You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2014/02/25 14:02:20 UTC

[jira] [Comment Edited] (CXF-5577) WebApplicationException thrown w/JSESSIONID as a path parameter

    [ https://issues.apache.org/jira/browse/CXF-5577?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13911539#comment-13911539 ] 

Sergey Beryozkin edited comment on CXF-5577 at 2/25/14 1:01 PM:
----------------------------------------------------------------

It is a strange issue, took me a time to figure out what is going on.

Basically, what happens, when you have "/people/;a=b", is that a method with a "/{id/}/" also catches it.
So we start with "/people/;a=b" at the class level, the match produces a final "/;a=b" and as it happens, this matches two methods, one with "/", another one with "/{id/}/" cleanly, the latter is preferred because it has a template var which has the ";a=b" value.

I think there's some weakness in the way the specification recommends building the template expressions, it should probably explicitly disallow ";" characters (something I will raise separately) but for now if you do "/{id:(\d)+/}" then it will work correctly.

So in the end it is not a CXF issue,; it is to do with the JAX-RS template handling being too open with respect to ";"

Thanks, Sergey



was (Author: sergey_beryozkin):
It is a strange issue, took me a time to figure out what is going on.

Basically, what happens, when you have "/people/;a=b", is that a method with a "/{id}/" also catches it.
So we start with "/people/;a=b" at the class level, the match produces a final "/;a=b" and as it happens, this matches two methods, one with "/", another one with "/{id}/" cleanly, the latter is preferred because it has a template var which has the ";a=b" value.

I think there's some weakness in the way the specification recommends building the template expressions, it should probably explicitly disallow ";" characters (something I will raise separately) but for now if you do "/{id:(\d)+}" then it will work correctly.

So in the end it is not a CXF issue,; it is to do with the JAX-RS template handling being too open with respect to ";"

Thanks, Sergey


> WebApplicationException thrown w/JSESSIONID as a path parameter
> ---------------------------------------------------------------
>
>                 Key: CXF-5577
>                 URL: https://issues.apache.org/jira/browse/CXF-5577
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 2.6.13, 2.7.10
>            Reporter: Terence Kent
>              Labels: jax-rs, jsessionid
>         Attachments: bug-cxf-routing-jsessionid.zip
>
>
> (This issue was originally posted as a question to users@cxf.apache.org here: http://cxf.547215.n5.nabble.com/JAX-RS-issue-in-2-6-13-w-JSESSIONID-as-a-path-parameter-td5740381.html)
> Including a JSESSIONID path parameter will break REST paths which end with a forward slash. For example, the path:
> <proto>://<host:port>/api/people/;JESSIONID=xxx
> Will result in a WebApplicationException being thrown. If the path does not end with a forward slash, everything works as expected.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)