receive.jsp

diff --git a/servlet/security-form-based/src/main/webapp/WEB-INF/web.xml b/servlet/security-form-based/src/main/webapp/WEB-INF/web.xml
index 7bf9cb0c5..3a9f4459e 100644
--- a/servlet/security-form-based/src/main/webapp/WEB-INF/web.xml
+++ b/servlet/security-form-based/src/main/webapp/WEB-INF/web.xml
@@ -54,7 +54,7 @@
     <security-constraint>
         <web-resource-collection>
             <web-resource-name>SecurityConstraint</web-resource-name>
-            <url-pattern>/*</url-pattern>
+            <url-pattern>*.jsp</url-pattern>
         </web-resource-collection>
         <auth-constraint>
             <role-name>g1</role-name>
diff --git a/servlet/security-form-based/src/main/webapp/form.html b/servlet/security-form-based/src/main/webapp/form.html
new file mode 100644
index 000000000..6ecc66593
--- /dev/null
+++ b/servlet/security-form-based/src/main/webapp/form.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<title>Sample form</title>
+	</head>	
+	<body>
+		<h1>Example</h1>
+		<p>
+		Submit your data, you must see your data after login.</p>
+		<p>This example make a test with a single parameter.
+		If you submit more parameters, only one (the last in the post body) is corrupted</p>
+		
+		<p>You must be logged out to test the bug, because the bug is in the authenticator</p>
+		
+		<form method="POST" action="receive.jsp" name="form">
+			<input type="text" id="name" name="name" value="example"/>
+			<input name="submitButton" type="submit" value="Submit"/>		
+		</form>	
+	</body>
+</html>
\ No newline at end of file
diff --git a/servlet/security-form-based/src/main/webapp/receive.jsp b/servlet/security-form-based/src/main/webapp/receive.jsp
new file mode 100644
index 000000000..98ef0d677
--- /dev/null
+++ b/servlet/security-form-based/src/main/webapp/receive.jsp
@@ -0,0 +1,33 @@
+<%@page 
+    contentType="text/html; charset=UTF-8"
+    language="java"
+    pageEncoding="UTF-8"
+    import="java.nio.charset.StandardCharsets"
+%><%
+
+String param = request.getParameter("name");
+if (param == null) {
+	param = "";
+}
+int paramLength = param.length();
+byte[] paramData = param.getBytes(StandardCharsets.UTF_8);
+int paramDataLength = paramData.length;
+%>
+<!DOCTYPE html>
+<html>
+<head>
+<title>Receiving parameters via post</title>
+</head>
+<body>
+
+<p>Here you should see the data you entered in the previous form.</p>
+<p>the bug makes the last parameter to contain a lot of junk (zeros) at the end</p>
+
+
+Hello <span id="param"><%= param %></span><br/>
+paramLegnth <span id="paramLength"><%= paramLength %></span>
+paramDataLength <span id="arrayLength"><%= paramDataLength %></span>
+
+
+</body>
+</html>
diff --git a/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java b/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java
index 5fae84683..8bd1585f7 100644
--- a/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java
+++ b/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java
@@ -22,6 +22,7 @@
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
 
+
 /**
  * @author Arun Gupta
  */
@@ -32,8 +33,8 @@ public class FormTest {
 
     @ArquillianResource
     private URL base;
+    private WebClient webClient;
 
-    private HtmlForm loginForm;
 
     @Deployment(testable = false)
     public static WebArchive createDeployment() {
@@ -44,26 +45,27 @@ public static WebArchive createDeployment() {
             .addAsWebResource(new File(WEBAPP_SRC, "index.jsp"))
             .addAsWebResource(new File(WEBAPP_SRC, "loginerror.jsp"))
             .addAsWebResource(new File(WEBAPP_SRC, "loginform.jsp"))
+            .addAsWebResource(new File(WEBAPP_SRC, "form.html"))
+            .addAsWebResource(new File(WEBAPP_SRC, "receive.jsp"))
             .addAsWebInfResource(new File(WEBAPP_SRC + "/WEB-INF", "web.xml"))
             .addAsWebInfResource(new File(WEBAPP_SRC + "/WEB-INF", "glassfish-web.xml"));
     }
 
     @Before
     public void setup() throws IOException {
-        WebClient webClient = new WebClient();
-        HtmlPage page = webClient.getPage(base + "/index.jsp");
-        loginForm = page.getForms().get(0);
+    	webClient = new WebClient();
     }
     
     @After
     public void tearDown() {
-        WebClient webClient = loginForm.getPage().getWebClient();
         webClient.getCookieManager().clearCookies();
         webClient.closeAllWindows();
     }
 
     @Test
     public void testGetWithCorrectCredentials() throws Exception {
+    	HtmlPage loginPage = webClient.getPage(base + "/index.jsp");
+    	HtmlForm loginForm = loginPage.getForms().get(0);
         loginForm.getInputByName("j_username").setValueAttribute("u1");
         loginForm.getInputByName("j_password").setValueAttribute("p1");
         HtmlSubmitInput submitButton = loginForm.getInputByName("submitButton");
@@ -74,6 +76,8 @@ public void testGetWithCorrectCredentials() throws Exception {
 
