You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Matt Parker (Created) (JIRA)" <ji...@apache.org> on 2012/03/27 02:49:27 UTC
[jira] [Created] (CXF-4207) CXF interprets URL-encoded slashes in
PathParam prior to method dispatch
CXF interprets URL-encoded slashes in PathParam prior to method dispatch
------------------------------------------------------------------------
Key: CXF-4207
URL: https://issues.apache.org/jira/browse/CXF-4207
Project: CXF
Issue Type: Bug
Components: JAX-RS
Affects Versions: 2.4.2
Reporter: Matt Parker
For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 404, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (CXF-4207) CXF interprets URL-encoded
slashes in PathParam prior to method dispatch
Posted by "Sergey Beryozkin (Issue Comment Edited) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239329#comment-13239329 ]
Sergey Beryozkin edited comment on CXF-4207 at 3/27/12 10:17 AM:
-----------------------------------------------------------------
I was pretty sure it was fixed awhile back. Can you please provide some more info about the servlet container.
was (Author: sergey_beryozkin):
I was pretty sure I was fixed awhile back. Can you please provide some more info about the servlet container.
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 404, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4207) CXF interprets URL-encoded slashes in
PathParam prior to method dispatch
Posted by "Matt Parker (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239978#comment-13239978 ]
Matt Parker commented on CXF-4207:
----------------------------------
Thanks for the quick responses Sergey. I'll take a look and comment back when I get a chance. I am indeed using Tomcat, so I'm hopeful that your system properties change will do the trick.
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 404, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CXF-4207) CXF interprets URL-encoded slashes in
PathParam prior to method dispatch
Posted by "Matt Parker (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Parker updated CXF-4207:
-----------------------------
Affects Version/s: 2.5.3
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 404, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4207) CXF interprets URL-encoded slashes in
PathParam prior to method dispatch
Posted by "Sergey Beryozkin (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239532#comment-13239532 ]
Sergey Beryozkin commented on CXF-4207:
---------------------------------------
Tomcat definitely blocks encoded forward or backward slashes by default.
Try system properties:
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true
ex, I can get %2F passed to the demo service after setting the 1st property.
Please confirm CXF works as expected
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 404, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-4207) CXF interprets URL-encoded slashes in
PathParam prior to method dispatch
Posted by "Sergey Beryozkin (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin resolved CXF-4207.
-----------------------------------
Resolution: Not A Problem
Assignee: Sergey Beryozkin
Thanks for the confirmation...
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
> Assignee: Sergey Beryozkin
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 400 Invalid URI, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4207) CXF interprets URL-encoded slashes in
PathParam prior to method dispatch
Posted by "Matt Parker (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13240048#comment-13240048 ]
Matt Parker commented on CXF-4207:
----------------------------------
ALLOW_ENCODED_SLASH=true allows %2F as you say, thanks much. I still can't get %5C to work (I get 400 Invalid URI), but I suspect that to also be part of the container behavior and not part of CXF.
Also, sorry for the misleading description--I am actually seeing 400, not 404. Had I mentioned that, it would have been more obvious what was happening. I'll update the description accordingly.
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 404, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CXF-4207) CXF interprets URL-encoded slashes in
PathParam prior to method dispatch
Posted by "Matt Parker (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Parker updated CXF-4207:
-----------------------------
Description:
For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 400 Invalid URI, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
was:
For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 404, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 400 Invalid URI, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (CXF-4207) CXF interprets URL-encoded
slashes in PathParam prior to method dispatch
Posted by "Matt Parker (Issue Comment Edited) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13240048#comment-13240048 ]
Matt Parker edited comment on CXF-4207 at 3/27/12 11:27 PM:
------------------------------------------------------------
Thanks, using the properties you list, I have confirmed that this is a tomcat config issue and not a CXF issue.
Also, sorry for the misleading description--I am actually seeing 400, not 404. Had I mentioned that, it would have been more obvious what was happening. I'll update the description accordingly.
Thank you very much.
was (Author: mparker):
ALLOW_ENCODED_SLASH=true allows %2F as you say, thanks much. I still can't get %5C to work (I get 400 Invalid URI), but I suspect that to also be part of the container behavior and not part of CXF.
Also, sorry for the misleading description--I am actually seeing 400, not 404. Had I mentioned that, it would have been more obvious what was happening. I'll update the description accordingly.
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 400 Invalid URI, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4207) CXF interprets URL-encoded slashes in
PathParam prior to method dispatch
Posted by "Sergey Beryozkin (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239511#comment-13239511 ]
Sergey Beryozkin commented on CXF-4207:
---------------------------------------
I definitely see no 404 in the test demo, indeed, the value (such as my%5Cvalue) which is passed to the method gets decoded by default (per the spec), that can be blocked by using the @Encoded annotation.
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 404, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4207) CXF interprets URL-encoded slashes in
PathParam prior to method dispatch
Posted by "Sergey Beryozkin (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239329#comment-13239329 ]
Sergey Beryozkin commented on CXF-4207:
---------------------------------------
I was pretty sure I was fixed awhile back. Can you please provide some more info please about the servlet container.
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 404, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (CXF-4207) CXF interprets URL-encoded
slashes in PathParam prior to method dispatch
Posted by "Sergey Beryozkin (Issue Comment Edited) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239329#comment-13239329 ]
Sergey Beryozkin edited comment on CXF-4207 at 3/27/12 9:12 AM:
----------------------------------------------------------------
I was pretty sure I was fixed awhile back. Can you please provide some more info about the servlet container.
was (Author: sergey_beryozkin):
I was pretty sure I was fixed awhile back. Can you please provide some more info please about the servlet container.
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
> Key: CXF-4207
> URL: https://issues.apache.org/jira/browse/CXF-4207
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.4.2, 2.5.3
> Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior to dispatching, and will then fail with a 404, rather than passing "my\value" to the method handling the "/rest/{value}" URI.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira