You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@olingo.apache.org by "Sahir Hoda (JIRA)" <ji...@apache.org> on 2016/08/09 19:48:22 UTC
[jira] [Updated] (OLINGO-998) Accept header parsing should be more
tolerant of malformed jdk accept header
[ https://issues.apache.org/jira/browse/OLINGO-998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sahir Hoda updated OLINGO-998:
------------------------------
Description:
The jdk HttpURLConnection sets the following accept header if one is not specified:
{noformat}
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
{noformat}
Requests with this header to an olingo 4 endpoint result in a 500 response and the following stack trace on the server:
{noformat}
java.lang.IllegalArgumentException: Not exactly one '/' in format '*; q=.2', or it is at the beginning or at the end.
at org.apache.olingo.commons.api.format.AcceptType.parse(AcceptType.java:116)
at org.apache.olingo.commons.api.format.AcceptType.<init>(AcceptType.java:78)
at org.apache.olingo.commons.api.format.AcceptType.create(AcceptType.java:134)
at org.apache.olingo.server.core.ContentNegotiator.doContentNegotiation(ContentNegotiator.java:96)
at org.apache.olingo.server.core.ODataHandler.handleException(ODataHandler.java:224)
at org.apache.olingo.server.core.ODataHttpHandlerImpl.handleException(ODataHttpHandlerImpl.java:90)
at org.apache.olingo.server.core.ODataHttpHandlerImpl.process(ODataHttpHandlerImpl.java:69)
at org.apache.olingo.server.sample.CarsServlet.service(CarsServlet.java:61)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
{noformat}
Easily reproduced using the Demo servelet running a tomcat on localhost:8080, with the following code:
{code:java}
URL url = new URL("http://localhost:8080/odata-server-sample-4.0.0-beta-02/cars.svc/$metadata");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
try (BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));) {
String line = null;
while ((line = in.readLine()) != null) {
System.out.println(line);
}
}
{code}
was:
The jdk HttpURLConnection sets the following accept header if one is not specified:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Requests with this header to an olingo 4 endpoint result in a 500 response and the following stack trace on the server:
{noformat}
java.lang.IllegalArgumentException: Not exactly one '/' in format '*; q=.2', or it is at the beginning or at the end.
at org.apache.olingo.commons.api.format.AcceptType.parse(AcceptType.java:116)
at org.apache.olingo.commons.api.format.AcceptType.<init>(AcceptType.java:78)
at org.apache.olingo.commons.api.format.AcceptType.create(AcceptType.java:134)
at org.apache.olingo.server.core.ContentNegotiator.doContentNegotiation(ContentNegotiator.java:96)
at org.apache.olingo.server.core.ODataHandler.handleException(ODataHandler.java:224)
at org.apache.olingo.server.core.ODataHttpHandlerImpl.handleException(ODataHttpHandlerImpl.java:90)
at org.apache.olingo.server.core.ODataHttpHandlerImpl.process(ODataHttpHandlerImpl.java:69)
at org.apache.olingo.server.sample.CarsServlet.service(CarsServlet.java:61)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
{noformat}
Easily reproduced using the Demo servelet running a tomcat on localhost:8080, with the following code:
{code:java}
URL url = new URL("http://localhost:8080/odata-server-sample-4.0.0-beta-02/cars.svc/$metadata");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
try (BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));) {
String line = null;
while ((line = in.readLine()) != null) {
System.out.println(line);
}
}
{code}
> Accept header parsing should be more tolerant of malformed jdk accept header
> ----------------------------------------------------------------------------
>
> Key: OLINGO-998
> URL: https://issues.apache.org/jira/browse/OLINGO-998
> Project: Olingo
> Issue Type: Bug
> Reporter: Sahir Hoda
> Priority: Minor
>
> The jdk HttpURLConnection sets the following accept header if one is not specified:
> {noformat}
> Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
> {noformat}
> Requests with this header to an olingo 4 endpoint result in a 500 response and the following stack trace on the server:
> {noformat}
> java.lang.IllegalArgumentException: Not exactly one '/' in format '*; q=.2', or it is at the beginning or at the end.
> at org.apache.olingo.commons.api.format.AcceptType.parse(AcceptType.java:116)
> at org.apache.olingo.commons.api.format.AcceptType.<init>(AcceptType.java:78)
> at org.apache.olingo.commons.api.format.AcceptType.create(AcceptType.java:134)
> at org.apache.olingo.server.core.ContentNegotiator.doContentNegotiation(ContentNegotiator.java:96)
> at org.apache.olingo.server.core.ODataHandler.handleException(ODataHandler.java:224)
> at org.apache.olingo.server.core.ODataHttpHandlerImpl.handleException(ODataHttpHandlerImpl.java:90)
> at org.apache.olingo.server.core.ODataHttpHandlerImpl.process(ODataHttpHandlerImpl.java:69)
> at org.apache.olingo.server.sample.CarsServlet.service(CarsServlet.java:61)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
> at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
> at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)
> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> {noformat}
> Easily reproduced using the Demo servelet running a tomcat on localhost:8080, with the following code:
> {code:java}
> URL url = new URL("http://localhost:8080/odata-server-sample-4.0.0-beta-02/cars.svc/$metadata");
> HttpURLConnection conn = (HttpURLConnection) url.openConnection();
> try (BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));) {
> String line = null;
> while ((line = in.readLine()) != null) {
> System.out.println(line);
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)