users@jersey.java.net

[Jersey] Re: JERSEY-649

From: Jakub Podlesak <jakub.podlesak_at_oracle.com>
Date: Thu, 10 Mar 2011 17:37:14 +0100

Hi Markus,

Thanks for the patience. This is not really about fixing Jersey,
but rather about configuring the underlying container.
They disable such requests by default for security reasons.

For GlassFish v2, the way to enable encoded slashes in requests
is to:

./bin/asadmin create-jvm-options
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

In GFv3.x:

./bin/asadmin create-jvm-options
-Dcom.sun.grizzly.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

For Grizzly 1/2:

you either use the jvm property above
(-Dcom.sun.grizzly.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true)
or use the new Jersey ResourceConfig feature:
"com.sun.jersey.api.container.grizzly.AllowEncodedSlashFeature"

~Jakub

On 03/08/2011 03:36 PM, Markus Karg wrote:
>
> Jakub,
>
> thank you for your kind information.
>
> Does that mean that to make it work we definitively need to upgrade
> the used GlassFish from v2ur2 to a later release and there is no fix
> possible inside Jersey? That would be a problem for us as we have to
> supply the fix to hundreds of companies, which means, not just
> redeploying an EAR file but replacing the complete server... :-(
>
> Thanks!
>
> Markus
>
> *From:*Jakub Podlesak [mailto:jakub.podlesak_at_oracle.com]
> *Sent:* Dienstag, 8. März 2011 15:32
> *To:* users_at_jersey.java.net
> *Subject:* [Jersey] Re: JERSEY-649
>
> Hi Markus,
>
> I have just updated the bug report. There was a bug in the earlier
> Grizzly version, which
> blocked such requests to come to Jersey. I am working on the Grizzly
> version update,
> then will see if there is another issue in Jersey with that.
>
> Thanks for your patience,
>
> ~Jakub
>
> On 03/08/2011 08:37 AM, Markus Karg wrote:
>
> I'd kindly lilke to ask whether there is any time frame or plan when
> to fix issue JERSEY-649? This is a major showstopper as it makes using
> Jersey impossible for any data containing a forward slash, which
> unfortunately is rather common in lots of legacy data sets. It would
> be great if that could be fixed rather soon. I'm a bit disappointed
> that there is not at least any comment in the tracker about whether a
> workaround is known to the Jersey team.
>
> Thanks
>
> Markus
> 


-- 
Jakub Podles(ák
CZJUG co-lead,
Web Services Research And Development
Oracle, Czech s r.o.
Praha 4, V Parku 8
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.