     @Test
     public void testGetWithIncorrectCredentials() throws Exception {
+    	HtmlPage page = webClient.getPage(base + "/index.jsp");
+    	HtmlForm loginForm = page.getForms().get(0);
         loginForm.getInputByName("j_username").setValueAttribute("random");
         loginForm.getInputByName("j_password").setValueAttribute("random");
         HtmlSubmitInput submitButton = loginForm.getInputByName("submitButton");
@@ -81,4 +85,28 @@ public void testGetWithIncorrectCredentials() throws Exception {
 
         assertEquals("Form-Based Login Error Page", page2.getTitleText());
     }
+    @Test
+    public void testMaintainPostParamsAfterAuth() throws Exception {
+        
+        String PARAM_VALUE = "example11";
+        String PARAM_LENGTH = Integer.toString(PARAM_VALUE.length());
+    	
+        // Unauthenticated page
+    	HtmlPage unauthenticatedPage = webClient.getPage(base + "/form.html");
+    	HtmlForm unauthenticatedForm = unauthenticatedPage.getForms().get(0);
+    	unauthenticatedForm.getInputByName("name").setValueAttribute(PARAM_VALUE);
+    	HtmlSubmitInput unauthenticatedSubmitButton = unauthenticatedForm.getInputByName("submitButton");
+    	
+    	// we request an protected page, so we are presented the login page.    	
+    	HtmlPage loginPage = unauthenticatedSubmitButton.click();
+    	HtmlForm loginForm = loginPage.getForms().get(0);
+        loginForm.getInputByName("j_username").setValueAttribute("u1");
+        loginForm.getInputByName("j_password").setValueAttribute("p1");
+        HtmlSubmitInput submitButton = loginForm.getInputByName("submitButton");
+        
+        HtmlPage receivePage = submitButton.click();        
+        assertEquals(PARAM_VALUE, receivePage.getElementById("param").getTextContent());
+        assertEquals(PARAM_LENGTH, receivePage.getElementById("paramLength").getTextContent());
+        assertEquals(PARAM_LENGTH, receivePage.getElementById("arrayLength").getTextContent());
+    }
 }

From 3a557d529bb2cf0c5751e6e9e0f616fdd7c0102e Mon Sep 17 00:00:00 2001
From: Alberto Fernandez <infjaf@gmail.com>
Date: Mon, 29 Jan 2018 00:45:43 +0100
Subject: [PATCH 2/2] Fix the test to reproduce payara bug

https://github.com/payara/Payara/issues/2318
---
 servlet/security-form-based/src/main/webapp/form.html       | 3 ++-
 servlet/security-form-based/src/main/webapp/receive.jsp     | 2 +-
 .../org/javaee7/servlet/security/form/based/FormTest.java   | 6 +++---
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/servlet/security-form-based/src/main/webapp/form.html b/servlet/security-form-based/src/main/webapp/form.html
index 6ecc66593..8137de605 100644
--- a/servlet/security-form-based/src/main/webapp/form.html
+++ b/servlet/security-form-based/src/main/webapp/form.html
@@ -14,7 +14,8 @@ <h1>Example</h1>
 		
 		<form method="POST" action="receive.jsp" name="form">
 			<input type="text" id="name" name="name" value="example"/>
-			<input name="submitButton" type="submit" value="Submit"/>		
+			<!--  No name attribute for submit, we want to test only (and only) one parameter -->
+			<input type="submit" value="Submit"/>		
 		</form>	
 	</body>
 </html>
\ No newline at end of file
diff --git a/servlet/security-form-based/src/main/webapp/receive.jsp b/servlet/security-form-based/src/main/webapp/receive.jsp
index 98ef0d677..d256b4d88 100644
--- a/servlet/security-form-based/src/main/webapp/receive.jsp
+++ b/servlet/security-form-based/src/main/webapp/receive.jsp
@@ -25,7 +25,7 @@ int paramDataLength = paramData.length;
 
 
 Hello <span id="param"><%= param %></span><br/>
-paramLegnth <span id="paramLength"><%= paramLength %></span>
+paramLegnth <span id="paramLength"><%= paramLength %></span><br/>
 paramDataLength <span id="arrayLength"><%= paramDataLength %></span>
 
 
diff --git a/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java b/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java
index 8bd1585f7..0bd8d6831 100644
--- a/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java
+++ b/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java
@@ -88,14 +88,14 @@ public void testGetWithIncorrectCredentials() throws Exception {
     @Test
     public void testMaintainPostParamsAfterAuth() throws Exception {
         
-        String PARAM_VALUE = "example11";
+        String PARAM_VALUE = "example";
         String PARAM_LENGTH = Integer.toString(PARAM_VALUE.length());
     	
         // Unauthenticated page
     	HtmlPage unauthenticatedPage = webClient.getPage(base + "/form.html");
     	HtmlForm unauthenticatedForm = unauthenticatedPage.getForms().get(0);
     	unauthenticatedForm.getInputByName("name").setValueAttribute(PARAM_VALUE);
-    	HtmlSubmitInput unauthenticatedSubmitButton = unauthenticatedForm.getInputByName("submitButton");
+    	HtmlSubmitInput unauthenticatedSubmitButton = unauthenticatedForm.getInputByValue("Submit");
     	
     	// we request an protected page, so we are presented the login page.    	
     	HtmlPage loginPage = unauthenticatedSubmitButton.click();
@@ -105,8 +105,8 @@ public void testMaintainPostParamsAfterAuth() throws Exception {
         HtmlSubmitInput submitButton = loginForm.getInputByName("submitButton");
         
         HtmlPage receivePage = submitButton.click();        
-        assertEquals(PARAM_VALUE, receivePage.getElementById("param").getTextContent());
         assertEquals(PARAM_LENGTH, receivePage.getElementById("paramLength").getTextContent());
         assertEquals(PARAM_LENGTH, receivePage.getElementById("arrayLength").getTextContent());
+        assertEquals(PARAM_VALUE, receivePage.getElementById("param").getTextContent());
     }
 }