AsynContext.dispatch() with encoded URI

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

AsynContext.dispatch() with encoded URI

Rossen Stoyanchev-3
hi,

The spec says:

"If the AsyncContext was initialized via the startAsync(ServletRequest,
ServletResponse) and the request passed is an instance of
HttpServletRequest , then the dispatch is to the URI returned by
HttpServletRequest.getRequestURI()"

However AsyncContextImpl seems to be using the servletPath:
https://github.com/apache/tomcat/blob/9af8708d7ea3817df47f34146a6ff802d96980fa/java/org/apache/catalina/core/AsyncContextImpl.java#L156-L163

So given a URL with an encoded slash (and
UDecoder.ALLOW_ENCODED_SLASH=true):
/foo/vv%2F1234/add/2

The dispatch ends up going to:
/foo/vv/1234/add/2

Is this intentional? It contradicts the spec.

Thanks,
Rossen
Reply | Threaded
Open this post in threaded view
|

Re: AsynContext.dispatch() with encoded URI

markt
On 13/06/17 21:30, Rossen Stoyanchev wrote:

> hi,
>
> The spec says:
>
> "If the AsyncContext was initialized via the startAsync(ServletRequest,
> ServletResponse) and the request passed is an instance of
> HttpServletRequest , then the dispatch is to the URI returned by
> HttpServletRequest.getRequestURI()"
>
> However AsyncContextImpl seems to be using the servletPath:
> https://github.com/apache/tomcat/blob/9af8708d7ea3817df47f34146a6ff802d96980fa/java/org/apache/catalina/core/AsyncContextImpl.java#L156-L163
>
> So given a URL with an encoded slash (and
> UDecoder.ALLOW_ENCODED_SLASH=true):
> /foo/vv%2F1234/add/2
>
> The dispatch ends up going to:
> /foo/vv/1234/add/2
>
> Is this intentional? It contradicts the spec.

The commit that introduced this change is:
https://svn.apache.org/viewvc?view=revision&revision=1497474

The fix to ServletRequest.getContextPath() was made a little later:
https://svn.apache.org/viewvc?view=revision&revision=1593621

This looks like a fairly minor bug that should be an easy fix. Please
open a bugzilla issue for this.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: AsynContext.dispatch() with encoded URI

Rossen Stoyanchev-3
Issue created https://bz.apache.org/bugzilla/show_bug.cgi?id=61185.

On Tue, Jun 13, 2017 at 6:25 PM, Mark Thomas <[hidden email]> wrote:

> On 13/06/17 21:30, Rossen Stoyanchev wrote:
> > hi,
> >
> > The spec says:
> >
> > "If the AsyncContext was initialized via the startAsync(ServletRequest,
> > ServletResponse) and the request passed is an instance of
> > HttpServletRequest , then the dispatch is to the URI returned by
> > HttpServletRequest.getRequestURI()"
> >
> > However AsyncContextImpl seems to be using the servletPath:
> > https://github.com/apache/tomcat/blob/9af8708d7ea3817df47f34146a6ff8
> 02d96980fa/java/org/apache/catalina/core/AsyncContextImpl.java#L156-L163
> >
> > So given a URL with an encoded slash (and
> > UDecoder.ALLOW_ENCODED_SLASH=true):
> > /foo/vv%2F1234/add/2
> >
> > The dispatch ends up going to:
> > /foo/vv/1234/add/2
> >
> > Is this intentional? It contradicts the spec.
>
> The commit that introduced this change is:
> https://svn.apache.org/viewvc?view=revision&revision=1497474
>
> The fix to ServletRequest.getContextPath() was made a little later:
> https://svn.apache.org/viewvc?view=revision&revision=1593621
>
> This looks like a fairly minor bug that should be an easy fix. Please
> open a bugzilla issue for this.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>