users@jersey.java.net

[Jersey] Re: JERSEY-649

From: Markus Karg <markus.karg_at_gmx.net>
Date: Thu, 10 Mar 2011 19:48:45 +0100

Jakub,

 

thank you so much for your kind help! I will try out tomorrow the lines
below.

 

I now understand that the problem is created by the container and that there
cannot be a real fix in Jersey.

 

Thanks a lot!

Markus

 

From: Jakub Podlesak [mailto:jakub.podlesak_at_oracle.com]
Sent: Donnerstag, 10. März 2011 17:37
To: users_at_jersey.java.net
Subject: [Jersey] Re: JERSEY-649

 

Hi Markus,

Thanks for the patience. This is not really about fixing Jersey,
but rather about configuring the underlying container.
They disable such requests by default for security reasons.

For GlassFish v2, the way to enable encoded slashes in requests
is to:

./bin/asadmin create-jvm-options
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

In GFv3.x:

./bin/asadmin create-jvm-options
-Dcom.sun.grizzly.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

For Grizzly 1/2:

you either use the jvm property above
(-Dcom.sun.grizzly.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true)
or use the new Jersey ResourceConfig feature:
"com.sun.jersey.api.container.grizzly.AllowEncodedSlashFeature"

~Jakub

On 03/08/2011 03:36 PM, Markus Karg wrote:

Jakub,

 

thank you for your kind information.

 

Does that mean that to make it work we definitively need to upgrade the used
GlassFish from v2ur2 to a later release and there is no fix possible inside
Jersey? That would be a problem for us as we have to supply the fix to
hundreds of companies, which means, not just redeploying an EAR file but
replacing the complete server. :-(

 

Thanks!

Markus

 

From: Jakub Podlesak [mailto:jakub.podlesak_at_oracle.com]
Sent: Dienstag, 8. März 2011 15:32
To: users_at_jersey.java.net
Subject: [Jersey] Re: JERSEY-649

 

Hi Markus,

I have just updated the bug report. There was a bug in the earlier Grizzly
version, which
blocked such requests to come to Jersey. I am working on the Grizzly version
update,
then will see if there is another issue in Jersey with that.

Thanks for your patience,

~Jakub

On 03/08/2011 08:37 AM, Markus Karg wrote:

I'd kindly lilke to ask whether there is any time frame or plan when to fix
issue JERSEY-649? This is a major showstopper as it makes using Jersey
impossible for any data containing a forward slash, which unfortunately is
rather common in lots of legacy data sets. It would be great if that could
be fixed rather soon. I'm a bit disappointed that there is not at least any
comment in the tracker about whether a workaround is known to the Jersey
team.

 

Thanks

Markus

 






-- 
Jakub Podle¹ák
CZJUG co-lead,
Web Services Research And Development
Oracle, Czech s r.o.
Praha 4, V Parku 8