users@glassfish.java.net

Re: Problem with URL handling

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Wed, 14 Jan 2009 12:00:02 +0100

Hi,

Coincidentally this was also found with Jersey the other day by
another developer:

http://markmail.org/search/?q=list
%3Anet.java.dev.jersey.users#query:list%3Anet.java.dev.jersey.users
+page:1+mid:hfhy6clntk6rkiya+state:results

I could reproduce it with a servlet on GlassFish V3 Prelude as shipped
with NetBeans and the Grizzly 1.8.6.4 web and non-web containers.

Paul.

On Jan 14, 2009, at 12:41 AM, Jeanfrancois Arcand wrote:

> Salut,
>
> glassfish_at_javadesktop.org wrote:
>> Apparently Glassfish v2 (SJSAS 9.02) does not seem to be able to
>> handle requests with a slash character embedded in the URL.
>> For example, http://host/app/form/form_name%2Fwith_slash
>> '%2F' should decode to a '/' character. Instead of performing a
>> lookup, Glassfish drops the request.
>
> eurk nasty bug. The current behavior is broken in two places:
>
> (1) We should allow %2f if needed (as a property).
> (2) Event if not allowed, we should at relast return a proper error
> pages. Can you file an issue here:
>
> https://glassfish.dev.java.net/servlets/ProjectIssues
>
> Note that we have fixed the issue in GlassFish v3 already if you
> want to try it (Prelude as well). I can certainly produce a patch
> for you to try on v2.
>
> Thanks
>
> -- Jeanfrancois
>
>
>> The application that I'm using (Remedy Mid-Tier) maps a form
>> servlet with the url path "/form/*". It then interprets the
>> contents at the end of the path as a form name parameter.
>> Therefore, any forms names with a slash character cause problems.
>> So, does anyone have a suggestion on how to configure glassfish or
>> work around the issue?
>> Thanks!
>> [Message sent by forum member 'bryany' (bryany)]
>> http://forums.java.net/jive/thread.jspa?messageID=325848
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.