You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Terence Kent <te...@gmail.com> on 2014/02/24 03:56:07 UTC

JAX-RS issue in 2.6.13 w/JSESSIONID as a path parameter

I'm running into an easy-to-recreate issue where REST paths that end with a "/" will not be handled correctly if a JSESSIONID path parameter is included.

For example, take the following three query URLs:

	(1) http://localhost:8080/api/people/;JSESSIONID=xxx
	(2) http://localhost:8080/api/people/available;JSESSIONID=xxx
	(3) http://localhost:8080/api/people;JSESSIONID=xxx

(1) Will result in a WebApplicationException being thrown due to being unable to correctly parse parameters. (2) Will work just fine. (3) Will also work just fine.

This seems like a straightforward bug, but I'm surprised nobody else has run into it. I've also seen the following similar bug reports, all of which are already fixed:

	https://issues.apache.org/jira/browse/CXF-3573 (from 2011)
	https://issues.apache.org/jira/browse/CXF-5347 (from 2013)

Before I file an issue in JIRA, I wanted to do a quick sanity check in case I'm missing anything obvious. I have a sample service class that shows the issue with the following annotations:

@Path("/people/")
@Consumes("application/json")
@Produces("application/json")
public class PersonService {
  
  @Inject @Named("personDAO") protected PersonDAO pDAO;

  @GET
  @Path("/")
  public List<Person> getAll(){    
    return pDAO.getAll();
  }

  @GET
  @Path("/available")
  public List<Person> getAll(){    
    return pDAO.getAll();
  }
}

(The server address is a simple "/".)

Thanks in advance,
Terence

P.S. I'm happy to send along a very small project which demonstrates the issue if that would be helpful.

Re: JAX-RS issue in 2.6.13 w/JSESSIONID as a path parameter

Posted by Terence Kent <te...@gmail.com>.

Sergey,

Thanks for the quick response. I've added https://issues.apache.org/jira/browse/CXF-5577 and attached a small project that shows the issue.

Terence
 
On Feb 24, 2014, at 4:37 AM, Sergey Beryozkin <sb...@gmail.com> wrote:

> Hi
> 
> I've added a couple of tests:
> 
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commit;h=4a7e6b8f
> 
> Can you please create a JIRA and attach a test project ?
> 
> Thanks, Sergey
> 
> On 24/02/14 02:56, Terence Kent wrote:
>> I'm running into an easy-to-recreate issue where REST paths that end with a "/" will not be handled correctly if a JSESSIONID path parameter is included.
>> 
>> For example, take the following three query URLs:
>> 
>> 	(1) http://localhost:8080/api/people/;JSESSIONID=xxx
>> 	(2) http://localhost:8080/api/people/available;JSESSIONID=xxx
>> 	(3) http://localhost:8080/api/people;JSESSIONID=xxx
>> 
>> (1) Will result in a WebApplicationException being thrown due to being unable to correctly parse parameters. (2) Will work just fine. (3) Will also work just fine.
>> 
>> This seems like a straightforward bug, but I'm surprised nobody else has run into it. I've also seen the following similar bug reports, all of which are already fixed:
>> 
>> 	https://issues.apache.org/jira/browse/CXF-3573 (from 2011)
>> 	https://issues.apache.org/jira/browse/CXF-5347 (from 2013)
>> 
>> Before I file an issue in JIRA, I wanted to do a quick sanity check in case I'm missing anything obvious. I have a sample service class that shows the issue with the following annotations:
>> 
>> @Path("/people/")
>> @Consumes("application/json")
>> @Produces("application/json")
>> public class PersonService {
>> 
>>   @Inject @Named("personDAO") protected PersonDAO pDAO;
>> 
>>   @GET
>>   @Path("/")
>>   public List<Person> getAll(){
>>     return pDAO.getAll();
>>   }
>> 
>>   @GET
>>   @Path("/available")
>>   public List<Person> getAll(){
>>     return pDAO.getAll();
>>   }
>> }
>> 
>> (The server address is a simple "/".)
>> 
>> Thanks in advance,
>> Terence
>> 
>> P.S. I'm happy to send along a very small project which demonstrates the issue if that would be helpful.
>> 
>

Re: JAX-RS issue in 2.6.13 w/JSESSIONID as a path parameter

Posted by Sergey Beryozkin <sb...@gmail.com>.

Hi

I've added a couple of tests:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commit;h=4a7e6b8f

Can you please create a JIRA and attach a test project ?

Thanks, Sergey

On 24/02/14 02:56, Terence Kent wrote:
> I'm running into an easy-to-recreate issue where REST paths that end with a "/" will not be handled correctly if a JSESSIONID path parameter is included.
>
> For example, take the following three query URLs:
>
> 	(1) http://localhost:8080/api/people/;JSESSIONID=xxx
> 	(2) http://localhost:8080/api/people/available;JSESSIONID=xxx
> 	(3) http://localhost:8080/api/people;JSESSIONID=xxx
>
> (1) Will result in a WebApplicationException being thrown due to being unable to correctly parse parameters. (2) Will work just fine. (3) Will also work just fine.
>
> This seems like a straightforward bug, but I'm surprised nobody else has run into it. I've also seen the following similar bug reports, all of which are already fixed:
>
> 	https://issues.apache.org/jira/browse/CXF-3573 (from 2011)
> 	https://issues.apache.org/jira/browse/CXF-5347 (from 2013)
>
> Before I file an issue in JIRA, I wanted to do a quick sanity check in case I'm missing anything obvious. I have a sample service class that shows the issue with the following annotations:
>
> @Path("/people/")
> @Consumes("application/json")
> @Produces("application/json")
> public class PersonService {
>
>    @Inject @Named("personDAO") protected PersonDAO pDAO;
>
>    @GET
>    @Path("/")
>    public List<Person> getAll(){
>      return pDAO.getAll();
>    }
>
>    @GET
>    @Path("/available")
>    public List<Person> getAll(){
>      return pDAO.getAll();
>    }
> }
>
> (The server address is a simple "/".)
>
> Thanks in advance,
> Terence
>
> P.S. I'm happy to send along a very small project which demonstrates the issue if that would be helpful.
>