You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "uwe.schaefer (JIRA)" <ji...@apache.org> on 2014/01/07 16:38:50 UTC

[jira] [Created] (WICKET-5463) RequestUtil.getCharset(HttpServletRequest request) Resilience against unsupported Charsets in Request

uwe.schaefer created WICKET-5463:
------------------------------------

             Summary: RequestUtil.getCharset(HttpServletRequest request) Resilience against unsupported Charsets in Request
                 Key: WICKET-5463
                 URL: https://issues.apache.org/jira/browse/WICKET-5463
             Project: Wicket
          Issue Type: Improvement
          Components: wicket
    Affects Versions: 6.11.0
         Environment: Tomcat 6.0.37
            Reporter: uwe.schaefer
            Priority: Minor


RequestUtil.getCharset(HttpServletRequest request) should not throw java.nio.charset.UnsupportedCharsetException but default to getDefaultCharset() or throw an Exception that leads

---- long version:
crawling our logs, we found the above exception as a result of a weird
request that set the following headers on a GET request:

Content-Type: text/html; charset=auto

I don't know which UserAgent sent that, but it happened and brought the
following exception on tomcat 6.0.37:

{code}
java.nio.charset.UnsupportedCharsetException: auto
    at java.nio.charset.Charset.forName(Charset.java:543)
    at
org.apache.wicket.protocol.http.RequestUtils.getCharset(RequestUtils.java:195)
    at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.getCharset(ServletWebRequest.java:476)
    at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.getContextRelativeUrl(ServletWebRequest.java:209)
    at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:113)
    at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:83)
    at
org.apache.wicket.protocol.http.WebApplication.newWebRequest(WebApplication.java:448)
    at
org.apache.wicket.protocol.http.WebApplication.createWebRequest(WebApplication.java:493)
    at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:196)
    at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
{code}

even though we are not aware of the semantics of the above header, it
can happen.

to work around we extended a ServletWebRequest to add
{code}
    public Charset getCharset() {
        try {
            return super.getCharset();
        } catch (UnsupportedCharsetException ignore) {
            return getDefaultCharset();
        }
    }
{code}

Now we are wondering, if RequestUtils:

{code}
public static Charset getCharset(HttpServletRequest request)
    {
        Charset charset = null;
        if (request != null)
        {
            String charsetName = request.getCharacterEncoding();
            if (charsetName != null)
            {
                charset = Charset.forName(charsetName);
            }
        }
        if (charset == null)
        {
            charset = getDefaultCharset();
        }
        return charset;
    }

{code}

should be more resilient to weird charsetNames coming from the container
(like 'auto' in our example) and return the default charset or a better
Exception that by default is mapped to HTTP StatusCode 406 ?



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)